Your Data Rights

The rights you have

Under the UK GDPR (as updated by the Data Use and Access Act 2025 — "DUAA"), you have the following rights over personal data TileFlow UK holds about you:

• Right to be informed — what data is held, why, and what happens to it. Most of this lives in the Privacy Policy; if anything is unclear, ask.
• Right of access (Subject Access Request) — you can ask for a copy of all personal data I hold on you. Free of charge, delivered within 30 days.
• Right to rectification — correct anything inaccurate.
• Right to erasure("right to be forgotten") — request deletion of your data. Subject to statutory retention obligations (e.g. order records for tax).
• Right to restrict processing — ask me to stop using your data while you contest its accuracy or its use.
• Right to data portability — receive your data in a structured, machine-readable format and move it to another provider.
• Right to object — object to processing based on legitimate interest, especially for direct marketing.
• Rights in automated decision-making— TileFlow UK doesn't make decisions about you based purely on automated processing. If that ever changed, you'd be told.

How to exercise a right

Email tileflowuk@gmail.com with:

• The subject "Data rights request"
• Which right you want to exercise
• Enough information for me to identify the data (name, email used when you contacted, order number if applicable)

I may need to verify your identity before releasing data — usually a confirmation reply from the email address that holds the data is enough.

Statutory response time:30 calendar days. I aim to acknowledge within 1 working day. If a request is complex I may extend by up to 60 more days, and I'll tell you why.

Cost:free for normal requests. The DUAA allows a reasonable admin fee for "manifestly excessive" or repeated requests — I've never charged one and don't plan to.

What data I hold on you

For most visitors: none. Browsing the site anonymously generates only aggregated analytics that can't identify you personally.

If you've interacted, I may hold:

• Email address, name, message content (if you used the contact form, WhatsApp, or email)
• Order details (if you bought tiles from me directly)
• Newsletter subscription email (currently no list active — re-stated when one is)
• Aggregated analytics (Google Analytics 4 + Microsoft Clarity) that uses cookies you've consented to

Lawful basis for processing

International transfers

Some processors are based outside the UK:

• Google Analytics 4 / Google Indexing API — Google LLC (US). Operates under the UK Extension to the EU-US Data Privacy Framework.
• Microsoft Clarity — Microsoft Corp (US). Same framework.
• Vercel (hosting) — Vercel Inc (US). Same framework.
• Pinterest, Instagram, TikTok, YouTube — only relevant when you click out to those platforms; transfers governed by their own policies.

How to complain to the ICO

If you're not happy with how I've handled your data or your rights request, you can complain to the UK's Information Commissioner's Office:

• Website: ico.org.uk/make-a-complaint
• Phone: 0303 123 1113
• Post:Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You don't need to come to me first, but it's usually quicker if you do.

Data controller details

TileFlow UK — a UK sole trader (Brandon).
Email: tileflowuk@gmail.com
WhatsApp: +44 7539 472545
UK ICO Registration: not required for sole traders processing personal data only for editorial / customer-correspondence purposes (ICO fee exemption confirmed 2026). Status reviewed annually.

Last updated: 8 May 2026. This page describes my data-rights process — it can't reduce your statutory rights and isn't intended to. The UK GDPR + DUAA give you the rights above as a matter of law.