GDPR Information

Last Updated: May 20, 2026

Our Commitment to GDPR Compliance

twinkling expedition is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page provides detailed information about how we handle your data and your rights under GDPR.

Data Controller

twinkling expedition is the data controller responsible for your personal data. Our contact details are:

Company Name: twinkling expedition
Address: 42 Meadowbrook Lane, Cheltenham, Gloucestershire, GL50 3RH, United Kingdom
Email: [email protected]

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legitimate Interest: Processing is necessary for our legitimate business interests, such as improving our services and communicating with clients
• Consent: You have given clear consent for us to process your personal data for specific purposes
• Legal Obligation: Processing is necessary to comply with legal obligations

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal information we hold about you. This is commonly known as a "data subject access request."

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interest or performing a task in the public interest.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected]
Subject Line: GDPR Rights Request

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you of any such extension.

Data We Collect

The categories of personal data we collect include:

• Identity data (name, title)
• Contact data (email address, postal address)
• Property data (address, garden specifications)
• Service data (service preferences, project details)
• Communication data (correspondence history)
• Financial data (payment information, billing details)
• Technical data (IP address, browser type, when you visit our website)

How We Protect Your Data

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Staff training on data protection
• Secure backup procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Client data: Duration of service relationship plus 7 years for tax and legal purposes
• Marketing data: Until you withdraw consent or we no longer have a legitimate interest
• Website analytics: 26 months

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes.