GDPR Information

Last updated: January 2024

This page provides information about how Verdant Spire Pet Care Ltd complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It supplements our Privacy Policy with specific details about data protection rights and practices.

Data Controller

Verdant Spire Pet Care Ltd is the data controller for personal information collected through our website and in connection with our pet care services. This means we determine how and why your personal data is processed.

Contact details:
Verdant Spire Pet Care Ltd
47 Greenfield Lane
Riverside Business Park
Bristol, BS1 4QT
Email: [email protected]

Lawful Bases for Processing

We process personal data only when we have a valid legal basis. The bases we rely on include:

Performance of a Contract

When you book our services, we need to process your data to fulfil that agreement. This includes your contact details, pet information, booking dates, and payment details.

Legitimate Interests

We may process data where we have a legitimate business reason to do so, provided this does not override your rights. Examples include:

  • Maintaining records of client relationships
  • Sending service-related communications
  • Improving our facilities and services based on feedback
  • Preventing fraud and ensuring security

Legal Obligation

Certain processing is required to comply with legal requirements, such as:

  • Maintaining financial records for tax purposes
  • Responding to lawful requests from authorities
  • Meeting animal welfare and licensing requirements

Consent

For marketing communications and non-essential cookies, we rely on your explicit consent. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you. This is commonly known as a "subject access request." We will provide your data within one month of receiving your request, free of charge in most cases.

Right to Rectification

If you believe the information we hold is inaccurate or incomplete, you have the right to request correction. We will respond within one month.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This right applies when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data was processed unlawfully

This right does not apply where we need to retain data for legal compliance or establishing, exercising, or defending legal claims.

Right to Restriction of Processing

You can request that we limit how we use your data in certain circumstances, such as while we verify accuracy after you've contested it.

Right to Data Portability

Where we process data based on consent or contract, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making of this nature.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will:

  • Verify your identity before processing your request
  • Respond within one month (this may be extended by two months for complex requests)
  • Inform you if we cannot comply and explain why

There is no charge for most requests. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encrypted data transmission using SSL/TLS
  • Access controls limiting who can view personal data
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Secure disposal of records when no longer needed

International Data Transfers

We primarily store and process data within the United Kingdom. If any data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequate data protection laws
  • Standard contractual clauses approved by the UK government
  • Certification schemes providing adequate protection

Data Retention

We retain personal data only as long as necessary for the purposes described in our Privacy Policy. Specific retention periods include:

  • Client records: 7 years after last service
  • Financial records: 7 years as required by law
  • Marketing consent records: Until consent is withdrawn
  • Website analytics: 26 months

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Contact affected individuals without undue delay when there is high risk
  • Document the breach and remedial actions taken

Complaints

If you are dissatisfied with how we handle your data or respond to your rights requests, you can:

  1. Contact us directly to resolve the issue
  2. Lodge a complaint with the Information Commissioner's Office (ICO)

ICO Contact:
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to This Information

We may update this GDPR information to reflect changes in our practices or legal requirements. The date at the top indicates the last revision. Significant changes will be communicated to registered clients.