GDPR Compliance

Last updated: January 2024

This page provides information about how sleek-base Ltd complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your personal data and being transparent about how we use it.

Data Controller

sleek-base Ltd acts as the data controller for personal information collected through our website and in the course of providing our services. This means we determine the purposes and means of processing personal data.

Contact Details:
sleek-base Ltd
The Garden Studio, 14 Riverside Walk
Farnham, Surrey, GU9 7UB
Email: [email protected]

Lawful Bases for Processing

Under UK GDPR, we must identify a lawful basis before processing personal data. We rely on the following bases depending on the context:

Performance of a Contract

When you engage us to provide gardening or landscaping services, processing your personal data is necessary to fulfil our contractual obligations. This includes using your contact details to arrange site visits, discuss project requirements, and deliver the agreed services.

Legitimate Interests

We process certain data based on our legitimate business interests, provided these do not override your fundamental rights. Examples include maintaining records of past projects for quality assurance, using your contact details to follow up on consultations, and analysing website traffic to improve our online presence.

Consent

Where we send marketing communications or use non-essential cookies, we do so only with your explicit consent. You may withdraw this consent at any time by contacting us or adjusting your cookie preferences.

Legal Obligation

Some processing is necessary to comply with legal requirements, such as retaining financial records for tax purposes or responding to lawful requests from authorities.

Your Data Protection Rights

UK GDPR provides you with specific rights concerning your personal data:

Right of Access

You may request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request, though we may extend this period by up to two months for complex requests.

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you have the right to request its correction. We will make the necessary amendments promptly upon verification.

Right to Erasure

In certain circumstances, you may request that we delete your personal data. This right applies when the data is no longer necessary for its original purpose, you withdraw consent, or there is no overriding legitimate interest for continued processing.

Right to Restrict Processing

You may ask us to limit how we use your data while we address a concern you have raised, such as a dispute over accuracy or a complaint about our processing activities.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used format and to have it transmitted to another organisation where technically feasible.

Right to Object

You may object to processing based on legitimate interests at any time. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Data Retention Periods

We retain personal data only for as long as necessary for the purposes it was collected:

  • Client project records: Seven years from project completion, to support warranty claims and meet accounting requirements
  • Enquiry correspondence: Two years from last contact if no service engagement occurs
  • Marketing preferences: Until consent is withdrawn
  • Website analytics data: 26 months, after which it is automatically anonymised

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure storage of physical documents in locked premises
  • Password protection and encryption for digital records
  • Limited access to personal data on a need-to-know basis
  • Regular review of security practices
  • Staff training on data protection responsibilities

International Transfers

We primarily store and process personal data within the United Kingdom. If any data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Children's Data

Our services are not directed at children, and we do not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to you, we will also inform you directly without undue delay.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Supervisory Authority

If you are dissatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.