GDPR Compliance

Last updated: January 2024

shimmer-world is committed to compliance with the General Data Protection Regulation (GDPR). This page explains how we handle your personal data in accordance with GDPR requirements.

Data Controller

shimmer-world acts as the data controller for personal information collected through our website and services. Our contact details are:

shimmer-world
Calle del Jardín 42
03001 Alicante, Spain
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you submit an enquiry form, you consent to us processing your information to respond to your request.
  • Contract: When we enter into a service agreement, processing is necessary for the performance of that contract.
  • Legitimate Interest: We may process data for our legitimate business interests, such as improving our services.
  • Legal Obligation: We may process data to comply with legal requirements.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your data.
  • Right to Data Portability: You can request a copy of your data in a machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing.
  • Rights Related to Automated Decision-Making: You have rights regarding automated processing, though we do not currently use automated decision-making.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may ask for proof of identity before processing your request.

Data Transfers

We primarily process data within the European Economic Area. If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Enquiry data is typically retained for 3 years. Project documentation may be retained longer for legal and warranty purposes.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Secure data storage systems
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where feasible. If the breach is likely to result in high risk to your rights and freedoms, we will also notify you directly.

Supervisory Authority

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with a supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

Updates to This Notice

We may update this GDPR compliance notice periodically. Any changes will be posted on this page with an updated revision date.

Contact

For any questions regarding our GDPR compliance or data protection practices, please contact us at [email protected].

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Learn more