GDPR Compliance

How we comply with data protection regulations

Our Commitment to Data Protection

modular-flare is committed to protecting your personal information and complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We process personal data lawfully, fairly, and transparently, collecting only what is necessary for our legitimate business purposes.

Data Controller

For the purposes of data protection legislation, modular-flare acts as the data controller for personal information collected through our services and website. We are responsible for determining how and why your data is processed.

Contact Details:
modular-flare
42 Woodland Park Avenue
Harrogate, North Yorkshire
HG2 8DN
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data based on several lawful grounds under GDPR:

Contractual Necessity

When you book our services, we need to process certain information to fulfil our contractual obligations. This includes your contact details, pet information, and service history necessary to provide grooming, boarding, training, or other services you've requested.

Legitimate Interests

We process some data based on our legitimate business interests, such as maintaining customer records, improving our services, ensuring facility security, and preventing fraud. We've assessed that these interests do not override your rights and freedoms.

Legal Obligations

Certain data processing is required to comply with legal requirements, including animal boarding licenses, health and safety regulations, tax obligations, and record-keeping mandates imposed by regulatory authorities.

Consent

For activities such as marketing communications or certain types of cookies, we obtain your explicit consent before processing your data. You may withdraw this consent at any time.

Your Rights Under GDPR

Data protection legislation grants you several important rights regarding your personal information:

Right to Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data. We will provide this information in a commonly used electronic format if requested. There is no charge for this service unless requests are manifestly unfounded or excessive.

Right to Rectification

If personal information we hold is inaccurate or incomplete, you have the right to request correction. We will amend our records promptly upon receiving verified updated information.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances. However, we may retain information where we have a legal obligation to do so, such as records required for tax purposes or regulatory compliance.

Right to Restrict Processing

You can request that we limit how we use your personal information in specific situations, such as when you contest the accuracy of data or object to processing based on legitimate interests.

Right to Data Portability

Where technically feasible, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another organisation.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making systems.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing that occurred before withdrawal.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] or write to us at the address provided above. We may need to verify your identity before fulfilling requests to protect against unauthorised access to your data.

We will respond to valid requests within one month, though this period may be extended by up to two additional months where requests are complex or numerous. We will inform you of any extension within the initial one-month period.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Secure storage of physical records in locked cabinets with restricted access
  • Encryption of digital data both in transit and at rest
  • Access controls ensuring only authorised personnel can view specific information
  • Regular security assessments and updates to our systems
  • Staff training on data protection responsibilities and best practices
  • Secure disposal procedures for data that is no longer required

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Specific retention periods include:

  • Active client records: Maintained while you continue using our services
  • Service history and booking records: Retained for seven years after final service
  • Financial records: Kept for seven years to comply with tax regulations
  • Marketing consent records: Maintained until consent is withdrawn
  • Website analytics: Anonymised after 26 months

After the retention period expires, data is securely destroyed or permanently anonymised.

Data Sharing and Transfers

We do not sell or rent personal information to third parties. Data may be shared only in limited circumstances:

Service Providers

Trusted third-party processors assist with specific business functions such as payment processing, email communications, and accounting. These processors are contractually bound to process data only as instructed and to implement appropriate security measures.

Veterinary Professionals

With your authorisation, relevant health information may be shared with veterinary professionals for the purpose of providing medical care to your pet.

Legal Requirements

We may disclose information where required by law, regulatory authority, court order, or other legal process, or to protect our rights, property, or the safety of others.

International Transfers

Your data is primarily stored and processed within the United Kingdom. If international transfers are necessary, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by regulatory authorities or transfers to countries with adequacy decisions.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach poses a high risk to affected individuals, we will also communicate directly with those individuals without undue delay.

Children's Data

Our services are not directed to individuals under 18 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected such information, we will delete it promptly.

Automated Processing and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects. Any data analysis conducted is performed by human staff members who consider individual circumstances.

Changes to Our Data Protection Practices

We may update our data protection practices and this notice periodically to reflect changes in regulations, business operations, or best practices. Significant changes will be communicated through our website or direct notification to clients. We encourage you to review this page regularly to stay informed about how we protect your information.

Complaints and Concerns

If you have concerns about how we handle your personal data or wish to complain about our data protection practices, please contact us first at [email protected]. We take all concerns seriously and will investigate promptly.

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

Data Protection Officer

While we are not required by law to appoint a Data Protection Officer, our senior management takes direct responsibility for data protection compliance. Queries regarding data protection should be directed to [email protected].

Further Information

For more detailed information about how we collect, use, and protect your data, please refer to our Privacy Policy. Questions about specific aspects of our data protection practices can be addressed to us via email or post using the contact details provided above.