GDPR Compliance

1. Our GDPR Commitment

SoftGlaze is committed to handling personal data in a manner that is:

• Lawful
• Fair
• Transparent
• Limited to legitimate purposes
• Relevant and proportionate
• Accurate where reasonably required
• Retained only as long as necessary
• Protected through appropriate technical and organisational measures

We do not treat data protection as a symbolic compliance exercise. We treat it as a core operational responsibility.

2. Scope of This Page

This GDPR Compliance page is intended to provide a high-level overview of how SoftGlaze approaches personal data protection where GDPR or UK GDPR obligations may apply.

It should be read alongside our:

• Privacy Policy
• Cookie Policy
• Terms and Conditions
• Terms of Use

Where a separate contract, Data Processing Agreement, or client services agreement applies, that document may govern more specific obligations between the parties.

3. Who We Are

SoftGlaze operates through the following entities and locations:

For GDPR and privacy-related questions, requests, or notices, contact:

4. Lawful Basis for Processing

Where GDPR applies, SoftGlaze processes personal data only where there is a lawful basis to do so.

Depending on the context, that basis may include:

Consent

Where you have clearly agreed to a specific use of your personal data.

Contract

Where processing is necessary to enter into, perform, or manage a contract or pre-contractual relationship.

Legal Obligation

Where processing is required to comply with applicable legal, regulatory, tax, or reporting obligations.

Legitimate Interests

Where processing is reasonably necessary for legitimate business purposes and those interests are not overridden by the rights and freedoms of the data subject.

We do not rely on one legal basis indiscriminately. The appropriate basis depends on the nature of the interaction and the specific processing activity involved.

5. GDPR Principles We Follow

SoftGlaze aims to process personal data in accordance with the core principles of GDPR, including:

Lawfulness, Fairness, and Transparency

We aim to explain what data we collect, why we collect it, and how it is used.

Purpose Limitation

We collect personal data for specific, legitimate, and identifiable purposes.

Data Minimisation

We aim to collect only the data reasonably necessary for the relevant purpose.

Accuracy

We take reasonable steps to keep personal data accurate and up to date where appropriate.

Storage Limitation

We do not retain personal data longer than reasonably necessary, subject to legal and operational obligations.

Integrity and Confidentiality

We apply reasonable technical and organisational safeguards to protect personal data against unauthorised access, misuse, loss, or unlawful disclosure.

Accountability

We take responsibility for how personal data is handled and aim to demonstrate appropriate compliance practices where required.

6. Data Subject Rights

Where GDPR or UK GDPR applies, individuals may have rights in relation to their personal data, including the right to:

• Request access to personal data
• Request correction of inaccurate or incomplete data
• Request deletion of personal data in certain circumstances
• Request restriction of processing
• Object to certain forms of processing
• Withdraw consent where processing is based on consent
• Request portability of certain data
• Lodge a complaint with a relevant supervisory authority

SoftGlaze takes such requests seriously and will review them in accordance with applicable law, subject to identity verification and any lawful exceptions.

7. International Data Transfers

Because SoftGlaze operates across multiple jurisdictions, personal data may be processed, stored, or accessed in countries outside the European Economic Area or the United Kingdom, including the United States and Pakistan.

Where GDPR applies and personal data is transferred internationally, SoftGlaze aims to use appropriate safeguards where legally required, which may include:

• Contractual protections
• Organisational safeguards
• Processor due diligence
• Reasonable controls around access and handling

We recognise that international transfers require additional care and we aim to manage them responsibly.

8. Data Security Measures

SoftGlaze uses reasonable technical and organisational measures to help protect personal data, including measures intended to reduce the risk of:

• Unauthorised access
• Misuse
• Accidental loss
• Unlawful destruction
• Alteration
• Inappropriate disclosure

These measures may include access controls, process limitations, service-provider controls, and internal handling discipline appropriate to the nature of the data and the operational context.

No system can promise absolute security, but we take the protection of personal data seriously and aim to apply safeguards proportionate to risk.

9. Use of Processors and Service Providers

SoftGlaze may work with service providers, contractors, platforms, and operational partners that process personal data on our behalf or as part of service delivery.

Where appropriate, we aim to:

• Use service providers with reasonable reliability
• Limit access to what is necessary
• Implement contractual or operational safeguards
• Ensure that third-party involvement remains proportionate to the purpose of the processing

Where a client relationship requires additional documentation, SoftGlaze may enter into a separate Data Processing Agreement where appropriate.

10. Data Retention

SoftGlaze retains personal data only for as long as reasonably necessary for the purpose for which it was collected, including:

• Responding to enquiries
• Providing services
• Managing client relationships
• Maintaining business records
• Complying with legal, tax, accounting, or regulatory obligations
• Resolving disputes
• Protecting legal rights

When data is no longer reasonably required, we aim to delete it, anonymise it, or otherwise handle it in accordance with applicable retention standards.

11. Privacy by Design and Operational Restraint

Where practical and appropriate, SoftGlaze aims to apply privacy-conscious thinking during website, system, and workflow design.

This includes, where relevant:

• Reducing unnecessary data collection
• Limiting access to personal data
• Structuring systems around necessity rather than excess
• Avoiding gratuitous retention
• Preferring proportionate processing over expansive collection

We believe sound digital operations should not collect more personal data than the business genuinely needs.

12. Client and Business Responsibilities

Where clients use SoftGlaze for digital services involving personal data, the client remains responsible for ensuring that its own use of personal data complies with applicable law.

Depending on the engagement, SoftGlaze may act:

• As an independent controller
• As a processor acting on client instructions
• In a mixed operational role depending on the service context

Clients are responsible for:

• Ensuring lawful collection of the data they provide
• Ensuring they have the rights and permissions necessary
• Providing accurate instructions where processing is delegated
• Obtaining their own legal advice where GDPR or other privacy compliance questions arise within their business model

13. Contacting Us About GDPR

If you wish to ask a GDPR-related question, raise a concern, or submit a rights request, please contact:

Please include enough information for us to understand the nature of your request. We may ask for further information to verify identity or clarify scope before responding.

14. Changes to This Page

SoftGlaze may update this GDPR Compliance page from time to time to reflect:

• Changes in legal obligations
• Changes in operational structure
• Changes in data practices
• Changes in service-provider relationships
• Broader changes in privacy governance

Any updates will be posted on this page with a revised effective date or last updated date.

15. Final Statement

SoftGlaze believes that serious digital businesses should handle personal data with the same level of discipline they expect in design, development, operations, and growth.

Where GDPR applies, we aim to meet our responsibilities with clarity, restraint, and commercially responsible governance.