GDPR Compliance Statement
Last Updated: December 26, 2025
Our Commitment
We are fully committed to protecting your personal data and complying with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how businesses collect, use, store, and protect personal data of individuals in the UK and EU.
As a UK-based business, we comply with:
- UK GDPR (retained EU law post-Brexit)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
2. Data Controller Information
Data Controller:
Business Name: Srivarada
Registered Address: United Kingdom
Contact Email: contact@srivarada.co.uk
Phone: +44 (0) 7405 212868
3. Lawful Basis for Processing
We process your personal data under the following lawful bases:
Contract Performance
To fulfill our contract with you (booking and delivering puja services)
Legitimate Interest
To improve services, prevent fraud, manage operations, and communicate about services
Consent
For marketing emails, non-essential cookies, and optional data collection (you can withdraw anytime)
Legal Obligation
To comply with tax, accounting, and other legal requirements
4. Your Data Protection Rights
Under UK GDPR, you have the following rights:
1 Right to Access
Request a copy of your personal data we hold. We provide this free of charge within 30 days.
2 Right to Rectification
Request correction of inaccurate or incomplete data. We update records immediately upon verification.
3 Right to Erasure ("Right to be Forgotten")
Request deletion of your data when it's no longer necessary, you withdraw consent, or object to processing (exceptions apply for legal obligations).
4 Right to Restrict Processing
Limit how we use your data while disputes are resolved or you verify accuracy.
5 Right to Data Portability
Receive your data in a machine-readable format (CSV/JSON) to transfer to another service.
6 Right to Object
Object to processing based on legitimate interest or for direct marketing (we stop immediately for marketing objections).
7 Rights Related to Automated Decision-Making
We do not use fully automated decision-making or profiling. All decisions involve human review.
8 Right to Withdraw Consent
Withdraw consent anytime for marketing or optional data processing without affecting the lawfulness of prior processing.
5. How to Exercise Your Rights
To exercise any of your rights:
- Email: contact@srivarada.co.uk or contact@srivarada.co.uk
- Include: Your full name, email address, description of your request, and proof of identity (for security)
- Response Time: We respond within 30 days (may extend to 60 days for complex requests)
- Free of Charge: Exercising your rights is free unless requests are manifestly unfounded or excessive
Identity Verification: We may ask for ID (passport, driver's license) to prevent unauthorized access. Your ID is used only for verification and deleted after.
6. Data We Collect
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name, email, phone | Service delivery, bookings | Contract |
| Address, postcode | On-site puja logistics | Contract |
| Payment info (card) | Payment processing | Contract |
| Birth details, gotras | Ritual customization | Contract |
| Booking history | Service improvement | Legitimate Interest |
| Website analytics | Site optimization | Consent (cookies) |
| Marketing preferences | Email campaigns | Consent |
See our Privacy Policy for full details.
7. Data Sharing & Processors
We share data only when necessary, with:
Payment Processors
Stripe (PCI-DSS compliant) – for secure payment handling
Email Service Providers
For transactional emails (booking confirmations, reminders)
Hosting Providers
UK/EU-based servers with GDPR compliance
Analytics Services
Google Analytics (anonymized IP, with your cookie consent)
All third-party processors: Have signed Data Processing Agreements (DPAs) and comply with GDPR. We conduct regular reviews of their security practices.
We do NOT: Sell your data, share with advertisers, or transfer outside the UK/EU without safeguards (Standard Contractual Clauses or adequacy decisions).
8. Data Security Measures
We protect your data with:
🔒 Technical Measures
- • SSL/TLS encryption (HTTPS)
- • Database encryption at rest
- • Secure password hashing (bcrypt)
- • Firewall protection
- • Regular security updates
🛡️ Organizational Measures
- • Access controls (role-based)
- • Staff training on data protection
- • Confidentiality agreements
- • Regular security audits
- • Breach response plan
9. Data Retention
We retain data only as long as necessary:
- Booking records: 7 years (tax/legal requirement)
- Payment data: Retained by Stripe per PCI-DSS; we don't store full card numbers
- Marketing data: Until you unsubscribe or 3 years of inactivity
- Account data: Until you delete your account (we delete within 30 days)
- Cookies: Max 12 months (analytics); see Cookie Policy
10. Data Breach Notification
In the unlikely event of a data breach affecting your personal data:
- We notify the ICO within 72 hours of discovery
- We notify affected individuals without undue delay if high risk to your rights
- We provide details: nature of breach, likely consequences, measures taken
- We offer guidance on protective steps you can take
We maintain a breach register and investigate all incidents thoroughly to prevent recurrence.
11. International Data Transfers
We primarily store data in the UK/EU. If we transfer data outside these regions:
- ✓ We use Standard Contractual Clauses (SCCs) approved by the EU Commission
- ✓ We verify the recipient country has an adequacy decision
- ✓ We ensure equivalent protection standards
Current processors (e.g., Stripe) have UK/EU presence and comply with GDPR.
12. Children's Data
Our services are for adults 18+. We do not knowingly collect data from children under 16 without parental consent. If you're a parent and believe your child provided data, contact us at contact@srivarada.co.uk for deletion.
13. Lodge a Complaint
If you believe we've violated your data rights:
- Contact us first: contact@srivarada.co.uk – We respond within 7 days
- Escalate to ICO: If unresolved, you can complain to the UK Information Commissioner's Office
Information Commissioner's Office (ICO)
📧 Email: casework@ico.org.uk
📞 Phone: 0303 123 1113
🌐 Website: ico.org.uk/make-a-complaint/
📍 Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
14. Policy Updates
We may update this statement to reflect legal changes or business practices. Significant changes will be communicated via email or prominent website notice. Your continued use after changes constitutes acceptance.
15. Contact Us
Data Protection Inquiries:
This GDPR Compliance Statement should be read alongside our Privacy Policy.