GDPR Compliance
Last updated: 15 April 2026
micro-venture is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we fulfil our obligations under these regulations.
Our Role as Data Controller
For the personal data we collect and process through our services, micro-venture acts as the data controller. This means we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with data protection principles.
Contact for Data Protection Matters
For any questions regarding data protection or to exercise your rights, contact:
Email: [email protected]
Address: Suite 4, Riverside House, 27 Cathedral Road, Cardiff CF11 9HA
Data Protection Principles
We adhere to the following principles when processing personal data:
Lawfulness, Fairness, and Transparency
We process data lawfully and fairly, providing clear information about how we use your data. We never use deceptive practices to collect information.
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes. We do not use your information in ways incompatible with those original purposes without informing you.
Data Minimisation
We only collect data that is adequate, relevant, and limited to what is necessary for delivering our services. We do not request excessive information.
Accuracy
We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is rectified or erased without delay when identified.
Storage Limitation
Personal data is kept only as long as necessary for the purposes for which it was collected. Our retention schedules reflect both operational needs and legal requirements.
Integrity and Confidentiality
We implement appropriate security measures to protect personal data against unauthorised access, loss, destruction, or damage.
Your Rights Under UK GDPR
As a data subject, you have the following rights:
Right to Access
You may request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide this information free of charge within one month of receiving your request.
Right to Rectification
If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will address such requests promptly.
Right to Erasure
Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the original purpose or you withdraw consent.
Right to Restrict Processing
You may request that we limit how we use your data in certain situations, such as when you contest its accuracy or object to processing based on legitimate interests.
Right to Data Portability
Where technically feasible, you may request your personal data in a structured, commonly used, machine-readable format to transfer to another service provider.
Right to Object
You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making in our services.
Exercising Your Rights
To exercise any of these rights, email us at [email protected] with:
- Your full name and contact details
- A clear description of your request
- Any relevant details to help us identify your data
We may request proof of identity before processing your request to protect your data from unauthorised access.
We aim to respond to all legitimate requests within one month. Complex requests may require an additional two months, in which case we will inform you and explain the reason for the delay.
Legal Bases for Processing
We rely on the following legal bases for processing personal data:
Contractual Necessity
Processing required to perform our services, including session scheduling, communication, and service delivery.
Consent
Where you have explicitly agreed to specific processing activities, such as receiving marketing communications. You may withdraw consent at any time.
Legitimate Interests
Processing necessary for our legitimate business interests, provided these do not override your fundamental rights. Examples include improving our services and website security.
Legal Obligation
Processing required to comply with applicable laws, such as financial regulations and tax requirements.
Data Breaches
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office within 72 hours of becoming aware
- Inform affected individuals without undue delay if the breach is likely to result in high risk
- Document all breaches and our response measures
International Transfers
When transferring personal data outside the UK, we ensure appropriate safeguards are in place through:
- Adequacy decisions by the UK government
- Standard Contractual Clauses approved by the ICO
- Binding corporate rules where applicable
Complaints
If you are unhappy with how we handle your personal data, please contact us first so we can attempt to resolve your concern.
You also have the right to lodge a complaint with the Information Commissioner's Office:
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Updates to This Information
We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Significant changes will be communicated through appropriate channels.