Last updated: 3 June 2026
garnet-cedar is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal information.
We process your personal data under the following legal bases:
garnet-cedar is the data controller responsible for your personal information. Our contact details are:
Email: [email protected]
Address: 45 Meadowbrook Lane, Bristol, BS3 4TY, United Kingdom
You have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.
You have the right to request correction of any information you believe is inaccurate or incomplete.
You have the right to request deletion of your personal data in certain circumstances, subject to legal retention requirements.
You have the right to request that we restrict processing of your personal data in specific situations.
You have the right to object to our processing of your personal data in certain circumstances, particularly for direct marketing purposes.
You have the right to request transfer of your personal data to another organisation or directly to you in a structured, commonly used, machine-readable format.
Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months and will inform you accordingly.
You will not usually need to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive, or excessive.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.
Client service records are typically retained for seven years after the last service provision to maintain continuity of care and comply with business record-keeping requirements. After this period, data is securely deleted or anonymised.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
Your personal data is processed and stored within the United Kingdom and European Economic Area. We do not transfer personal data outside these regions without appropriate safeguards in place.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.
We do not use automated decision-making or profiling processes that produce legal effects or similarly significantly affect you.
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data properly. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO).
ICO Contact Details:
Website: www.ico.org.uk
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.
If you have questions about our GDPR compliance or wish to exercise your data protection rights, please contact us at [email protected].