GDPR Compliance

Last updated: 9 April 2026

Our Commitment to Data Protection

mindscope-vault is committed to compliance with the General Data Protection Regulation (GDPR) and UK data protection legislation. We recognise the importance of protecting your personal information and respecting your privacy rights.

This document outlines how we comply with GDPR requirements and explains your rights under this regulation.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

mindscope-vault
142 Highbury Grove
London N5 2AD
United Kingdom
Email: [email protected]

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

Contractual Necessity

Processing is necessary to perform our contract with you when providing pet care services. This includes collecting information about you and your pet to deliver the services you have requested, maintaining care records, and processing payments.

Legitimate Interests

We may process data where necessary for our legitimate business interests, such as improving our services, maintaining business records, and ensuring the safety and wellbeing of animals in our care. We carefully balance these interests against your rights and will not process data in ways you would not reasonably expect.

Legal Obligation

Some processing is required to comply with legal obligations, including tax and accounting requirements, health and safety regulations, and animal welfare legislation.

Consent

In certain circumstances, we process data based on your explicit consent, such as when taking photos or videos of your pet for sharing with you. You may withdraw consent at any time by contacting us.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear, transparent information about how we collect and use your personal data. This information is provided through our Privacy Policy and this GDPR statement.

Right of Access

You can request confirmation of whether we are processing your personal data and, if so, access to that data along with supplementary information about how it is being used. We will provide this information free of charge within one month of your request.

Right to Rectification

If personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make the necessary amendments and inform any third parties with whom we have shared the data, where appropriate.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

This right is not absolute. We may need to retain certain information to comply with legal obligations or for legitimate business purposes such as defending legal claims.

Right to Restrict Processing

You can request that we temporarily restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing. During this time, we will store the data but not actively use it until the issue is resolved.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller. This applies to data you have provided to us where processing is based on consent or contractual necessity and is carried out by automated means.

Right to Object

You may object to processing of your personal data where we rely on legitimate interests as the legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for legal claims.

You have an absolute right to object to processing for direct marketing purposes. We will cease such processing immediately upon receiving your objection.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not currently engage in automated decision-making of this nature. Any decisions regarding your pet's care are made by qualified professionals.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided above. We will:

  • Respond to your request without undue delay and within one month of receipt
  • Extend this period by up to two months if the request is complex, informing you of the extension and reasons
  • Provide the information free of charge, unless requests are manifestly unfounded or excessive
  • Verify your identity before processing requests to protect your data from unauthorised access

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of sensitive personal data both in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls ensuring only authorised personnel can access personal data
  • Staff training on data protection principles and security practices
  • Regular backups to prevent data loss
  • Incident response procedures to address potential data breaches promptly

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms
  • Document all breaches, including facts, effects, and remedial action taken
  • Take immediate steps to mitigate the breach and prevent future occurrences

International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. If we transfer personal data to countries outside these regions, we will ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions confirming the receiving country provides adequate protection
  • Other legally recognised transfer mechanisms

We will inform you of any such transfers and the safeguards in place.

Data Protection by Design and Default

We incorporate data protection principles into our operations from the outset:

  • Collecting only data that is necessary for specific purposes
  • Implementing privacy-friendly default settings
  • Minimising data retention periods
  • Ensuring transparency in all data processing activities
  • Conducting privacy impact assessments for new processing activities

Third-Party Processors

When we engage third-party service providers to process personal data on our behalf, we:

  • Conduct due diligence to ensure they can meet GDPR requirements
  • Enter into written contracts specifying their data protection obligations
  • Ensure they process data only on our instructions
  • Verify they implement appropriate security measures
  • Monitor their compliance on an ongoing basis

Children's Data

Our services are intended for adults. We do not knowingly process personal data of children under the age of eighteen without parental consent. If we become aware of such processing, we will take immediate steps to delete the information.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk

However, we encourage you to contact us first so we can address your concerns directly.

Updates to This Statement

We may update this GDPR statement periodically to reflect changes in our practices or legal requirements. The updated version will be posted on our website with a revised date. Significant changes will be communicated through additional channels such as email.

Contact Us

For any questions, concerns, or requests regarding GDPR compliance or your data protection rights, please contact us:

Email: [email protected]
Address: mindscope-vault, 142 Highbury Grove, London N5 2AD, United Kingdom

We are committed to working with you to resolve any concerns about our handling of your personal data.