GDPR Compliance

Last updated: June 2026

Our Commitment to Data Protection

zephyr-drive is committed to ensuring that your privacy is protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our compliance measures and your rights as a data subject.

Data Controller

zephyr-drive acts as the data controller for personal information collected through this website and in the course of providing our garden care services. We are responsible for deciding how personal data is processed and for what purposes.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Contract: Processing necessary for the performance of a contract with you or to take steps prior to entering into a contract
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, provided these interests do not override your rights
• Consent: Where you have given clear consent for us to process your personal data for a specific purpose
• Legal obligation: Processing necessary to comply with legal requirements

Your Rights Under UK GDPR

You have the following rights concerning your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

In certain circumstances, you have the right to request that we delete your personal data. This applies when the data is no longer necessary for the purpose it was collected, or if you withdraw consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Exercising Your Rights

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month. In complex cases, we may extend this period by two months, but we will inform you of any extension within the first month.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data where appropriate
• Regular testing and evaluation of security measures
• Staff training on data protection
• Access controls limiting who can view personal data

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights, we will also notify you directly.

International Transfers

We do not routinely transfer personal data outside the United Kingdom. If such transfers become necessary, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Contact Us

For any questions about this GDPR statement or to exercise your data protection rights, please contact us:

Email: [email protected]
Address: 14 Meadowbrook Lane, Guildford, Surrey GU2 7PX, United Kingdom