Advertising Content

GDPR Compliance

Last updated: 5 June 2026

Our Commitment to Data Protection

Gift Oak is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with data protection legislation and outlines your rights as a data subject.

Data Controller

Gift Oak is the data controller for personal data collected through this website and in the course of providing our tailoring services. Our contact details are:

Gift Oak
The Old Mill, Stow Road
Burford, Oxfordshire OX18 4HN
Email: [email protected]

Legal Bases for Processing

We process personal data under the following legal bases as defined in UK GDPR:

Contractual Necessity

We process certain personal data because it is necessary for the performance of a contract with you. This includes processing your measurements, contact details, and order specifications to provide our tailoring services.

Legitimate Interests

We may process your data where we have a legitimate interest in doing so, provided this does not override your rights and freedoms. This includes improving our services and website functionality.

Consent

Where we rely on consent, you have the right to withdraw that consent at any time. This includes consent for marketing communications and non-essential cookies.

Legal Obligation

We may process data where necessary to comply with legal obligations, such as tax and accounting requirements.

Your Rights Under UK GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR).

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis.

Rights Related to Automated Decision Making

You have rights in relation to automated decision making and profiling. We do not currently use automated decision making that produces legal effects concerning you.

Exercising Your Rights

To exercise any of your rights, please contact us using the details above. We will respond to your request within one month. In complex cases or where we receive a large number of requests, we may extend this period by up to two months, in which case we will inform you.

There is no fee for most requests. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. We may also refuse to comply with such requests.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

International Transfers

We do not routinely transfer personal data outside the United Kingdom. If we do transfer data internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breaches

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

Updates to This Information

We may update this GDPR information from time to time. Any significant changes will be communicated through our website.