GDPR Compliance

Last updated: June 2026

Our Commitment to GDPR

Sienna Geyser is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we uphold data protection principles and respect your rights regarding personal data.

Data Controller

Sienna Geyser acts as the data controller for personal information collected through this website. We determine the purposes and means of processing your personal data.

Contact details:
Sienna Geyser
47 Maple Street
Birmingham, B12 8HN
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you voluntarily submit enquiry forms, you provide consent for us to process your data to respond to your request.
• Legitimate Interests: We have legitimate business interests in providing services, improving our website, and communicating with potential customers.
• Legal Obligation: We may process data when required to comply with legal requirements.

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

If you believe any personal data we hold is inaccurate or incomplete, you can request correction.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we limit how we use your data while concerns are being investigated.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format for transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

Data Protection Principles

We adhere to the following principles:

• Processing personal data lawfully, fairly, and transparently
• Collecting data only for specified, explicit, and legitimate purposes
• Ensuring data is adequate, relevant, and limited to what is necessary
• Keeping data accurate and up to date
• Retaining data only as long as necessary
• Processing data securely with appropriate technical measures

Data Security Measures

We implement appropriate security measures including:

• Secure hosting with encrypted connections
• Access controls limiting data access to authorised personnel
• Regular review of data handling procedures
• Staff awareness of data protection responsibilities

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay.

International Transfers

We primarily process data within the United Kingdom. If data is transferred outside the UK, we ensure appropriate safeguards are in place to protect your information.

Exercising Your Rights

To exercise any of your data protection rights, contact us at [email protected]. We may need to verify your identity before processing your request. Requests are handled free of charge unless they are manifestly unfounded or excessive.

Complaints

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.