GDPR Compliance

Information about our General Data Protection Regulation compliance

Our Commitment to GDPR

Glow Odyssey is committed to full compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We take data protection seriously and have implemented comprehensive measures to ensure your personal information is handled lawfully, fairly, and transparently.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for multiple copies or manifestly unfounded requests.

2. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

3. Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Compliance with a legal obligation requires deletion

4. Right to Restrict Processing

You have the right to request restriction of processing your personal data in certain situations:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller where technically feasible.

6. Right to Object

You have the right to object to processing of your personal data based on legitimate interests, direct marketing, or processing for research or statistical purposes.

7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects.

How We Process Your Data

Lawful Basis

We process personal data under one or more of the following lawful bases:

  • Consent: You have given clear consent for us to process your data for a specific purpose
  • Contract: Processing is necessary to fulfill our contract with you
  • Legal obligation: Processing is necessary to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or those of a third party

Data Minimization

We collect only the personal data necessary for the specific purposes we have identified. We do not collect excessive information.

Accuracy

We take reasonable steps to ensure personal data is accurate and up to date. You can help us maintain accuracy by informing us of any changes to your information.

Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. After this period, data is securely deleted or anonymized.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

International Data Transfers

When we transfer personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses
  • Binding Corporate Rules
  • Other approved mechanisms

Data Protection Officer

For questions about our data protection practices or to exercise your rights, you can contact our data protection representative:

Email: [email protected]
Address: Glow Odyssey, 47 Culinary Lane, Shoreditch, London E2 7DP, United Kingdom

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the details above. We will:

  • Respond to your request without undue delay and within one month
  • Extend this period by two months for complex requests (with notification)
  • Verify your identity before fulfilling requests
  • Provide information free of charge unless requests are manifestly unfounded or excessive

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In the UK, the supervisory authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

Children's Data

We do not knowingly process personal data of individuals under 16 years of age without parental or guardian consent. Our services are directed at adults.

Updates to This Information

We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revision date.

Additional Resources

For more information about how we handle your data, please also review: