GDPR Compliance

Our commitment to protecting your data rights under the General Data Protection Regulation

1. Introduction

We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements.

2. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

Consent

When you have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications).

Contract Performance

When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

Legal Obligation

When processing is necessary to comply with legal obligations to which we are subject.

Legitimate Interests

When processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests.

3. Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: [email protected]
  • Subject line: "GDPR Rights Request"
  • Include: Your full name, email address, and specific request

We will respond to your request within one month. In some cases, we may need to extend this period by two additional months where requests are complex or numerous.

5. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

Email: [email protected]

6. Data Processing Activities

Categories of Personal Data We Process

  • Identity data (name, title)
  • Contact data (email address, postal address)
  • Financial data (when engaging our services)
  • Technical data (IP address, browser type)
  • Usage data (how you use our website)
  • Marketing and communications data (preferences)

Purposes of Processing

  • To provide our services
  • To manage our relationship with you
  • To improve our website and services
  • To comply with legal obligations
  • For marketing purposes (with consent)

7. International Data Transfers

We primarily process data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Other legally approved mechanisms

8. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

9. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Service delivery duration
  • Legal and regulatory requirements
  • Dispute resolution
  • Legitimate business purposes

11. Automated Decision Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

12. Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

In the UK, the supervisory authority is:

Information Commissioner's Office (ICO)
Website: https://glow-patterns.com
Helpline: 0303 123 1113

13. Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: May 10, 2026