GDPR Compliance

Last updated: 17 April 2026

mira-spring Limited is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides detailed information about how we handle personal data in accordance with these requirements.

Our Role as Data Controller

mira-spring Limited acts as the data controller for personal information collected through our website and business operations. This means we determine the purposes and means of processing personal data and are responsible for ensuring compliance with data protection law.

Data Controller: mira-spring Limited
Company Registration: 09847265
Registered Address: Suite 412, Whitmore House, 86 Clerkenwell Road, London EC1M 5RJ

Data Protection Principles

We adhere to the following principles when processing personal data:

  • Lawfulness, fairness, and transparency: We process data lawfully and are clear about how we use it
  • Purpose limitation: We collect data for specified, explicit purposes and do not process it incompatibly with those purposes
  • Data minimisation: We limit collection to what is necessary for the intended purpose
  • Accuracy: We take reasonable steps to ensure data remains accurate and up to date
  • Storage limitation: We retain data only for as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures to protect data
  • Accountability: We can demonstrate compliance with these principles

Lawful Bases for Processing

We rely on the following lawful bases for processing personal data:

Consent

Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications. You may withdraw consent at any time by contacting us.

Contract

Processing necessary to fulfil our contractual obligations to you or to take steps at your request prior to entering a contract. This includes processing related to delivering our consulting services.

Legitimate Interests

Processing necessary for our legitimate business interests, where those interests do not override your fundamental rights. This includes responding to enquiries, improving our services, and administering our business.

Legal Obligation

Processing necessary to comply with legal requirements, such as financial record-keeping obligations.

Your Rights Under GDPR

The UK GDPR provides you with specific rights regarding your personal data:

Right of Access

You may request a copy of the personal data we hold about you. We will respond within one month of receiving your request and provide the information free of charge in most circumstances.

Right to Rectification

You may request that we correct inaccurate personal data or complete incomplete data. We will respond within one month.

Right to Erasure

In certain circumstances, you may request that we delete your personal data. This right applies where the data is no longer necessary for the purpose it was collected, where you withdraw consent, or where you object to processing and there are no overriding legitimate grounds.

Right to Restrict Processing

You may request that we limit how we use your data while a complaint is being investigated or where you have objected to processing.

Right to Data Portability

For data you have provided to us based on consent or contract, you may request to receive that data in a structured, commonly used format or have it transmitted to another controller.

Right to Object

You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling. We do not currently engage in automated decision-making that produces legal effects or similarly significant effects.

Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

We will verify your identity before processing your request and respond within one month. If your request is complex or we receive numerous requests, we may extend this period by up to two further months, notifying you of the extension and reasons.

Data Processing in Client Engagements

During consulting engagements, we may process personal data on behalf of our clients. In such cases, the client acts as the data controller and we act as a data processor. Processing is governed by our engagement agreements, which include appropriate data processing terms.

International Data Transfers

We primarily store and process data within the United Kingdom. Where transfers outside the UK are necessary, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office.

Data Breach Procedures

We have procedures in place to detect, investigate, and report personal data breaches. Where a breach is likely to result in a high risk to individuals' rights and freedoms, we will notify affected individuals without undue delay.

Record Keeping

We maintain records of our processing activities as required under Article 30 of the UK GDPR, including the purposes of processing, categories of data subjects and personal data, recipients, transfers, and retention periods.

Complaints

If you are dissatisfied with how we handle your personal data, you may lodge a complaint with us directly. You also have the right to complain to the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: mira-spring.com

Updates to This Information

We review our GDPR compliance documentation regularly and will update this page to reflect any changes in our practices or legal requirements.

Contact Our Data Protection Team

For any questions about our GDPR compliance or to exercise your rights:

Email: [email protected]
Post: Data Protection, mira-spring Limited, Suite 412, Whitmore House, 86 Clerkenwell Road, London EC1M 5RJ