GDPR Compliance

Last updated: 9 April 2026

Our Commitment to Data Protection

twinkle-shore Ltd is committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We take our responsibilities regarding personal data seriously and have implemented appropriate measures to ensure your information is processed lawfully, fairly, and transparently.

Data Controller Information

For the purposes of GDPR, twinkle-shore Ltd is the data controller responsible for your personal information:

Company Name: twinkle-shore Ltd
Registration Number: 08724519
Registered Address: 42 Westfield Avenue, Bristol BS6 5NW, United Kingdom
Contact Email: [email protected]

Principles of Data Processing

We adhere to the core principles established by GDPR in all our data processing activities:

Lawfulness, Fairness, and Transparency

We process personal data only when we have a valid legal basis and provide clear information about how data will be used.

Purpose Limitation

Personal data is collected for specific, explicit, and legitimate purposes and not further processed in ways incompatible with those purposes.

Data Minimisation

We collect only the personal data that is adequate, relevant, and necessary for our stated purposes.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is corrected or deleted without delay.

Storage Limitation

Personal data is retained only as long as necessary for the purposes for which it was collected or as required by law.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorised processing, accidental loss, destruction, or damage.

Accountability

We maintain documentation demonstrating our compliance with data protection principles and regulations.

Your GDPR Rights

Under GDPR, you have specific rights regarding your personal data. We respect these rights and provide straightforward mechanisms for exercising them.

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR page.

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of that data along with information about how it is processed. We will respond to access requests within one month at no charge for the first request.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will update records promptly upon receiving verified correction requests.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or if you withdraw consent on which processing is based.

This right is not absolute. We may need to retain certain information to comply with legal obligations, resolve disputes, or fulfil contractual commitments.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest data accuracy or object to processing.

Right to Data Portability

You have the right to receive personal data you provided to us in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant impacts. We do not currently employ automated decision-making processes of this nature.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us by email at [email protected] with "GDPR Request" in the subject line. Include the following information in your request:

  • Your full name and contact details
  • Description of the right you wish to exercise
  • Any relevant details to help us locate your information
  • Proof of identity (we may request this to protect against unauthorised access)

We will acknowledge your request within two business days and provide a substantive response within one month. For complex requests, we may extend this period by up to two additional months and will inform you of any delay.

Lawful Basis for Processing

We process personal data only when we have a valid lawful basis under GDPR. The specific basis depends on the context:

Consent

In some cases, we process data based on your explicit consent, such as for marketing communications or optional cookies. You can withdraw consent at any time by contacting us or using provided opt-out mechanisms.

Contract

When you engage our services, processing is necessary to fulfil our contractual obligations, including project delivery, communication, and payment processing.

Legal Obligation

We process certain data to comply with legal requirements, such as tax regulations, accounting standards, and health and safety laws.

Legitimate Interests

We may process data based on legitimate business interests, such as improving services, preventing fraud, or maintaining security. We balance these interests against your rights and freedoms and only proceed when our interests are not overridden by potential impacts on you.

Data Protection Measures

We have implemented comprehensive technical and organisational measures to protect personal data:

  • Encryption of data in transit and at rest where appropriate
  • Secure authentication and access controls limiting data access to authorised personnel
  • Regular security assessments and updates to address emerging threats
  • Staff training on data protection responsibilities and best practices
  • Contracts with third-party processors ensuring GDPR compliance
  • Incident response procedures to address potential data breaches
  • Regular reviews and updates to data protection policies and practices

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, typically within 72 hours of becoming aware of the breach. Notifications will include information about the nature of the breach, likely consequences, and measures taken to address it.

International Data Transfers

Our primary operations are within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place through mechanisms such as:

  • Standard Contractual Clauses approved by relevant authorities
  • Transfers to countries with adequacy decisions
  • Other legally recognised transfer mechanisms

Third-Party Processing

When we engage third-party service providers who process personal data on our behalf, we ensure they:

  • Process data only according to our documented instructions
  • Implement appropriate security measures
  • Comply with GDPR requirements
  • Assist with our compliance obligations
  • Delete or return data when services conclude

These requirements are formalised through data processing agreements with all relevant processors.

Children's Data

Our services are not directed at children under sixteen years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

Complaints and Concerns

If you have concerns about how we handle your personal data or wish to lodge a complaint, please contact us first so we can address your concerns:

Email: [email protected]

You also have the right to lodge a complaint directly with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: twinkle-shore.com
Telephone: 0303 123 1113
Email: [email protected]

Updates to This Information

We review and update our GDPR compliance practices regularly. Material changes will be communicated through our website. The date at the top of this page indicates when the information was last revised.

Further Information

For comprehensive details about our data processing practices, please refer to our Privacy Policy. For questions specifically about GDPR compliance, contact us at [email protected].