Last updated: June 16, 2026
mist-osprey is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This statement outlines how we meet our obligations as a data controller.
mist-osprey acts as the data controller for personal information collected through our website and services.
Contact details:
mist-osprey
17 Broadwick Street
London, W1F 0DA
United Kingdom
[email protected]
We process personal data only when we have a lawful basis to do so. The lawful bases we rely on include:
When you provide personal information through enquiry forms or sign up for communications, you give explicit consent for us to process that data for the stated purposes.
Processing is necessary to deliver services you have requested or entered into agreement for.
We may process data where necessary for legitimate business interests, such as improving services, preventing fraud, or ensuring network security, provided these interests do not override your rights and freedoms.
We process data when required to comply with legal obligations, including tax reporting, record-keeping requirements, and regulatory compliance.
You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.
You can request correction of inaccurate personal data and completion of incomplete data.
You may request deletion of your personal data in certain circumstances, including when data is no longer necessary for its original purpose or when you withdraw consent.
You can request limitation of how we use your data in specific situations, such as when you contest data accuracy or object to processing.
You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller.
You may object to processing based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
To exercise any of these rights, contact us at [email protected]. We will respond to your request within one month of receipt. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you of any such extension.
We may request specific information from you to confirm your identity before processing rights requests.
We adhere to the following data protection principles:
We implement technical and organisational security measures appropriate to the risk, including:
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
Personal data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.
When we engage third-party service providers who process personal data on our behalf, we ensure:
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website.