GDPR Compliance

Last updated: June 2026

Our Commitment to Data Protection

magenta-nebula is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Data Controller

magenta-nebula acts as the data controller for personal information collected through our website and service delivery. We determine the purposes and means of processing your personal data.

Data Controller Contact:
magenta-nebula
Riverside Heritage Centre
14 Waterside Lane
Bath, BA1 7DN
United Kingdom
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you submit enquiry forms or request information, you consent to processing for those specified purposes
• Contractual necessity: Processing required to fulfill service contracts and deliver installations
• Legal obligation: Compliance with planning regulations, building standards, and other legal requirements
• Legitimate interests: Improving our services, maintaining business records, and protecting our legal rights

Data We Collect

We collect and process the following categories of personal data:

• Identity data: name, title
• Contact data: email address, postal address
• Property data: building details, listing status, structural information
• Technical data: IP address, browser type, device information
• Usage data: how you interact with our website
• Communications data: correspondence and enquiry content

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes collected or you withdraw consent.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format and have it transmitted to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not engage in automated decision making.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request. In complex cases, we may extend this period by two additional months and will inform you of the extension.

You will not have to pay a fee to exercise your rights unless your request is clearly unfounded, repetitive, or excessive.

Right to Complain

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

Data Security Measures

We implement appropriate technical and organizational security measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments and updates
• Staff training on data protection obligations
• Secure disposal of data when no longer required

International Data Transfers

We primarily process data within the United Kingdom. If data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place through standard contractual clauses or other approved mechanisms.

Data Retention

We retain personal data only for as long as necessary:

• Enquiry data: retained for up to two years from last contact
• Client project data: retained for seven years after project completion for warranty and legal purposes
• Financial records: retained as required by tax and accounting regulations
• Marketing communications: until you unsubscribe or request deletion

Third-Party Data Processors

We work with third-party processors who handle personal data on our behalf, including planning consultants, structural engineers, and installation contractors. All processors are bound by data processing agreements ensuring GDPR compliance.

Changes to This Statement

We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.