crystalglow-nook

GDPR information

This page outlines how crystalglow-nook complies with the UK GDPR and the Data Protection Act 2018.

Data controller

crystalglow-nook, Norwich, United Kingdom

Lawful basis

We process personal data on the following lawful bases:

  • Legitimate interests: responding to enquiries and improving our services.
  • Consent: optional website analytics cookies.
  • Contractual necessity: arranging and delivering sessions when you book.
Data minimisation

We only collect what is necessary to provide our services.

Security

Access to personal data is limited to authorised staff.

Your rights

  • Right of access to the information we hold about you.
  • Right to request correction of inaccurate data.
  • Right to request deletion where appropriate.
  • Right to restrict or object to certain processing.
  • Right to data portability where applicable.

Retention and storage

We keep enquiry data only as long as needed to respond and follow up. Session booking details are retained for operational and accounting purposes, then securely deleted.

We review our data practices regularly to ensure they remain appropriate and transparent.

Contact for data requests

To exercise your rights, email [email protected] and include enough detail for us to verify your request.