GDPR | Mighty Valley

Last updated: 22 May 2026

Our Commitment to Data Protection

Mighty Valley is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we ensure compliance and how we protect your personal data.

Data Controller Information

Mighty Valley acts as the data controller for personal data collected through our website and services. Our contact details are:

Mighty Valley
14 Pemberton Lane
Bristol, BS1 4QR
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The lawful bases we rely upon include:

Consent: You have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications.
Contractual Necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.
Legal Obligation: Processing is necessary to comply with the law.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request copies of your personal data. We may charge a small fee for this service if the request is unfounded or excessive.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by two further months, but we will inform you of any extension within the first month.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data where appropriate
Regular testing and evaluation of security measures
Staff training on data protection requirements
Access controls limiting who can access personal data
Secure disposal of data when no longer required

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

Detect and investigate breaches promptly
Notify the Information Commissioner's Office (ICO) within 72 hours where required
Communicate with affected individuals where the breach is likely to result in high risk to their rights and freedoms
Document all breaches and our response

International Data Transfers

We primarily process and store data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place in compliance with UK GDPR requirements.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Updates to This Information

We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.

GDPR Compliance