GDPR Compliance

Your data protection rights and how we uphold them

Our Commitment to Data Protection

Glow Cash Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We believe transparency and accountability are fundamental to maintaining your trust.

This page explains our obligations under data protection law and clarifies your rights as an individual whose data we process.

Data Controller Information

For the purposes of UK data protection legislation, the data controller is:

Glow Cash Ltd
42 Kingsway
Holborn
London WC2B 6EX
United Kingdom
Email: [email protected]
ICO Registration Number: ZA123456

What Personal Data We Process

We process various categories of personal data depending on your relationship with us:

Prospective and Current Clients

  • Identification data: name, date of birth, nationality
  • Contact information: email address, postal address
  • Financial data: budget information, payment details
  • Employment details: employer name, job title, income verification
  • Accommodation preferences: location, property type, amenities required
  • Communication records: emails, notes from consultations

Website Visitors

  • Technical data: IP address, browser type, device information
  • Usage data: pages visited, time on site, navigation patterns
  • Cookie data: preferences and settings stored via cookies

Lawful Bases for Processing

We only process your personal data when we have a lawful basis to do so. Our lawful bases include:

Contractual Necessity

When you engage our services, we need to process your data to fulfill our contractual obligations. This includes searching for properties, coordinating viewings, and supporting your rental application.

Legitimate Interests

We process certain data for our legitimate business interests, such as:

  • Improving our services based on client feedback
  • Maintaining records for business continuity
  • Protecting against fraud and misuse
  • Analyzing website performance

We always balance these interests against your rights and freedoms.

Consent

For certain activities, such as sending marketing communications or using non-essential cookies, we ask for your explicit consent. You can withdraw this consent at any time.

Legal Compliance

Some processing is necessary to comply with legal obligations, such as maintaining financial records for tax purposes.

Your Data Protection Rights

UK GDPR grants you several important rights regarding your personal data:

Right of Access

You can request confirmation of whether we're processing your personal data and, if so, obtain a copy of that data along with supplementary information about how we use it.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you're entitled to have it corrected. We'll also notify any third parties to whom we've disclosed the data, unless this proves impossible or involves disproportionate effort.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

This right is not absolute and may not apply if we have legal grounds to retain the information.

Right to Restriction of Processing

You can request that we limit how we use your data in specific circumstances, such as:

  • When you contest the accuracy of the data
  • When processing is unlawful but you don't want the data erased
  • When we no longer need the data but you require it for legal claims
  • When you've objected to processing and we're verifying whether our legitimate grounds override yours

Right to Data Portability

Where technically feasible, you can request that we provide your personal data in a structured, commonly used, machine-readable format, or transmit it directly to another organization.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to marketing, we'll stop processing your data for that purpose immediately.

Rights Related to Automated Decision-Making

We don't currently use automated decision-making or profiling that produces legal or similarly significant effects. Should this change, we'll update our policies and inform you accordingly.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with:

  • Your full name and contact details
  • Sufficient information to verify your identity
  • Clear description of your request
  • Any relevant dates or reference numbers

We'll respond to your request within one month, though this may be extended by two additional months for complex requests. We'll inform you of any extension within the first month.

We don't charge for most requests, but we may apply a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls ensuring only authorized personnel can access personal data
  • Staff training on data protection principles and practices
  • Incident response procedures for potential data breaches
  • Regular backups with secure storage

Data Breach Procedures

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we'll:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights
  • Document the breach, including facts, effects, and remedial action taken
  • Take immediate steps to contain and mitigate the breach

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, considering:

  • Legal and regulatory requirements
  • Potential legal claims (statute of limitations periods)
  • Our legitimate business needs
  • Your preferences

Specific retention periods are outlined in our Privacy Policy.

Third-Party Processing

When we engage third-party service providers who process personal data on our behalf, we:

  • Conduct due diligence to ensure they can provide sufficient guarantees of compliance
  • Enter into written contracts that clearly define processing instructions and responsibilities
  • Monitor their compliance with data protection obligations
  • Ensure they implement appropriate security measures

International Transfers

We primarily process and store data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognizing the recipient country's data protection standards
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules

Children's Data

Our services are not intended for individuals under 18 years of age. We don't knowingly collect or process personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately so we can delete it.

Updates to Our Practices

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR. Any significant changes will be communicated through our website and, where appropriate, directly to affected individuals.

Questions and Complaints

If you have questions about our GDPR compliance or wish to raise concerns about how we handle your personal data, please contact us at [email protected].

While we hope to resolve any concerns directly, you also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Further Information

For more detailed information about how we collect and use personal data, please refer to our Privacy Policy.

For information about cookies and tracking technologies, see our Cookies Policy.