GDPR Compliance Statement

Last updated: May 21, 2026

Our Commitment to Data Protection

novae-flare is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our data protection responsibilities seriously and have implemented appropriate measures to ensure your personal information is processed lawfully, fairly, and transparently.

Data Controller Information

For the purposes of UK GDPR, the data controller is:

novae-flare
42 Meadowbrook Lane
Altrincham, Cheshire WA14 3PR
United Kingdom
Email: [email protected]

Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, fairness, and transparency: We process data lawfully and inform you about how we use it
• Purpose limitation: We collect data for specific, legitimate purposes
• Data minimization: We only collect data that is necessary
• Accuracy: We keep personal data accurate and up to date
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We protect data with appropriate security measures
• Accountability: We can demonstrate compliance with these principles

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Contract Performance

When you book a service, we process your data to fulfill our contractual obligations, including:

• Service delivery and scheduling
• Communication about your booking
• Payment processing
• Service documentation and records

Legitimate Interests

We may process data based on legitimate business interests, such as:

• Improving our services and website
• Business analytics and operational efficiency
• Fraud prevention and security
• Marketing to existing customers (with opt-out available)

Legal Obligation

We process certain data to comply with legal requirements, including:

• Tax and accounting obligations
• Health and safety regulations
• Insurance requirements

Consent

Where required, we obtain explicit consent for:

• Marketing communications to new prospects
• Non-essential cookies
• Sharing testimonials or case studies

Your GDPR Rights

Right to Access

You can request copies of your personal data. We will provide this information within one month of your request, free of charge.

Right to Rectification

If your personal data is inaccurate or incomplete, you can request corrections. We will update your information promptly.

Right to Erasure

You can request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for its original purpose
• You withdraw consent (where consent was the lawful basis)
• You object to processing and there are no overriding legitimate grounds
• The data was processed unlawfully

Right to Restriction of Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You can request your data in a structured, commonly used format to transfer it to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]

We will respond to requests within one month. If your request is complex or numerous, we may extend this period by two additional months, and we will inform you of the extension.

Data Security Measures

We implement appropriate technical and organizational measures to protect personal data:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all data breaches and our response

Third-Party Data Processors

We work with carefully selected third-party service providers who process data on our behalf. We ensure these processors:

• Provide sufficient guarantees of GDPR compliance
• Process data only on our documented instructions
• Implement appropriate security measures
• Sign data processing agreements

International Data Transfers

We primarily process data within the United Kingdom. If data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by authorities
• Binding corporate rules

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process data from children.

Complaints

If you believe your data protection rights have been violated, you can lodge a complaint with us at [email protected]

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Policy Updates

We review this GDPR compliance statement regularly and update it as necessary to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Contact Information

For questions about GDPR compliance or to exercise your rights:

Email: [email protected]
Address: 42 Meadowbrook Lane, Altrincham, Cheshire WA14 3PR, United Kingdom