GDPR Compliance

Last updated: 22 May 2026

Our Commitment to GDPR

tangle-bubble is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and protect your data rights.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

tangle-bubble Garden Services
Unit 7, Riverside Business Park
Weybridge, Surrey KT13 9ND
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. Our lawful bases include:

1. Contract

We process your data to fulfill our contractual obligations when you engage our services, including:

• Scheduling and performing garden care services
• Invoicing and payment processing
• Communication about service delivery

2. Legitimate Interests

We process data based on our legitimate business interests, such as:

• Responding to inquiries and providing quotes
• Improving our services and website
• Maintaining business records
• Fraud prevention and security

3. Legal Obligation

We process data to comply with legal requirements, including:

• Tax and accounting regulations
• Health and safety obligations
• Response to lawful requests from authorities

4. Consent

Where required, we obtain your explicit consent before processing your data, such as:

• Marketing communications (you can withdraw consent at any time)
• Non-essential cookies

Your Data Protection Rights

Right of Access

You have the right to request copies of your personal data. We will provide this information within one month of your request, free of charge.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• The data has been unlawfully processed

Note: We may be required to retain certain data for legal or regulatory reasons.

Right to Restrict Processing

You have the right to request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

• Email: [email protected]
• Post: Unit 7, Riverside Business Park, Weybridge, Surrey KT13 9ND

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two months, but we will inform you of any delay.

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls limiting who can view personal data
• Staff training on data protection
• Secure destruction of data when no longer needed

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours
• Inform affected individuals without undue delay
• Provide information about the breach and steps being taken

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. If we need to do so, we will ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the ICO
• Adequacy decisions recognizing equivalent data protection

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Data Protection by Design and Default

We integrate data protection into our business processes from the outset:

• Collecting only necessary data
• Minimizing data retention periods
• Implementing privacy-friendly default settings
• Regular privacy impact assessments

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we:

• Ensure they comply with UK GDPR
• Establish data processing agreements
• Conduct due diligence on their security measures
• Monitor their compliance

Changes to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The "Last updated" date indicates when changes were last made.

Contact the ICO

If you have concerns about how we handle your data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: www.tangle-bubble.com

Questions

If you have questions about our GDPR compliance or data protection practices, please contact our data protection officer at [email protected].