GDPR Compliance

Our Commitment to Data Protection

mystic-warden is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable United Kingdom data protection laws.

Lawful Basis for Processing

We process personal data based on the following lawful grounds:

• Consent: When you provide explicit consent for us to process your personal information for specific purposes
• Contract: When processing is necessary for the performance of a contract or to take steps at your request before entering into a contract
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and freedoms
• Legal Obligation: When processing is required to comply with legal obligations

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request confirmation of whether we process your personal data and to access such data. We will provide a copy of your personal data upon request.

Right to Rectification

You may request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including when data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You may request restriction of processing in specific situations, such as when you contest the accuracy of data or object to processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the lawful basis for processing.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls limiting data access to authorised personnel
• Staff training on data protection principles and practices
• Incident response procedures for data breaches

Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary based on data type and purpose of processing.

International Data Transfers

Personal data is primarily processed within the United Kingdom. If data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, affected individuals within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your GDPR rights or for questions regarding data protection practices, please contact us using the information provided on our Contact page. We will respond to requests within one month, with possible extension to two months for complex requests.

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, if you believe your data protection rights have been violated.

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Website: www.ico.org.uk