GDPR Compliance

Last updated: May 10, 2026

Our Commitment to Data Protection

vivid-shimmer is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your data protection rights seriously and have implemented comprehensive measures to ensure your personal information is processed lawfully, fairly, and transparently.

Data Controller Information

For the purposes of UK GDPR, vivid-shimmer is the data controller responsible for your personal information.

Company Name: vivid-shimmer
Registered Address: 47 Riverside Quarter, Bristol BS1 4RN, United Kingdom
Data Protection Contact: [email protected]

Your GDPR Rights Explained

1. Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR page.

2. Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month and provide the information free of charge.

How to request: Email [email protected] with "Subject Access Request" in the subject line.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed. We will respond within one month.

4. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Note: This right is not absolute. We may need to retain certain data to comply with legal obligations, particularly FCA regulatory requirements for financial services records.

5. Right to Restrict Processing

You can request that we limit how we use your data in certain situations:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification

6. Right to Data Portability

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller. This applies when:

• Processing is based on consent or contract
• Processing is carried out by automated means

7. Right to Object

You have the right to object to processing based on:

• Legitimate interests
• Performance of a task in the public interest
• Direct marketing (at any time)

8. Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Post: Data Protection Officer, vivid-shimmer, 47 Riverside Quarter, Bristol BS1 4RN, United Kingdom

When making a request, please include:

• Your full name and contact details
• Details of your request
• Proof of identity (to prevent unauthorized access)

Response Timeframes

We will respond to your requests without undue delay and within one month of receipt. In complex cases, we may extend this by two additional months, and we will inform you if this is necessary.

Free of Charge

We do not charge for most requests to exercise your GDPR rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to act on such requests.

Data Protection Principles

We process all personal data in accordance with the following principles:

• Lawfulness, fairness, and transparency: We process data lawfully and are transparent about our processing activities
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes
• Data minimization: We only collect data that is adequate, relevant, and limited to what is necessary
• Accuracy: We keep personal data accurate and up to date
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We process data securely
• Accountability: We can demonstrate compliance with these principles

Legal Bases for Processing

We process your personal data under the following legal bases:

• Contract: To fulfill our service agreement with you
• Legal obligation: To comply with FCA regulations, anti-money laundering laws, and other legal requirements
• Legitimate interests: To operate our business, improve services, and prevent fraud
• Consent: For marketing communications and certain optional processing activities

Data Security Measures

We implement appropriate technical and organizational security measures, including:

• Encryption of sensitive data
• Regular security assessments and penetration testing
• Access controls and authentication procedures
• Staff training on data protection and security
• Incident response and breach notification procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware of the breach
• Notify you without undue delay if the breach poses a high risk
• Document all breaches and our response measures

International Transfers

We primarily process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Binding Corporate Rules (where applicable)

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms.

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we:

• Ensure they provide sufficient guarantees of data protection
• Establish data processing agreements
• Monitor their compliance with data protection requirements

Complaints

If you believe we have not handled your personal data properly, you can contact us first to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: vivid-shimmer.com

Updates to This Page

We may update this GDPR compliance page to reflect changes in data protection laws or our practices. The "Last updated" date at the top indicates when changes were last made.

Contact Us

If you have questions about GDPR compliance or data protection, please contact us:

Email: [email protected]
Address: 47 Riverside Quarter, Bristol BS1 4RN, United Kingdom