GDPR Compliance

Last updated: May 10, 2026

Our Commitment to Data Protection

glacial-zenith is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize that the personal information you entrust to us is sensitive and must be handled with the highest standards of care.

This page outlines our specific GDPR compliance measures and your rights under these regulations.

Data Controller Information

Data Controller: glacial-zenith
Registered Address: 47 Deansgate Mews, Manchester M3 2AY, United Kingdom
Contact Email: [email protected]

As the data controller, we determine how and why your personal data is processed.

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. Our processing activities are based on:

1. Contract (Article 6(1)(b))

Processing is necessary to perform our contract with you when you engage our benefit support services. This includes preparing claims, gathering evidence, and representing you in appeals.

2. Consent (Article 6(1)(a))

For certain activities, such as marketing communications or processing special category data, we obtain your explicit consent. You can withdraw consent at any time.

3. Legitimate Interests (Article 6(1)(f))

We process data for legitimate business interests, such as improving our services, maintaining security, and communicating about your case. We balance these interests against your rights and freedoms.

4. Legal Obligation (Article 6(1)(c))

We process data to comply with legal requirements, including record-keeping obligations and responding to lawful requests from authorities.

Special Category Data

Given the nature of benefit claims, we often process special category data (sensitive personal information) including:

  • Health information
  • Disability status
  • Financial hardship details

We process this data under Article 9(2)(a) (explicit consent) and Article 9(2)(b) (necessary for social protection purposes). We implement enhanced security measures and access controls for this information.

Your GDPR Rights

Right of Access (Article 15)

You can request confirmation of what personal data we hold about you and receive a copy. We will respond within one month of your request.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data when:

  • It is no longer necessary for the purposes collected
  • You withdraw consent and there is no other lawful basis
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

Note: We may be unable to delete data if we have a legal obligation to retain it (such as for benefit claim records).

Right to Restriction (Article 18)

You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, contact us at:

Email: [email protected]
Subject Line: GDPR Rights Request

Please include:

  • Your full name
  • Contact information
  • Description of your request
  • Proof of identity (to prevent unauthorized disclosure)

We will respond within one month. If your request is complex, we may extend this by two additional months and will inform you of the extension.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security audits and vulnerability assessments
  • Staff training on data protection principles
  • Incident response procedures
  • Secure data backup and recovery systems

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document the breach and our response
  • Take steps to mitigate harm and prevent future breaches

International Data Transfers

We primarily process and store data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses
  • Binding corporate rules

Data Protection Impact Assessments

For processing activities that pose high risks to individual rights, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate risks.

Children's Data

Our services are not directed at children under 16. If we become aware that we have collected data from a child under 16 without appropriate parental consent, we will take steps to delete that information.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: glacial-zenith.com
Helpline: 0303 123 1113

We encourage you to contact us first so we can attempt to resolve your concern.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The date at the top indicates when it was last revised.

Contact Us

For questions about our GDPR compliance or data protection practices:

Email: [email protected]
Address: 47 Deansgate Mews, Manchester M3 2AY, United Kingdom