Last updated: June 17, 2026
We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page explains your rights and how we fulfill our obligations under GDPR.
For the purposes of GDPR, the data controller is:
bright-moor
127 Ashford Street
Bristol BS3 2JH
United Kingdom
Email: [email protected]
You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about how it is being processed.
You may request correction of inaccurate personal data or completion of incomplete data we hold about you.
Under certain circumstances, you can request deletion of your personal data. This right is not absolute and may be limited by legal obligations to retain certain information.
You may request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
You may object to processing of your personal data where we rely on legitimate interests as our legal basis for processing.
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. We do not currently employ automated decision-making processes.
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us at [email protected] with:
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where required, report the breach to the relevant supervisory authority within 72 hours of becoming aware of it.
We primarily process data within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR requirements.
We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law. Service records are typically retained for seven years for business and legal purposes.
Our services are not directed at children under 16, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it.
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.
For questions about GDPR compliance or to exercise your data protection rights, contact us at [email protected]