GDPR Compliance

Last updated: June 2026

Our Commitment to Data Protection

Peak Grove is committed to ensuring that your privacy is protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and outlines your rights.

Data Controller

Peak Grove acts as the data controller for personal information collected through this website. We determine the purposes and means of processing personal data.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to be Informed

You have the right to know what personal data we collect, why we collect it, and how we use it. This information is provided in our Privacy Policy.

Right of Access

You can request a copy of the personal data we hold about you. We will respond to your request within one month.

Right to Rectification

If you believe that any information we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.

Right to Restrict Processing

You can request that we limit the way we use your personal data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The lawful bases we rely on include:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract: Where processing is necessary for a contract we have with you.
• Legal obligation: Where processing is necessary for us to comply with the law.
• Legitimate interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data where appropriate
• Regular security assessments
• Access controls and authentication measures
• Staff training on data protection

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

• Detect and investigate the breach
• Assess the risk to individuals
• Notify the Information Commissioner's Office within 72 hours where required
• Notify affected individuals where there is a high risk to their rights and freedoms

Exercising Your Rights

To exercise any of your rights, please contact us using the details below. We will respond to your request within one month. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months, but we will inform you if this is the case.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

Contact Information

For any questions regarding this GDPR compliance notice or to exercise your rights, please contact us:

Email: [email protected]
Address: 27 Riverside Gardens, Manchester, M3 4LQ, United Kingdom