GDPR AND DATA PROTECTION POLICY
Mutt in a Rutt
Last updated: 3 July 2026
1. Purpose of this policy
This GDPR and Data Protection Policy explains how Mutt in a Rutt manages personal data in line with UK data protection law.
It is intended to guide how the business collects, uses, stores, shares, protects and deletes personal information relating to clients, prospective clients, website visitors, suppliers, contacts and other individuals.
This policy should be read alongside the Mutt in a Rutt Privacy Policy and Cookies Policy.
2. Business details
Business name: Mutt in a Rutt
Location: Shrewsbury, Shropshire, United Kingdom
Email: support@muttinarutt.com
Mutt in a Rutt provides dog training and behaviour support services in Shrewsbury, Shropshire and surrounding areas.
For the purposes of UK data protection law, Mutt in a Rutt is generally the data controller for the personal data it collects and uses.
3. Scope
This policy applies to personal data handled by Mutt in a Rutt in any format, including:
- website enquiries;
- emails;
- phone calls;
- text messages;
- social media messages;
- contact forms;
- booking forms;
- consultation notes;
- training plans;
- behaviour questionnaires;
- client records;
- payment and invoice records;
- photos, videos and testimonials;
- paper notes;
- supplier and business contact records;
- website analytics and cookie data.
4. Data protection principles
Mutt in a Rutt will handle personal data in line with the following principles.
Personal data must be:
- used lawfully, fairly and transparently;
- collected for clear and legitimate purposes;
- limited to what is necessary;
- accurate and kept up to date where needed;
- kept only for as long as necessary;
- protected with appropriate security;
- handled in a way that allows the business to demonstrate compliance.
5. Types of personal data handled
Mutt in a Rutt may handle the following categories of personal data.
5.1 Client and enquiry data
- names;
- contact details;
- address or general location;
- enquiry details;
- service interests;
- booking details;
- communications;
- feedback, complaints and reviews.
5.2 Dog training and behaviour data
- dog’s name, age, breed or type;
- training history;
- behaviour concerns;
- household information relevant to safety;
- walking routines;
- triggers and risk factors;
- bite history or incidents;
- progress notes;
- training recommendations.
5.3 Payment and business records
- payment status;
- invoice and receipt information;
- transaction references;
- accounting records.
5.4 Website and technical data
- IP address;
- browser and device information;
- website usage data;
- cookie preferences;
- analytics information, where used.
5.5 Marketing data
- marketing preferences;
- social media interactions;
- email subscription information;
- consent records;
- opt-out records.
5.6 Images and media
- photos;
- videos;
- testimonials;
- case studies;
- social media comments or messages.
6. Special category and sensitive information
Mutt in a Rutt does not normally need to collect special category personal data. However, some dog behaviour work may involve sensitive context, such as:
- accessibility needs;
- health or mobility information affecting attendance;
- information about children or vulnerable people in the household where relevant to dog safety;
- safeguarding or serious welfare concerns;
- information about stressful, risky or distressing household situations where relevant to dog behaviour.
Sensitive information must only be collected where it is relevant and necessary.
Where sensitive information is handled, it must be treated with extra care, accessed only where needed, and not shared unless there is a lawful and appropriate reason.
7. Lawful bases for processing
Mutt in a Rutt will identify a lawful basis before processing personal data.
The main lawful bases used are:
7.1 Contract
Used where personal data is needed to respond to enquiries, arrange bookings, provide services, deliver training, manage payments or communicate with clients about services.
7.2 Legitimate interests
Used where personal data is needed for reasonable business purposes, including record keeping, service improvement, safety, incident management, complaint handling, website security and business administration.
7.3 Consent
Used for optional activities such as non-essential cookies, certain marketing communications, photos, videos, testimonials and case studies.
7.4 Legal obligation
Used where the business must keep or share information to comply with legal, tax, accounting, insurance, regulatory or law enforcement requirements.
7.5 Vital interests
Used rarely, where information is needed to protect life or prevent serious harm.
8. Consent
Where Mutt in a Rutt relies on consent, consent must be:
- freely given;
- specific;
- informed;
- unambiguous;
- recorded where practical;
- easy to withdraw.
Examples where consent may be needed include:
- marketing emails;
- non-essential cookies;
- publishing identifiable photos or videos;
- using testimonials with names or images;
- sharing information with another professional at the client’s request.
Withdrawing consent does not affect the lawfulness of anything done before consent was withdrawn.
9. Privacy information
Mutt in a Rutt will provide clear privacy information through its Privacy Policy and, where appropriate, through forms, booking processes, cookie banners or direct communication.
Privacy information should explain:
- what personal data is collected;
- why it is collected;
- lawful bases for use;
- who it may be shared with;
- how long it is kept;
- what rights individuals have;
- how to contact the business;
- how to complain.
10. Data minimisation
Mutt in a Rutt will only collect personal data that is reasonably needed.
The business should avoid collecting excessive or irrelevant information.
For dog behaviour work, some detailed information may be necessary for safety and welfare reasons, but it should still be relevant to the service being provided.
11. Accuracy
Mutt in a Rutt will take reasonable steps to keep personal data accurate.
Clients may be asked to confirm or update key information where needed, especially contact details, dog behaviour risks, household safety information and booking details.
12. Storage and security
Personal data must be stored securely.
Reasonable measures may include:
- password-protected devices and accounts;
- strong passwords;
- multi-factor authentication where available;
- secure email accounts;
- limiting access to client information;
- avoiding unnecessary downloads or copies;
- keeping paper records secure;
- deleting records when no longer needed;
- using reputable service providers;
- keeping software and devices updated.
13. Access control
Access to personal data should be limited to people who need it for legitimate business reasons.
Personal data should not be shared casually or discussed in a way that could identify a client unnecessarily.
14. Sharing personal data
Mutt in a Rutt may share personal data where necessary and lawful.
This may include sharing with:
- website hosting providers;
- email providers;
- booking or scheduling systems;
- payment processors;
- accountants or bookkeepers;
- insurers;
- legal advisers;
- IT providers;
- vets, trainers, behaviourists or other animal professionals, where appropriate;
- regulators, public authorities or law enforcement, where required.
Before sharing personal data, the business should consider:
- whether sharing is necessary;
- whether there is a lawful basis;
- whether the recipient is appropriate;
- whether the amount of data shared is limited;
- whether the sharing should be recorded.
15. Processors and third-party providers
Where third-party providers process personal data for Mutt in a Rutt, the business should use reputable providers and, where appropriate, ensure suitable data protection terms are in place.
Examples may include providers for:
- website hosting;
- forms;
- email;
- customer messages;
- bookings;
- payments;
- analytics;
- accounting;
- cloud storage.
16. International transfers
Some third-party providers may process personal data outside the United Kingdom.
Where this happens, Mutt in a Rutt will aim to use providers that apply appropriate safeguards under UK data protection law.
17. Retention policy
Personal data should not be kept for longer than necessary.
The following retention periods apply unless a different period is needed for legal, insurance, safeguarding, tax, accounting or dispute reasons:
- general enquiries that do not become bookings: up to 24 months;
- client records: up to 7 years after the last service or contact;
- dog behaviour notes and safety records: up to 7 years after the last service or contact;
- payment, invoice and accounting records: up to 7 years;
- consent records: for as long as consent is active and for a reasonable period afterwards;
- marketing opt-out records: retained as needed to respect the opt-out;
- complaint, incident and dispute records: up to 7 years or longer if required;
- website analytics data: retained according to provider settings;
- photos and videos used with consent: until consent is withdrawn or the content is no longer needed.
Records should be deleted, anonymised or securely destroyed when no longer required.
18. Data subject rights
Individuals have rights under UK data protection law.
These may include:
- right to be informed;
- right of access;
- right to rectification;
- right to erasure;
- right to restrict processing;
- right to data portability;
- right to object;
- rights relating to automated decision-making and profiling;
- right to withdraw consent where processing is based on consent.
These rights are not absolute and may depend on the circumstances.
19. Handling data subject requests
If someone makes a request about their personal data, Mutt in a Rutt should:
- record the request;
- confirm the person’s identity where needed;
- understand what right they are exercising;
- respond without undue delay;
- usually respond within one month;
- explain the outcome clearly;
- keep a record of the response.
If the request is complex, more time may be allowed under data protection law.
Requests should be sent to:
support@muttinarutt.com
20. Right of access
If someone asks for a copy of their personal data, this is a subject access request.
Mutt in a Rutt should provide a copy of the personal data held about that person unless an exemption applies.
Information about other people should be removed or protected unless it is reasonable and lawful to disclose it.
21. Right to erasure
Individuals may ask for their personal data to be deleted.
Mutt in a Rutt will consider each request and delete data where required. However, some information may need to be retained for legal, insurance, accounting, complaint, safeguarding or safety reasons.
22. Right to rectification
If information is inaccurate or incomplete, individuals can ask for it to be corrected.
Mutt in a Rutt should correct inaccurate information without undue delay where appropriate.
23. Right to object or restrict processing
Individuals may object to certain uses of their personal data or ask for processing to be restricted.
Mutt in a Rutt will consider these requests in line with UK data protection law.
24. Marketing and opt-outs
Marketing communications must comply with applicable data protection and electronic marketing rules.
Mutt in a Rutt should:
- only send marketing where allowed;
- keep records of consent or another lawful basis;
- make it easy to opt out;
- respect opt-out requests;
- avoid sending marketing to people who have opted out.
25. Cookies and similar technologies
The website may use cookies and similar technologies.
Strictly necessary cookies may be used where needed for the website to function.
Non-essential cookies, such as analytics or marketing cookies, should only be used where a valid lawful basis applies. In many cases, this means obtaining consent through a cookie banner or cookie settings tool.
More information is provided in the Mutt in a Rutt Cookies Policy.
26. Photos, videos and testimonials
Identifiable photos, videos, testimonials and case studies should only be used for marketing where permission has been given.
The business should record consent where practical and respect withdrawal of consent for future use.
Where content has already been published, the business will take reasonable steps to remove it from platforms it controls, but it may not be possible to remove copies from third-party sites, search engines or social media shares.
27. Data breaches
A personal data breach may include:
- sending personal data to the wrong person;
- losing a device or paper record containing personal data;
- unauthorised access to an account;
- accidental deletion or alteration of data;
- disclosure of client records without a lawful reason;
- cyber attack affecting personal data.
If a breach occurs, Mutt in a Rutt should:
- act quickly to contain the issue;
- assess what data is affected;
- assess the risk to individuals;
- record the breach;
- decide whether the ICO must be notified;
- decide whether affected individuals must be informed;
- take steps to reduce future risk.
Serious breaches may need to be reported to the Information Commissioner’s Office within 72 hours of becoming aware of them.
28. Complaints
If someone complains about how their personal data has been handled, Mutt in a Rutt should:
- acknowledge the complaint;
- investigate fairly;
- respond clearly;
- explain any action taken;
- keep a record of the complaint and response.
Complaints can be sent to:
support@muttinarutt.com
Individuals also have the right to complain to the Information Commissioner’s Office.
Information Commissioner’s Office
Website: https://ico.org.uk
Telephone: 0303 123 1113
29. Training and awareness
Anyone handling personal data for Mutt in a Rutt should understand the importance of privacy, confidentiality and data protection.
They should know:
- what personal data is;
- why it must be protected;
- how to store it securely;
- when it can and cannot be shared;
- how to recognise a data request or complaint;
- what to do if a data breach happens.
30. Review of this policy
This policy should be reviewed regularly and updated when:
- services change;
- website tools change;
- new systems are introduced;
- data handling practices change;
- legal requirements change;
- a data incident or complaint suggests improvement is needed.
31. Contact
For questions about this policy or data protection at Mutt in a Rutt, contact:
Mutt in a Rutt
Shrewsbury, Shropshire, United Kingdom
Email: support@muttinarutt.com