GDPR Compliance

Last Updated: May 10, 2026

Our Commitment to Data Protection

Solid Tiling is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our compliance measures and your rights as a data subject.

Data Controller Information

Data Controller: Solid Tiling
Address: 27 Harrington Gardens, London SW7 4JX, United Kingdom
Email: [email protected]

What Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Name, job title
  • Contact Data: Email address, company name
  • Technical Data: IP address, browser type, device information
  • Usage Data: Information about how you use our website and services
  • Marketing Data: Your preferences for receiving marketing communications

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so:

  • Consent: You have explicitly agreed to our processing your data
  • Contractual Necessity: Processing is required to perform our contract with you
  • Legal Obligation: We are required by law to process your data
  • Legitimate Interest: Processing is necessary for our legitimate business interests, provided this does not override your rights

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request a copy of the personal data we hold about you.

2. Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

3. Right to Erasure ('Right to be Forgotten')

You can request deletion of your personal data in certain circumstances.

4. Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations.

5. Right to Data Portability

You can request to receive your personal data in a structured, commonly used format and transmit it to another controller.

6. Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7. Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling. We do not currently use automated decision-making processes.

8. Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: [email protected]
  • Subject Line: "GDPR Rights Request"
  • Include: Your full name, email address, and details of your request

We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you accordingly.

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Secure data backup and recovery procedures
  • Incident response and breach notification protocols

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Client data: Duration of engagement plus 6 years for legal compliance
  • Marketing data: Until consent is withdrawn or you unsubscribe
  • Website analytics: 26 months
  • Contact form submissions: 3 years unless converted to client relationship

Third-Party Data Sharing

We may share your data with carefully selected third parties:

  • Cloud hosting providers (for website and data storage)
  • Email service providers (for communications)
  • Analytics providers (for website performance analysis)

All third parties are required to maintain appropriate security measures and process data only as instructed by us.

International Data Transfers

When transferring data outside the UK, we ensure adequate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for multinational organizations

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours
  • Notify affected individuals without undue delay
  • Provide information about the breach and steps being taken

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Tel: 0303 123 1113
Website: solid-tiling.com

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The "Last Updated" date at the top indicates when changes were last made.

Contact Us

For any questions about our GDPR compliance or data protection practices:

Email: [email protected]
Address: 27 Harrington Gardens, London SW7 4JX, United Kingdom