Last updated: June 10, 2026
misty-crag is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR principles and your rights as a data subject.
misty-crag acts as the data controller for personal information collected through our website and business operations. We determine the purposes and means of processing your personal data.
Contact: [email protected]
We process personal data only when we have a lawful basis to do so:
Under GDPR, you have the following rights regarding your personal data:
You have the right to request copies of your personal data. We will provide this information within one month of your request.
You may request correction of inaccurate or incomplete personal data we hold about you.
You can request deletion of your personal data when it is no longer necessary for the purposes it was collected, or when you withdraw consent.
You may request limitation of how we process your data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
You can object to processing of your personal data when it is based on legitimate interests or for direct marketing purposes.
We do not use automated decision-making or profiling in our processing of personal data.
To exercise any of your GDPR rights, please submit a request to [email protected]. We will respond within one month and may request identification verification to protect your privacy.
We adhere to GDPR data protection principles by ensuring personal data is:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary based on the type of data and legal requirements.
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, accidental loss, destruction, or damage. These measures include encryption, access controls, and regular security assessments.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.
We primarily process data within the United Kingdom. Any transfers of personal data outside the UK are conducted in compliance with GDPR requirements, including use of appropriate safeguards such as standard contractual clauses.
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children without parental consent.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters, if you believe we have not handled your personal data properly.
ICO Website: ico.org.uk
We may update this GDPR information to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised date.
For questions about GDPR compliance or to exercise your data protection rights, contact us at [email protected].