GDPR Compliance

Last updated: May 22, 2026

Our Commitment to GDPR

mild-glow is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

mild-glow acts as the data controller for personal information collected through this website and our services.

Contact details:
Email: [email protected]
Address: Unit 7, Riverside Business Park, Wandsworth Road, London SW8 2JX, United Kingdom

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you provide explicit consent through forms or opt-ins
• Contract: When processing is necessary to fulfill our service agreements
• Legitimate Interests: For business operations, fraud prevention, and service improvement
• Legal Obligation: When required to comply with legal requirements

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request a copy of your data in a structured, commonly used format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request.

Data Security Measures

We implement appropriate technical and organizational security measures including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay.

International Data Transfers

We primarily process data within the United Kingdom. If data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Our retention periods are:

• Enquiry and correspondence data: 3 years
• Client project data: 7 years (in line with professional requirements)
• Marketing consent data: Until consent is withdrawn
• Website analytics: 26 months

Third-Party Processors

We work with carefully selected third-party processors who assist with our operations. All processors are bound by data processing agreements that ensure GDPR compliance.

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office:

ICO Website: mild-glow.com
Helpline: 0303 123 1113

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Check this page periodically for updates.