Our commitment to protecting your data rights
Last updated: 1 June 2026
petal-grove is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and have implemented comprehensive measures to protect your personal data.
petal-grove acts as the data controller for personal information collected through our website and service delivery. Our contact details are:
petal-grove
47 Greenfield Business Centre
Westbury Lane
Bristol BS9 3JL
United Kingdom
Email: [email protected]
Under UK GDPR, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will respond to valid requests within one month and provide the information free of charge for the first request in any twelve-month period.
If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will respond to valid requests within one month.
Also known as the "right to be forgotten", you may request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.
You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making in our services.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
We only process personal data when we have a lawful basis to do so. Depending on the context, this may be:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in high risk to your rights and freedoms, we will also notify you directly without undue delay.
If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:
To exercise any of your data protection rights, please contact us at [email protected]. We may need to verify your identity before processing your request.
We will respond to all valid requests within one month. In complex cases, we may extend this period by a further two months, but we will inform you of any extension within the first month.
If you are not satisfied with how we handle your personal data or your data protection request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last revised.