GDPR Compliance
Your data protection rights under UK GDPR
Last updated: 1 June 2026
Our Commitment to Data Protection
moss-beaver is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have implemented this policy to ensure we meet our obligations under the UK General Data Protection Regulation (UK GDPR).
Data Controller
moss-beaver acts as the data controller for personal information collected through this website. This means we determine the purposes and means of processing personal data.
Contact details:
moss-beaver
Unit 14, Riverside Business Park
Manchester, M17 1SN
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We only process personal data where we have a lawful basis to do so. The lawful bases we rely on are:
Consent
Where you have explicitly agreed to us processing your data for a specific purpose, such as receiving marketing communications. You can withdraw consent at any time.
Contract
Where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.
Legitimate Interests
Where processing is necessary for our legitimate interests and does not override your fundamental rights. Our legitimate interests include operating and improving our business, providing customer service, and ensuring network security.
Your Rights Under UK GDPR
As a data subject, you have the following rights:
Right to Be Informed
You have the right to be informed about the collection and use of your personal data. This privacy notice fulfils this obligation.
Right of Access
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond within one month of receiving your request.
Right to Rectification
You have the right to request that we correct any inaccurate personal data and complete any incomplete data.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for its original purpose or where you withdraw consent.
Right to Restrict Processing
You have the right to request that we limit how we use your data in certain circumstances, such as while we verify the accuracy of data you have disputed.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision Making
You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. We do not currently use automated decision-making.
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected] with the subject line "Data Protection Request". Please provide:
- Your full name
- Contact details
- Description of the request
- Any information that will help us identify your data
We will respond to your request within one month. In complex cases, we may extend this by a further two months, but we will inform you within the first month if this is necessary.
Data Security Measures
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data where appropriate
- Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems
- Ability to restore availability and access to personal data in a timely manner in the event of an incident
- Regular testing and evaluation of the effectiveness of security measures
Data Breach Procedures
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and notify affected individuals without undue delay where there is a high risk to rights and freedoms.
International Data Transfers
Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
Data Protection Impact Assessments
We carry out Data Protection Impact Assessments where processing is likely to result in a high risk to individuals, ensuring risks are identified and mitigated.
Complaints
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
Updates to This Notice
We may update this GDPR compliance notice periodically. Any changes will be posted on this page with an updated revision date.