Your data protection rights explained
Glistening Meadow is committed to ensuring the protection and privacy of your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and outlines your rights as a data subject.
Glistening Meadow acts as the data controller for the personal information we collect and process. This means we determine the purposes and means of processing your personal data.
Contact details for data protection matters:
Glistening Meadow
47 Meadowbrook Lane
Guildford, Surrey GU2 7PJ
Email: [email protected]
We process your personal data only when we have a lawful basis to do so. The bases we rely on include:
You have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.
You have the right to request that we correct any personal data that is inaccurate or incomplete. We aim to update records promptly upon receiving verified corrections.
Also known as the "right to be forgotten", you can request deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and may be subject to legal retention requirements.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making in our services.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond to all legitimate requests within one month. If your request is particularly complex, we may require an additional two months, in which case we will notify you.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing personal data. These measures include:
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We do not routinely transfer personal data outside the United Kingdom. Should any transfer become necessary, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR information from time to time. Any significant changes will be communicated through our website. This page was last updated in May 2026.