GDPR Compliance Statement

Last Updated: January 2026

Our Commitment: Premier Driveways is committed to protecting your personal data and respecting your privacy rights. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Introduction

This GDPR Compliance Statement explains how Premier Driveways ("we", "us", "our") processes personal data in accordance with data protection laws. It supplements our Privacy Policy and provides detailed information about your data protection rights.

2. Data Controller Information

Data Controller: Premier Driveways
Contact Email: [email protected]
Contact Phone: 07915 069617
Service Area: Warrington, Cheshire & Surrounding Areas

3. Personal Data We Process

3.1 Categories of Personal Data

We process the following categories of personal data:

Data Category	Examples	Purpose
Identity Data	Name, title	Identification and communication
Contact Data	Email, phone number, address, postcode	Communication and service delivery
Service Data	Service requirements, project details	Quote preparation and service delivery
Technical Data	IP address, browser type, device information	Website functionality and security
Usage Data	Website interactions, pages visited	Website improvement
Marketing Data	Communication preferences	Marketing communications (with consent)

3.2 Special Category Data

We do not collect or process special category personal data (such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data) unless specifically required for service delivery and with your explicit consent.

4. Legal Basis for Processing

We only process your personal data when we have a legal basis to do so:

Consent: You have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications)
Contract: Processing is necessary to fulfill a contract with you (e.g., providing driveway services)
Legal Obligation: Processing is necessary to comply with legal requirements (e.g., tax records)
Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights (e.g., fraud prevention, business administration)

5. Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

5.1 Right to Access (Subject Access Request)

You have the right to request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

5.2 Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data we hold about you.

5.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as:

The data is no longer necessary for the purpose it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

5.4 Right to Restrict Processing

You can ask us to suspend processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

5.5 Right to Data Portability

You can request to receive your personal data in a structured, commonly used, machine-readable format and have it transferred to another organisation.

5.6 Right to Object

You can object to:

Processing based on legitimate interests
Direct marketing (including profiling)
Processing for research or statistical purposes

5.7 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently use automated decision-making.

6. How to Exercise Your Rights

To exercise any of your data protection rights:

Email us at: [email protected]
Call us on: 07915 069617
Clearly state which right you wish to exercise

We will respond within one month. In complex cases, we may extend this by two months and will inform you.

7. Data Security Measures

We implement appropriate technical and organisational measures to ensure data security:

7.1 Technical Measures

Encryption of data in transit and at rest
Secure password policies
Regular security updates and patches
Firewall protection
Regular backups

7.2 Organisational Measures

Access controls (need-to-know basis)
Staff training on data protection
Confidentiality agreements
Regular security assessments
Data breach response procedures

8. Data Retention

We retain personal data only for as long as necessary:

Data Type	Retention Period	Reason
Quote enquiries (no contract)	12 months	Business follow-up
Customer contracts and records	7 years	Legal and tax requirements
Financial records	7 years	Tax and accounting requirements
Marketing consent	Until consent withdrawn	Legal requirement
Website analytics	26 months	Industry standard

9. Data Sharing and Third Parties

We may share your personal data with:

9.1 Service Providers

Email service providers (e.g., Web3Forms)
Website hosting providers
Payment processors (when applicable)

All third parties are required to maintain appropriate security measures and process data only as instructed.

9.2 Legal Requirements

We may disclose your data to comply with legal obligations, court orders, or to protect our rights.

9.3 Data Processors

Where we use data processors, we ensure:

Written contracts are in place
Appropriate security measures are implemented
Data is processed only according to our instructions
Confidentiality is maintained

10. International Data Transfers

We primarily store and process data within the UK. If we transfer data outside the UK, we ensure:

The destination country has adequate data protection laws
Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
We have your explicit consent (where required)

11. Data Breach Procedures

In the event of a data breach that poses a risk to your rights and freedoms:

We will notify the ICO within 72 hours of becoming aware
We will notify affected individuals without undue delay
We will document the breach and our response
We will take steps to prevent future breaches

12. Children's Data

Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

13. Cookies and Tracking

Our website uses cookies for:

Essential cookies: Necessary for website functionality
Analytics cookies: To understand how visitors use our site

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

14. Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in law or our practices. We will notify you of significant changes by updating the "Last Updated" date and, where appropriate, by email.

15. Contact Us

For any questions about GDPR compliance or to exercise your data protection rights:

Email: [email protected]
Phone: 07915 069617

16. Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113
Website: www.ico.org.uk
Email: [email protected]

17. Accountability and Records

As part of our GDPR compliance, we maintain:

Records of processing activities
Data protection impact assessments (where required)
Documentation of data subject requests and responses
Evidence of consent (where applicable)
Records of data br