GDPR Compliance Statement

Last updated: May 11, 2026

Our Commitment to GDPR

mild-expertise is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you explicitly agree to our processing of your personal data for specific purposes
• Contract: When processing is necessary for the performance of a contract with you
• Legal Obligation: When we must process data to comply with legal requirements
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided this does not override your rights

Data Controller

For the purposes of GDPR, the data controller is:

mild-expertise
47 Wellington Street
Bristol BS1 4QA
United Kingdom
Email: [email protected]

Your Rights Under GDPR

Under GDPR, you have the following rights:

1. Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

2. Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

3. Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

4. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

5. Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

6. Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

7. Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month of receipt. In some cases, we may extend this period by a further two months where necessary, taking into account the complexity and number of requests.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and testing
• Access controls and authentication measures
• Staff training on data protection principles
• Incident response and breach notification procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Client records: 6 years after the end of the business relationship (as required by FCA regulations)
• Marketing data: Until consent is withdrawn or the data is no longer relevant
• Website analytics: 26 months
• Email correspondence: 3 years from last communication

International Data Transfers

We do not routinely transfer personal data outside the European Economic Area (EEA). If such transfers become necessary, we will ensure appropriate safeguards are in place in accordance with GDPR requirements.

Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Third-Party Data Processors

We work with carefully selected third-party service providers who process personal data on our behalf. We ensure that:

• All processors are GDPR compliant
• Data Processing Agreements are in place
• Processors only process data according to our documented instructions
• Appropriate security measures are implemented

Children's Data

Our services are not directed at children under 16. We do not knowingly collect or process personal data from children under 16 without parental consent.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR. In the UK, the supervisory authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when this statement was last revised.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at [email protected].