UK GDPR Compliance Summary
| Application | ReSpark Salon Management Platform |
|---|---|
| Organization | Relfor Labs Private Limited |
| Audit period | June 10 – July 6, 2026 |
| Audited By | Secnuo Consulting (OPC) Private Limited |
| Next Review | July 2027 |
Audit opinion
An independent UK GDPR compliance audit of the ReSpark application was conducted by Secnuo Consulting (OPC) Private Limited, an information security auditing organisation. The audit assessed controls across multiple compliance areas covering lawful processing, data subject rights, technical security, international transfers, processor obligations, and governance.
All controls were assessed as COMPLIANT. No material non-conformities or deviations from UK GDPR requirements were observed. The full audit report is held by Relfor Labs and is available to data controllers upon request under NDA.
What Was Assessed
| LAWFUL PROCESSING Documented lawful bases for all processing activities, opt-out-by-default marketing consent, privacy notices meeting Article 13 requirements |
DATA SUBJECT RIGHTS Documented DSAR procedure, functional data erasure with anonymisation, consent withdrawal mechanism, marketing opt-out |
| SECURITY OF PROCESSING Encryption in transit and at rest, role-based access controls, multi-tenant data isolation, real-time monitoring and alerting |
INTERNATIONAL TRANSFERS UK International Data Transfer Agreement (IDTA) in place for UK-India transfers, Transfer Risk Assessment completed, supplementary measures implemented |
| PROCESSOR OBLIGATIONS Data Processing Agreement with all Article 28(3) clauses, sub-processor management, signed staff data protection undertakings |
GOVERNANCE & ACCOUNTABILITY Board-approved Data Protection Policy, ROPA, staff training completed, Data Protection Lead designated, breach notification procedure in place |
As a UK salon customer whose data is processed through ReSpark, you have the following rights under the UK GDPR:
- Access : Request a copy of your data
- Rectification : Correct inaccurate data
- Erasure : Request deletion of your data
- Restriction : Limit how your data is used
- Portability : Receive your data in a portable format
- Objection : Object to marketing or profiling
To exercise any of these rights, please contact your salon directly. All requests are processed within one calendar month.
How We Protect Your Data
| ENCRYPTION All data encrypted in transit (TLS 1.2) and at rest (AES-256) across all databases and storage |
ACCESS CONTROLS Role-based access, multi-factor authentication, centralised authentication proxy, least privilege enforcement |
| DATA ISOLATION Multi-tenant architecture with tenant-level data isolation enforced at both database and application layers |
MONITORING Real-time infrastructure and security monitoring with automated alerting on anomalies, audit logging for all data access |
| DATA DELETION Customer data can be permanently anonymised on request, with verified removal from all reports and operational views |
BREACH READINESS Documented breach notification procedure with ICO notification within 72 hours, breach register maintained |
Your Rights
As a UK salon customer whose data is processed through ReSpark, you have the following rights under the UK GDPR:
- Access : Request a copy of your data
- Rectification : Correct inaccurate data
- Erasure : Request deletion of your data
- Restriction : Limit how your data is used
- Portability : Receive your data in a portable format
- Objection : Object to marketing or profiling
To exercise any of these rights, please contact your salon directly. All requests are processed within one calendar month.
Contact
- Data Protection Lead : Mr. Dnyaneshwar Garudkar
- Organisation : Relfor Labs Private Limited
- Email : [email protected]
- ICO : If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/).
