GDPR compliance
Tranquil Bloom complies with the UK GDPR and Data Protection Act 2018. This page summarises our lawful bases for processing and the rights available to you.
Lawful bases for processing
Contractual necessity
We process data to deliver the services you have requested.
Legitimate interests
We improve our content and operations in ways that do not override your rights.
Consent
Optional communications and analytics are used only with your consent.
Your GDPR rights
You can request access, correction, erasure, restriction, or portability of your data. You may also object to processing or withdraw consent at any time.
Access and correction
Request a copy of your data and ask for corrections if needed.
Erasure
We will remove data that is no longer required or that you ask us to delete.
Restriction
Ask us to pause processing while a concern is investigated.
International data transfers
When we use service providers outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections.
Service providers
We only work with providers who meet our security and privacy standards.
Data minimisation
We share the minimum data required to deliver agreed services.
Review cadence
We review vendor arrangements annually to confirm compliance.
How to raise a concern
If you believe your data has been handled incorrectly, please contact us at [email protected]. You can also raise concerns with the UK Information Commissioner's Office if needed.