GDPR Compliance

Your data protection rights and our commitments

Our Commitment to Data Protection

sleek-express Ltd takes data protection seriously. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and respect your rights.

Data protection is not just a legal requirement for us. It reflects our commitment to treating clients with respect and maintaining the trust you place in us when sharing personal and financial information.

Who We Are

sleek-express Ltd is the data controller for the personal information we collect. This means we decide how and why your data is processed.

Contact details:
sleek-express Ltd
147 West George Street
Glasgow G2 2JJ
Email: [email protected]
Company Number: SC548721

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data. Here is what they mean in practice:

Right to Be Informed

You have the right to know how we use your personal information. We provide this through our Privacy Policy and this GDPR page. We aim to be transparent about what data we collect, why we collect it, and what we do with it.

Right of Access

You can request a copy of the personal data we hold about you. This is called a Subject Access Request (SAR). We will provide your data free of charge within one month of receiving your request. If your request is complex, we may extend this by up to two additional months, but we will let you know.

Right to Rectification

If any personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. Simply contact us with the correct information, and we will update our records promptly.

Right to Erasure

Also known as the "right to be forgotten", you can request that we delete your personal data in certain circumstances, such as:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there is no overriding legitimate interest
  • The data has been processed unlawfully

There are exceptions, for example, where we need to keep data for legal compliance or to establish, exercise, or defend legal claims.

Right to Restrict Processing

You can ask us to limit how we use your data while we investigate a concern or verify the accuracy of information. During restriction, we will store your data but not actively process it.

Right to Data Portability

Where processing is based on consent or a contract and carried out by automated means, you can request your data in a structured, commonly used format so you can transfer it to another provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. For direct marketing, we will stop processing upon your request. For other objections, we will consider whether our legitimate interests override your rights.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently make such decisions about our clients.

How We Protect Your Data

We implement appropriate technical and organisational measures to secure personal data:

  • Access controls: Only authorised staff can access client data, and access is limited to what is necessary for their role.
  • Encryption: Electronic data is protected using encryption both in storage and during transmission.
  • Physical security: Paper records are kept in locked storage when not in use.
  • Staff training: Team members receive regular training on data protection principles and practices.
  • Regular reviews: We periodically review our security measures and update them as needed.
  • Breach procedures: We have processes in place to detect, report, and investigate data breaches.

Lawful Basis for Processing

Under UK GDPR, we must have a valid lawful basis for processing your personal data. We rely on the following:

  • Contract: Processing necessary to fulfil our service agreement with you.
  • Legitimate interests: Processing for our business purposes where balanced against your rights (e.g., improving our services, responding to enquiries).
  • Consent: Where you have given explicit permission for specific processing (e.g., marketing communications).
  • Legal obligation: Processing required to comply with law (e.g., financial record keeping).

Data Retention

We do not keep personal data longer than necessary. Our retention periods are:

  • Client records: Retained for six years after the end of our working relationship to meet legal requirements.
  • Session notes: Deleted upon request once services conclude, unless needed for legal compliance.
  • Enquiries: If you enquire but do not become a client, we delete your information after 12 months unless you ask us to keep it.
  • Website analytics: Aggregated data retained; individual browsing data anonymised or deleted per our cookie policy.

International Transfers

We primarily process data within the United Kingdom. If we ever need to transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office.

Data Breaches

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours where required
  • Inform affected individuals without undue delay if there is a high risk to their rights
  • Document the breach and our response for accountability purposes

Exercising Your Rights

To exercise any of your data protection rights, contact us at:

Email: [email protected]
Post: sleek-express Ltd, 147 West George Street, Glasgow G2 2JJ

Please provide enough information for us to verify your identity and understand your request. We aim to respond within one month. If we need more time, we will let you know.

There is no fee for most requests. However, if a request is clearly unfounded or excessive, we may charge a reasonable fee or refuse to act.

Complaints

If you are unhappy with how we handle your personal data, please contact us first. We take complaints seriously and will work to resolve any issues.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Information

We may update this page periodically to reflect changes in our practices or legal requirements. We encourage you to review it from time to time.

Further Reading

For more detailed information about how we handle your data, please see our Privacy Policy and Cookies Policy.

We use cookies to improve your experience on our site. By continuing to browse, you agree to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Required for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign performance.