GDPR Compliance Statement

Last Updated: June 3, 2026

Our Commitment to GDPR

pure-grove is committed to compliance with the General Data Protection Regulation (GDPR) and respecting the data protection rights of individuals in the European Economic Area (EEA) and United Kingdom.

This page outlines how we fulfill our obligations under GDPR and how you can exercise your data protection rights.

Data Controller Information

For the purposes of GDPR, the data controller is:

pure-grove
42 Ashford Lane
London W8 7RG
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases as defined in Article 6 of GDPR:

Consent (Article 6(1)(a))

When you voluntarily provide information through our booking forms or subscribe to communications, you give explicit consent for us to process that data.

Contract Performance (Article 6(1)(b))

Processing necessary to provide the pet care services you have requested and to fulfill our contractual obligations.

Legal Obligation (Article 6(1)(c))

Processing required to comply with legal and regulatory requirements, including record-keeping obligations.

Legitimate Interests (Article 6(1)(f))

Processing necessary for legitimate business interests such as fraud prevention, security, and service improvement, provided these interests do not override your fundamental rights.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data along with supplementary information about the processing.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and completion of incomplete personal data.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing in specific situations:

  • You contest the accuracy of the personal data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing pending verification

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.

Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please submit a request to [email protected] with the subject line "GDPR Rights Request."

Please include:

  • Your full name and email address
  • A description of the specific right you wish to exercise
  • Any relevant details to help us locate your information
  • Proof of identity (required for security purposes)

We will respond to your request within one month. In complex cases, we may extend this period by up to two additional months and will inform you of the extension.

Data Processing Activities

We process personal data for the following purposes:

  • Managing service appointments and client relationships
  • Maintaining pet care records and service history
  • Processing payments for services rendered
  • Communicating about appointments and services
  • Responding to inquiries and providing customer support
  • Website analytics and service improvement
  • Complying with legal and regulatory requirements

Data Retention Periods

We retain personal data only for as long as necessary:

  • Client service records: 7 years after last service (legal requirement)
  • Financial records: 7 years (tax and accounting requirements)
  • Website analytics: 24 months
  • Marketing communications: Until unsubscribe or deletion request
  • Correspondence: Up to 3 years for reference purposes

International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Other legally compliant transfer mechanisms

Data Security Measures

We implement technical and organizational measures to ensure data security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and security
  • Incident response procedures
  • Regular backups and disaster recovery planning

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours when feasible
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Document all breaches regardless of notification requirements

Third-Party Processors

We engage certain third-party service providers who process personal data on our behalf. These processors are contractually bound to:

  • Process data only according to our documented instructions
  • Implement appropriate security measures
  • Assist us in fulfilling data subject rights requests
  • Delete or return data upon termination of services
  • Make available all information necessary to demonstrate compliance

Children's Data

We do not knowingly process personal data of children under 16 years of age without parental consent as required by GDPR Article 8.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

For the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website and, where appropriate, via email.

Contact Us

For questions about our GDPR compliance or to exercise your rights, please contact:

Email: [email protected]