General Data Protection Regulation (GDPR)
Quiet Cascade is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.
Legal Basis for Processing
We process your personal data under the following legal bases:
- Consent: When you provide explicit consent for us to process your data, such as when submitting a booking form
- Contract: When processing is necessary to fulfill our contractual obligations to you
- Legitimate Interests: When we have a legitimate business interest that does not override your fundamental rights
- Legal Obligation: When we must process data to comply with legal requirements
Your Rights Under GDPR
As a data subject, you have the following rights:
Right to Access
You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a commonly used electronic format.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure
You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purpose it was collected.
Right to Restrict Processing
You have the right to request that we limit the processing of your personal data in certain situations.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.
Right to Object
You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time.
Data Protection Officer
For questions about data protection or to exercise your rights, please contact us at:
Email: [email protected]
Address: 12 Riverside Gardens, London, SE1 8UJ, United Kingdom
Data Processing Activities
We process personal data for the following purposes:
- Managing booking requests and service inquiries
- Communicating with clients about scheduled sessions
- Improving our website and services
- Complying with legal obligations
Data Transfers
Your personal data is stored within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal requirements. Specific retention periods include:
- Booking inquiries: 2 years from last contact
- Client records: 6 years after last service (for business and tax purposes)
- Marketing communications: Until consent is withdrawn
Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Regular security assessments
- Access controls and authentication
- Staff training on data protection
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.
Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
ICO Website: ico.org.uk
Helpline: 0303 123 1113
Updates to This Policy
We may update this GDPR compliance statement from time to time. We will notify you of significant changes by posting a notice on our website.