GDPR Compliance

Last updated: 20 May 2026

Our Commitment to GDPR

Sparkling Vistas is committed to full compliance with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. We take your data privacy seriously and have implemented comprehensive measures to protect your personal information.

Data Controller Information

For the purposes of GDPR, the data controller is:

Sparkling Vistas
42 Clerkenwell Road
London EC1M 5PS
United Kingdom
Email: [email protected]

Your Rights Under GDPR

Under GDPR, you have comprehensive rights regarding your personal data. Below is a detailed explanation of each right and how to exercise it.

1. Right to Be Informed

You have the right to know how we collect, use, and share your personal data. This information is provided in our Privacy Policy and throughout our website at the point of data collection.

2. Right of Access

You have the right to request access to the personal data we hold about you. This is commonly known as a "subject access request" and allows you to receive a copy of your data and verify that we are processing it lawfully.

How to request: Email [email protected] with "Subject Access Request" in the subject line. We will respond within one month.

3. Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected.

How to request: Contact us with the specific information that needs correction. We will update our records promptly.

4. Right to Erasure ("Right to Be Forgotten")

You have the right to request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Note: This right is not absolute. We may need to retain certain data for legal, regulatory, or contractual obligations (e.g., warranty periods, tax records).

How to request: Email [email protected] with "Data Erasure Request" in the subject line.

5. Right to Restrict Processing

You have the right to request that we limit how we use your data in certain situations:

  • You contest the accuracy of the data (while we verify it)
  • Processing is unlawful but you don't want the data erased
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (while we verify legitimate grounds)

How to request: Contact us explaining which processing you wish to restrict and why.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

This right applies when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

How to request: Email [email protected] specifying the data you wish to receive and the format (e.g., CSV, JSON).

7. Right to Object

You have the right to object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests or public interest
  • Direct marketing (you can object at any time)
  • Processing for research or statistical purposes

How to request: Contact us stating what processing you object to and why. For marketing, simply click "unsubscribe" in any email or contact us directly.

8. Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Our practice: We do not engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any of your rights, please contact us:

We will respond to your request within one month. In complex cases, we may extend this by two additional months, and we will inform you if this is necessary.

Verification Process

To protect your data, we may need to verify your identity before fulfilling requests. We will ask for:

  • Two forms of identification (e.g., driving licence, passport)
  • Proof of address if requesting access to property-related data

Data Protection Measures

Technical Measures

  • Encrypted data transmission (SSL/TLS)
  • Secure server infrastructure
  • Regular security updates and patches
  • Access controls and authentication
  • Regular backups with encryption

Organisational Measures

  • Staff training on data protection
  • Clear data handling procedures
  • Regular privacy impact assessments
  • Confidentiality agreements with all staff and contractors
  • Incident response procedures

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and steps taken

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data internationally, we ensure adequate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognising equivalent data protection standards
  • Other legally recognised transfer mechanisms

Data Minimisation

We adhere to the principle of data minimisation, collecting only the personal data that is necessary for the specific purpose. We regularly review the data we hold and delete information that is no longer needed.

Consent Management

Where we rely on consent as the legal basis for processing:

  • Consent is freely given, specific, informed, and unambiguous
  • You can withdraw consent at any time
  • Withdrawing consent does not affect the lawfulness of processing before withdrawal
  • We maintain records of when and how consent was obtained

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Third-Party Processing

When we use third-party processors (e.g., contractors, suppliers), we ensure:

  • Written contracts are in place
  • They process data only on our instructions
  • They implement appropriate security measures
  • They assist with fulfilling data subject rights
  • They notify us of any data breaches

Regular Compliance Reviews

We conduct regular reviews of our data protection practices to ensure ongoing compliance with GDPR and UK data protection law. This includes:

  • Annual privacy impact assessments
  • Regular staff training updates
  • Reviews of data retention policies
  • Security audits

Making a Complaint

If you are not satisfied with how we have handled your data or responded to your request, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Updates to This Policy

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. We will notify you of any significant changes and update the "Last updated" date at the top of this page.

Questions or Concerns

If you have any questions about our GDPR compliance or how we handle your data, please contact us:

Email: [email protected]