Last updated: June 26, 2026
GDPR Compliance Statement
topaz-glade is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This document outlines how we meet our obligations and protect your data rights.
Data Controller
For the purposes of data protection legislation, the data controller is:
topaz-glade
14 Wellington Street
Leeds LS1 4DG
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Contract: Processing necessary for performing our services
- Consent: Where you have given clear consent for specific processing
- Legitimate Interests: For business operations that do not override your rights
- Legal Obligation: Where required by UK law
Your Rights Under GDPR
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your request, free of charge.
Right to Rectification
You can request correction of inaccurate or incomplete personal data. We will update your information within one month of verification.
Right to Erasure
Also known as the "right to be forgotten," you can request deletion of your personal data when:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restrict Processing
You can request that we limit how we use your data when:
- You contest the accuracy of the data
- Processing is unlawful but you don't want erasure
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.
Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
Rights Related to Automated Decision Making
We do not use automated decision making or profiling that produces legal effects or similarly significantly affects you.
How to Exercise Your Rights
To exercise any of your data protection rights, contact us using the details provided above. We will:
- Respond within one month (extendable by two months for complex requests)
- Verify your identity before processing requests
- Provide information free of charge unless requests are manifestly unfounded or excessive
Data Security Measures
We implement appropriate technical and organizational measures including:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls limiting who can view personal data
- Staff training on data protection obligations
- Incident response procedures for data breaches
Data Breach Notification
In the event of a data breach likely to result in a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office within 72 hours of becoming aware
- Inform affected individuals without undue delay if there is a high risk
- Document all breaches and our response measures
Data Protection Impact Assessments
We conduct data protection impact assessments for processing activities likely to result in high risks to individuals' rights and freedoms.
International Transfers
Personal data is processed within the United Kingdom. Any transfers outside the UK are conducted using appropriate safeguards such as standard contractual clauses approved by the UK authorities.
Complaints
If you believe we have not complied with data protection law, you can lodge a complaint with the supervisory authority:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
Policy Updates
We review this GDPR compliance statement regularly and update it as necessary to reflect changes in our processing activities or legal requirements.