GDPR Compliance

Your Data Protection Rights

Our Commitment to GDPR

Fading Spring is committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

Fading Spring is the data controller responsible for your personal data. Our contact details are:

Fading Spring
47 Bellenden Road
Peckham, London SE15 4QY
United Kingdom
Email: [email protected]

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or if you withdraw your consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications).
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract (e.g., providing our catering services).
  • Legal Obligation: Processing is necessary for us to comply with the law (e.g., tax and accounting requirements).
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Data We Collect

We collect and process the following categories of personal data:

  • Identity data (name)
  • Contact data (email address, postal address)
  • Event data (dates, guest numbers, preferences)
  • Health data (dietary requirements, allergies - with explicit consent)
  • Technical data (IP address, browser type, usage data)

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Booking enquiries: 2 years (for potential repeat customers)
  • Completed bookings: 7 years (for accounting and legal purposes)
  • Marketing preferences: Until consent is withdrawn
  • Website analytics: 26 months

International Transfers

We do not routinely transfer personal data outside the United Kingdom or European Economic Area. If any transfer is necessary, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Security

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Staff training on data protection
  • Access controls and authentication
  • Incident response procedures

Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Exercising Your Rights

To exercise any of your rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: fading-spring.com

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: 1 January 2026