GDPR Compliance

Last updated: 22 May 2026

1. Our Commitment to Data Protection

dazzling-sweep is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and are dedicated to protecting your personal data.

2. Data Controller

dazzling-sweep is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us at:

dazzling-sweep
14 Greenfield Lane
Bromley, Kent BR1 3QT
Email: [email protected]

3. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract
  • Legal obligation: Where processing is necessary to comply with our legal obligations
  • Legitimate interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless overridden by your rights

4. Your Rights Under GDPR

Under the UK GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data where:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or direct marketing purposes.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.

5. How to Exercise Your Rights

To exercise any of the above rights, please contact us using the details provided. We will respond to your request within one month. In complex cases or where we receive numerous requests, this period may be extended by a further two months.

We may need to verify your identity before processing your request. There is no fee for exercising your rights, although we may charge a reasonable fee if your request is clearly unfounded or excessive.

6. Data Protection Principles

We adhere to the following data protection principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimisation: We only collect data that is adequate, relevant, and limited to what is necessary
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We retain data only for as long as necessary
  • Integrity and confidentiality: We process data securely and protect against unauthorised processing, loss, or damage

7. Data Transfers

We do not transfer your personal data outside the United Kingdom. If this changes in the future, we will ensure appropriate safeguards are in place in accordance with data protection law.

8. Data Security

We have implemented appropriate technical and organisational measures to secure your personal data, including:

  • Encryption of data in transit
  • Secure storage systems
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

9. Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk to you, we will also notify you directly.

10. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: dazzling-sweep.com

11. Updates to This Policy

We may update this GDPR policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised date.