GDPR Compliance

Your rights under the UK General Data Protection Regulation

Our Commitment to GDPR

Pedal Glide is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains your rights and how we comply with data protection legislation.

Data Controller

Pedal Glide is the data controller responsible for your personal data. Our contact details are:

Pedal Glide
42 Anchor Road
Bristol BS1 5TT
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract: Processing is necessary to perform our contract with you when you book our services
  • Consent: You have given clear consent for us to process your data for specific purposes (e.g., marketing communications)
  • Legitimate Interests: Processing is necessary for our legitimate interests in operating our business, provided these interests don't override your rights
  • Legal Obligation: Processing is necessary to comply with legal requirements

Your GDPR Rights

Under the UK GDPR, you have the following rights regarding your personal data:

1. Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy.

2. Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

3. Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data we hold about you.

4. Right to Erasure (Right to be Forgotten)

In certain circumstances, you can request deletion of your personal data, including when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw your consent (where consent was the lawful basis)
  • You object to the processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

5. Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data.

6. Right to Data Portability

You can request that we provide your personal data in a structured, commonly used, and machine-readable format, and transfer it to another organisation where technically feasible.

7. Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

8. Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or write to us at the address above. Please include:

  • Your full name and contact details
  • Details of your request
  • Proof of identity (if required)

We will respond to your request within one month. In complex cases, we may extend this by two months and will inform you of any delay.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Regular backup procedures

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach poses a high risk to you, we will also notify you directly.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Active client records: For the duration of our relationship and up to 7 years afterwards for financial records
  • Marketing communications: Until you unsubscribe or withdraw consent
  • Website analytics: Typically retained for 26 months

Children's Data

We take extra care when processing data relating to children. We require parental or guardian consent before collecting personal data from children under 13. Parents and guardians have the right to access, rectify, or erase their child's data.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

However, we encourage you to contact us first so we can try to resolve your concerns directly.

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Please check this page periodically for updates.

Contact Us

If you have any questions about GDPR compliance or how we handle your personal data, please contact us at [email protected].