GDPR Compliance

Last updated: May 2026

cloudy-bloom is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines your rights and our obligations under these regulations.

Who We Are

cloudy-bloom is the data controller responsible for your personal information. Our contact details are:

cloudy-bloom
42 Clerkenwell Road
London EC1M 5PS
United Kingdom
Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal information we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.

Right to Rectification

You have the right to request that we correct any inaccurate personal information we hold about you. We aim to rectify information within one month of your request.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal information in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restriction of Processing

You can request that we limit how we use your personal information while we verify its accuracy or consider your objection to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data, including for direct marketing purposes. If you object to marketing, we will stop processing your data for that purpose immediately.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affect you. We do not currently engage in automated decision-making.

How to Exercise Your Rights

To exercise any of your rights, please contact us at [email protected] with your request. We may need to verify your identity before processing your request.

We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by up to two additional months, but we will inform you if this is necessary.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose
• Contract: Where processing is necessary to perform a contract with you or to take steps at your request before entering a contract
• Legitimate Interests: Where processing is necessary for our legitimate business interests, except where those interests are overridden by your rights
• Legal Obligation: Where processing is necessary to comply with the law

Data Protection Principles

We adhere to the data protection principles set out in UK GDPR. Personal data shall be:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Kept for no longer than necessary
• Processed securely with appropriate technical and organisational measures

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest where appropriate
• Regular security assessments and updates
• Access controls limiting who can view personal data
• Staff training on data protection
• Incident response procedures

Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, notify affected individuals without undue delay.

Complaints

If you are not satisfied with how we handle your personal data or your request, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.

← Return to Home