GDPR Compliance
Last updated: June 2026
Our Commitment to GDPR
Vivid Brilliance Ltd is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented robust policies and procedures to protect your personal information.
Your Data Protection Rights
Under UK GDPR, you have comprehensive rights regarding your personal data:
Right to be Informed
You have the right to clear, transparent information about how we collect and use your personal data. Our Privacy Policy provides detailed information about our data practices.
Right of Access
You can request a copy of the personal data we hold about you. We will provide this information within one month of your request, free of charge. This is commonly known as a subject access request.
Right to Rectification
If the personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make amendments within one month of your request.
Right to Erasure
Also known as the right to be forgotten, you can request deletion of your personal data in certain circumstances, including:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to the processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Note that we may not be able to delete data if we have a legal obligation to retain it or if it is necessary for establishing, exercising, or defending legal claims.
Right to Restrict Processing
You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data to another organization.
Right to Object
You can object to processing of your personal data where we rely on legitimate interests as the legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Rights Related to Automated Decision Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
How to Exercise Your Rights
To exercise any of these rights, please contact us:
- Email: [email protected]
- Post: Vivid Brilliance Ltd, Hawthorn House, 17 Oakfield Road, Bristol BS8 2BG, United Kingdom
We will respond to requests within one month. In complex cases, this may be extended by two additional months, and we will inform you if this is necessary.
Data Processing Principles
We adhere to the following GDPR principles when processing personal data:
Lawfulness, Fairness, and Transparency
We process data lawfully, fairly, and transparently. We clearly communicate how we use personal information and provide easy access to our privacy notices.
Purpose Limitation
We collect personal data for specific, explicit, and legitimate purposes. We do not process data in ways that are incompatible with these purposes.
Data Minimization
We only collect personal data that is adequate, relevant, and limited to what is necessary for our stated purposes.
Accuracy
We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or corrected without delay.
Storage Limitation
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law.
Integrity and Confidentiality
We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Accountability
We take responsibility for complying with GDPR principles and can demonstrate our compliance through documented policies, procedures, and records.
Legal Basis for Processing
We process personal data based on one or more of the following legal bases:
- Consent: You have given clear consent for us to process your personal data for specific purposes
- Contract: Processing is necessary for performing a contract with you or taking steps to enter into a contract
- Legal Obligation: Processing is necessary to comply with legal obligations
- Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests
Data Security Measures
We implement robust security measures to protect your personal data:
- Encryption of sensitive data in transit and at rest
- Regular security assessments and updates
- Access controls limiting who can view or use personal data
- Staff training on data protection and security
- Secure backup and disaster recovery procedures
- Contracts with third-party processors requiring equivalent security standards
Data Breach Procedures
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office within 72 hours
- Inform affected individuals without undue delay if the breach poses a high risk
- Document the breach, its effects, and remedial actions taken
- Take immediate steps to contain and minimize the impact
International Data Transfers
We primarily process data within the United Kingdom. If we transfer personal data outside the UK, we ensure adequate safeguards are in place, such as standard contractual clauses approved by the ICO or transfers to countries with adequacy decisions.
Data Protection Officer
While we are not required by law to appoint a Data Protection Officer, we have designated a responsible person for data protection matters. For any GDPR-related questions or concerns, contact [email protected].
Children's Data
Our services are not intended for individuals under 16 years of age. We do not knowingly collect or process personal data from children without appropriate parental consent.
Complaints
If you believe we have not handled your personal data appropriately or wish to make a complaint, please contact us first so we can attempt to resolve the issue. If you remain dissatisfied, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk
Helpline: 0303 123 1113
Updates to This Page
We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.