Last updated: 18 June 2026
birch-civet is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws in the United Kingdom.
For the purposes of GDPR, birch-civet acts as the data controller for personal information collected through this website and in the course of providing our services.
We process personal data only when we have a lawful basis to do so:
You have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.
You have the right to request correction of any information you believe is inaccurate or incomplete.
You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purposes it was collected.
You have the right to request that we restrict processing of your personal data under certain conditions.
You have the right to object to our processing of your personal data under certain conditions, particularly for processing based on legitimate interests or direct marketing.
You have the right to request transfer of your data to another organisation or directly to you, in a structured, commonly used, and machine-readable format.
Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before consent was withdrawn.
To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months for complex requests.
We collect only the personal data necessary for specified purposes. We do not collect excessive information beyond what is required to provide our services effectively.
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by legal obligations. Service records are typically retained for seven years following completion.
Your personal data is processed within the United Kingdom. If data must be transferred outside the UK, we ensure appropriate safeguards are in place to protect your information.
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we discover we have collected information from a child, we will delete it promptly.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, if you believe your data protection rights have been violated.
For questions about our GDPR compliance or to exercise your rights, please contact us at [email protected].