GDPR Compliance
Last updated: June 18, 2026
General Data Protection Regulation
glisten-harbor is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.
Data Controller
glisten-harbor acts as the data controller for personal information collected through our website and services. We determine how and why your personal data is processed.
Contact details:
glisten-harbor
47 Elderwood Lane
Cambridge, CB2 8DN
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process personal data based on the following lawful grounds:
- Consent: You have given explicit permission for us to process your personal data for specific purposes
- Contract: Processing is necessary to fulfill our service obligations to you
- Legitimate interests: Processing is necessary for our legitimate business interests, such as improving services and responding to inquiries
- Legal obligation: Processing is required to comply with legal requirements
Your Rights Under GDPR
GDPR grants you specific rights regarding your personal data:
Right to Access
You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.
Right to Rectification
You can request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes it was collected.
Right to Restrict Processing
You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.
Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects.
How to Exercise Your Rights
To exercise any of your GDPR rights, send a written request to [email protected] with the subject line "GDPR Request." Please include:
- Your full name and contact information
- Specific right you wish to exercise
- Details of your request
- Verification of your identity (if needed)
We will respond to your request within 30 days. In complex cases, this period may be extended by an additional 60 days, and we will inform you of the extension.
Data Retention
We retain personal data only as long as necessary for the purposes outlined in our privacy policy or as required by law. Retention periods vary depending on:
- The type of information
- The purpose for which it was collected
- Legal or regulatory requirements
- Our legitimate business needs
When personal data is no longer needed, we securely delete or anonymize it.
International Data Transfers
We primarily process and store data within the United Kingdom and European Economic Area. If we transfer personal data outside these regions, we ensure appropriate safeguards are in place, such as:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions confirming the destination country provides adequate protection
- Binding corporate rules for transfers within multinational organizations
Data Security Measures
We implement technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. These measures include:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls limiting employee access to personal data
- Staff training on data protection principles
- Incident response procedures for data breaches
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.
Complaints
If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with the supervisory authority in your country. In the United Kingdom, this is the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk
Updates to This Statement
We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or directly to you if we have your contact information.