GDPR policy

Snuffle Trails – Data Protection Terms & Conditions (GDPR)

1. Introduction

Controller: Snuffle Trails (you, as a sole trader) is the data controller and determines how your personal data is used.

Purpose: This section explains how and why we collect, use, and protect your personal information.

​

2. Personal Data We May Collect

Contact details (e.g., name, email, phone number, address)

Dog-related information (special needs, vet info)

Payment and scheduling details

​

3. Why We Collect Your Data

To: Provide the dog-walking service (booking, communication)

Meet contractual obligations (e.g., payment, scheduling)

Comply with legal requirements These lawful bases align with UK GDPR—specifically consent, contractual necessity, or legal obligation .

​

4. GDPR Principles We Follow          All data processing is:

Fair, lawful, and transparent

Purpose-limited and only collected as needed

Accurate, kept up to date, and stored only as long as necessary

Secured with appropriate organizational and technical measures 

​

5. How We Obtain and Manage Consent

When required, we ask for clear, specific, and separate consent—this is not buried in general terms .

Consent requests will include:

Who (Snuffle Trails)

What data we collect

Why we collect it

How it’s used

The right to withdraw consent easily at any time .

​

6. Your Rights as a Data Subject

You can:

Be informed about how your data is used

Access your personal data

Correct any inaccurate data

Erase your data ("right to be forgotten") when appropriate

Restrict or object to processing

Request data portability

Withdraw consent at any time without penalty 

7. How Long We Keep Your Data

We hold your data only as long as necessary for the purposes we collected it. Once it's no longer needed (e.g., after you stop using the service or by your request), we will either delete or anonymise it.

​

8. Who We Share Your Data With

We do not share your data with third parties unless:

Required by law

Needed for the service (e.g., a trusted contractor, with strict confidentiality clauses)

You have explicitly consented to sharing with a third party

Any third-party handler will only process data on our documented instructions and with suitable security measures, as required under Article 28 for processor contracts .

 

9. Security Measures

We employ appropriate technical and organizational controls—such as password protection and secure data storage—to protect your data against unauthorized access, loss, or damage .

10. Transparency & Privacy Notice Access

Our full Privacy Notice is available and will be:

Provided at the time your data is collected

 

Available on our website or by request You’ll always know where to find it—whether via a digital link or a physical copy .

11. Data Breach Notification

If a data breach occurs that may risk your rights or freedoms, we will:

Notify the Information Commissioner’s Office (ICO) within 72 hours, where required

Inform you, if there’s a high risk to your rights .

​

12. Accountability & Records

We keep a record of our data processing activities—documenting what data we hold, for what purpose, and retention periods—to demonstrate compliance with the UK GDPR accountability principle .