Introduction
This General Data Protection Regulation (GDPR) Policy outlines the principles and procedures that South Wales Window Blinds Centre ("the Company") follows to ensure compliance with the General Data Protection Regulation (GDPR) in the United Kingdom. The policy covers the collection, storage, processing, and transfer of personal data of individuals residing in the UK.

Definitions
2.1. Personal Data: Any information relating to an identified or identifiable natural person.
2.2. Data Subject: An individual who can be identified from the personal data.
2.3. Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
2.4. Controller: The entity that determines the purposes and means of processing personal data.
2.5. Processor: The entity that processes personal data on behalf of the controller.
2.6. Supervisory Authority: The UK Information Commissioner's Office (ICO).

Lawful Basis for Processing Personal Data
The Company will only process personal data when at least one of the following lawful bases is applicable:

3.1. Consent: The data subject has given clear, informed, and unambiguous consent for processing their personal data.
3.2. Contractual Necessity: Processing is necessary for the performance of a contract to which the data subject is a party.
3.3. Legal Obligation: Processing is necessary to comply with a legal obligation imposed on the Company.
3.4. Vital Interests: Processing is necessary to protect the vital interests of the data subject or another individual.
3.5. Legitimate Interests: Processing is necessary for the legitimate interests pursued by the Company or a third party, except where overridden by the interests, rights, and freedoms of the data subject.

Data Subject Rights
The Company recognises the rights of data subjects and will take appropriate measures to facilitate the exercise of these rights, including:

4.1. Right to Access: Data subjects have the right to obtain confirmation as to whether their personal data is being processed and, if so, access to that data.
4.2. Right to Rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data.
4.3. Right to Erasure: Data subjects have the right to request the erasure of personal data under certain circumstances.
4.4. Right to Restriction of Processing: Data subjects have the right to request the restriction of processing of personal data under certain circumstances.
4.5. Right to Data Portability: Data subjects have the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
4.6. Right to Object: Data subjects have the right to object to the processing of their personal data under certain circumstances.
4.7. Rights in Relation to Automated Decision Making and Profiling: Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning them or significantly affect them.

Data Security and Confidentiality
The Company is committed to ensuring the security and confidentiality of personal data by implementing appropriate technical and organizational measures. These measures include:

5.1. Access Controls: Restricting access to personal data on a need-to-know basis.
5.2. Encryption: Implementing encryption technologies to protect personal data in transit and at rest.
5.3. Data Minimization: Collecting and retaining personal data only to the extent necessary for the stated purposes.
5.4. Data Breach Response: Establishing procedures to detect, investigate, and respond to data breaches promptly.
5.5. Employee Training: Conducting regular training sessions to educate employees on data protection practices