UK GDPR Compliance Information

Last Updated: January 2025

1. Introduction

This page provides information about how GlitterNook complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The UK GDPR came into effect on January 1, 2021, and provides enhanced data protection rights for individuals in the United Kingdom.

2. What is UK GDPR?

The UK GDPR is the UK's data protection law that governs how personal data is processed. It provides individuals with greater control over their personal information and requires organizations to handle data responsibly and transparently.

3. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

3.1 Right to be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.

3.2 Right of Access

You have the right to request copies of your personal data that we hold. This is commonly known as a "data subject access request."

3.3 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

3.4 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose.

3.5 Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain situations.

3.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

3.7 Right to Object

You have the right to object to processing of your personal data for certain purposes, including direct marketing and processing based on legitimate interests.

3.8 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

4. How We Process Your Data

4.1 Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

• Consent: When you have given clear consent for specific processing activities
• Contract: When processing is necessary for the performance of a contract
• Legal Obligation: When we need to comply with a legal obligation
• Vital Interests: When processing is necessary to protect someone's life
• Public Task: When processing is necessary for a task in the public interest
• Legitimate Interests: When processing is necessary for our legitimate interests (e.g., website analytics)

4.2 Data Processing Activities

We process personal data for the following purposes:

• Website operation and maintenance
• Responding to user inquiries
• Website analytics and improvement
• Legal compliance
• Security and fraud prevention

5. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Incident response procedures

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Our retention periods are based on:

• The nature of the data
• The purpose for which it was collected
• Legal and regulatory requirements
• Our legitimate business interests

7. International Data Transfers

If we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard contractual clauses
• Binding corporate rules
• Other approved transfer mechanisms

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (the Information Commissioner's Office in the UK) without undue delay, and in any event within 72 hours where feasible.

9. Exercising Your Rights

To exercise any of your data protection rights, please contact us using the information below. We will respond to your request within one month, though this may be extended by two months for complex requests.

We may need to verify your identity before processing your request to ensure the security of your personal data.

10. Complaints

If you are not satisfied with how we have handled your personal data or responded to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: https://ico.org.uk
Helpline: 0303 123 1113

11. Contact Information

For questions about UK GDPR compliance or to exercise your data protection rights, please contact us:

Data Protection Contact:
Email: privacy@glitternook.games
Website: Contact Form

12. Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated information on this page.