GDPR Compliance

Understanding your data protection rights under UK GDPR

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) and UK GDPR establish comprehensive data protection standards. We are fully committed to compliance and transparency in how we handle personal information.

Your Rights Under GDPR

1. Right to Be Informed

You have the right to know how we collect and use your personal data. This information is provided in our Privacy Policy and at the point of data collection.

2. Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information within one month of your request.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. Contact us and we will update your information promptly.

4. Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been processed unlawfully

Note that this right is not absolute and may not apply where we have legal obligations to retain data.

5. Right to Restrict Processing

You can request we limit how we use your data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

6. Right to Data Portability

You can receive your personal data in a structured, commonly used, machine-readable format. You can also request we transfer this data directly to another organisation where technically feasible.

7. Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

8. Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]
Subject line: "GDPR Rights Request"

Please include:

  • Your full name and contact details
  • The specific right you wish to exercise
  • Any relevant details to help us locate your data

We will respond within one month. In complex cases, we may extend this by two months and will inform you of the extension.

Data Protection Principles

We process personal data in accordance with GDPR principles:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and transparently. We clearly communicate what data we collect and why.

Purpose Limitation

We collect data for specific, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes.

Data Minimisation

We collect only data that is adequate, relevant, and necessary for our purposes.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or rectified without delay.

Storage Limitation

We retain personal data only as long as necessary for the purposes for which it was collected or to comply with legal obligations.

Integrity and Confidentiality

We implement appropriate technical and organisational measures to ensure data security, protecting against unauthorised or unlawful processing and accidental loss, destruction, or damage.

Accountability

We are responsible for and can demonstrate compliance with GDPR principles. We maintain records of processing activities and regularly review our data protection practices.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract: When processing is necessary to fulfil a contract with you
  • Legal obligation: When we must process data to comply with the law
  • Legitimate interests: When processing is necessary for our legitimate interests, provided this does not override your rights and freedoms

International Data Transfers

We primarily process data within the United Kingdom. If data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • EU-UK adequacy decisions
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.

Children's Data

We take extra care with children's personal information. Parents and guardians provide information on behalf of children participating in our programmes. We do not knowingly collect data directly from children under 13 without parental consent.

Updates to This Information

We review our GDPR compliance regularly and update this page as needed. Significant changes will be communicated to registered users.

Questions and Concerns

If you have questions about our GDPR compliance or wish to raise a concern, contact:

Email: [email protected]
Address: 42 Education House, Bristol Road, Birmingham, B5 7DU, United Kingdom

Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the ICO:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: luminous-phantom.com
Helpline: 0303 123 1113