GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR

Solar Trails is committed to protecting the privacy and security of your personal data. We comply with the General Data Protection Regulation (GDPR), which governs how organisations in the UK and European Economic Area handle personal data.

Data Controller

Solar Trails acts as the data controller for personal information collected through our website and services. As the data controller, we determine the purposes and means of processing your personal data.

Contact details:
Solar Trails
47 Hartwell Business Park
Berkhamsted, Hertfordshire HP4 1EJ
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as marketing communications.
  • Contract: Where processing is necessary for the performance of a contract with you, such as providing renovation services.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.
  • Legal Obligation: Where processing is necessary to comply with a legal obligation.

Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (the "right to be forgotten").
  • Right to Restrict Processing: You have the right to request restriction of processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to processing of your personal data in certain circumstances, including direct marketing.
  • Rights Related to Automated Decision Making: You have rights in relation to automated decision-making and profiling.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, in which case we will inform you.

We may request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure personal data is not disclosed to any person who has no right to receive it.

Data Security

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Staff training on data protection responsibilities
  • Access controls limiting who can access personal data

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods are determined based on:

  • The nature and sensitivity of the data
  • The purposes for which we process the data
  • Applicable legal requirements

International Transfers

We do not routinely transfer personal data outside the UK or European Economic Area. If such a transfer becomes necessary, we will ensure appropriate safeguards are in place in accordance with GDPR requirements.

Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us in the first instance.

Updates to This Notice

We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: 20 May 2026