GDPR Compliance

Last updated: January 2024

This page provides information about how Optic-Glide Limited complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take data protection seriously and are committed to handling personal information responsibly.

Our Commitment

As a data controller, we are committed to:

Processing personal data lawfully, fairly, and transparently
Collecting data only for specified, explicit, and legitimate purposes
Ensuring data is adequate, relevant, and limited to what is necessary
Maintaining accurate and up-to-date records
Retaining data only as long as necessary
Implementing appropriate security measures

Data Controller Information

Optic-Glide Limited is the data controller for personal information collected through this website and in the course of our business operations.

Registered Address:
14 Riverside Business Park
Thames Street
Weybridge, Surrey KT13 8NA

Company Number: 04827651

Data Protection Contact: [email protected]

Your Data Subject Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides comprehensive information about our data processing activities.

Right of Access

You can request a copy of all personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If any personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We aim to update records within one month of notification.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

The data is no longer necessary for its original purpose
You withdraw consent (where consent was the basis for processing)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

Note: We may need to retain certain information to comply with legal obligations or to establish, exercise, or defend legal claims.

Right to Restrict Processing

You can request that we limit how we use your data while concerns are being investigated. This applies when:

You contest the accuracy of the data
Processing is unlawful but you prefer restriction over erasure
We no longer need the data but you require it for legal claims
You have objected to processing pending verification of legitimate grounds

Right to Data Portability

Where technically feasible, you can request your personal data in a structured, commonly used, machine-readable format for transfer to another organisation.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

We do not currently make decisions based solely on automated processing that significantly affect you. Should this change, we will provide information about the logic involved and allow you to request human intervention.

Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Post: Data Protection Officer, Optic-Glide Limited, 14 Riverside Business Park, Thames Street, Weybridge, Surrey KT13 8NA

We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests.

Lawful Bases for Processing

We process personal data under the following lawful bases as appropriate:

Contract: Processing necessary to perform a contract with you or take steps at your request before entering a contract
Legitimate Interests: Processing necessary for our legitimate business interests, balanced against your rights
Consent: Where you have given clear consent for specific processing activities
Legal Obligation: Processing necessary to comply with our legal responsibilities

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or processes that may pose high risks to individual rights and freedoms.

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay.

Staff Training

All staff who handle personal data receive regular training on data protection principles and procedures. We maintain awareness of evolving requirements and best practices.

Third-Party Processors

Where we engage third parties to process personal data on our behalf, we ensure appropriate contracts are in place requiring them to:

Process data only on our documented instructions
Implement appropriate security measures
Assist us in responding to data subject requests
Delete or return data at the end of the service relationship
Submit to audits and inspections

International Data Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

Adequacy decisions by the UK Government
Standard contractual clauses approved by the ICO
Binding corporate rules for transfers within corporate groups

Complaints

If you are dissatisfied with how we have handled your personal data, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Policy Updates

We review our GDPR compliance procedures regularly and update this page as necessary. Material changes will be highlighted on our website.