Your data protection rights under UK GDPR
Last updated: 1 January 2026
The UK General Data Protection Regulation (UK GDPR) gives individuals greater control over their personal data and places obligations on organisations that collect and process personal information. root-mink is committed to complying with UK GDPR in all our data processing activities.
root-mink acts as the data controller for personal information collected through this website and in the course of providing our services. This means we determine how and why your data is processed.
Contact details for data protection matters:
root-mink
17 Riverside Gardens
Guildford, Surrey GU1 4LQ
Email: [email protected]
We process personal data under the following lawful bases:
Under UK GDPR, you have the following rights regarding your personal data:
You have the right to obtain confirmation that your data is being processed and to access that data. You may request a copy of the personal data we hold about you free of charge.
You have the right to have inaccurate personal data corrected and incomplete data completed.
Also known as the "right to be forgotten", you may request deletion of your personal data where there is no compelling reason for its continued processing.
You have the right to request that we limit the processing of your personal data in certain circumstances.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.
To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month. In complex cases or where we receive numerous requests, this period may be extended by a further two months, in which case we will inform you.
We may need to verify your identity before processing your request. We will not charge a fee for most requests, but we may charge a reasonable fee if your request is clearly unfounded or excessive.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We primarily process data within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place to protect your information in compliance with UK GDPR requirements.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.