GDPR Compliance Statement

Last Updated: May 6, 2026

Our Commitment to Data Protection

pulse-mesh is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This statement outlines how we comply with these regulations and safeguard your rights.

Data Controller Information

pulse-mesh is the data controller responsible for your personal data. Our contact details are:

pulse-mesh
42 Queen Square
Bristol BS1 4QP
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The legal grounds we rely on include:

• Consent: When you explicitly agree to us processing your data for specific purposes
• Contract: When processing is necessary to fulfill our service obligations to you
• Legal Obligation: When we must process your data to comply with the law
• Legitimate Interests: When processing is necessary for legitimate business purposes that do not override your rights

Your Rights Under GDPR

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. We provide this through our Privacy Policy and this GDPR statement.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this information within one month of your request, free of charge.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request corrections. We will update your information within one month.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Please note that we may need to retain certain information to comply with legal obligations.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another data controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with the subject line "GDPR Request." Please include:

• Your full name and contact information
• Specific details of your request
• Proof of identity (to prevent unauthorized disclosure)

We will respond to your request within one month. In complex cases, this may be extended by two additional months, and we will inform you of any delay.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication procedures
• Staff training on data protection responsibilities
• Incident response procedures

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach poses a high risk
• Document the breach and our response

International Data Transfers

We process and store your data within the United Kingdom. If we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Financial services records are typically retained for at least six years in compliance with regulatory requirements.

Children's Data

Our services are not directed at children under 18. We do not knowingly process personal data of children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Tel: 0303 123 1113
Website: www.ico.org.uk

Contact Us

For any questions about GDPR compliance or data protection, please contact us at [email protected].