GDPR Compliance

Our commitment to data protection under the General Data Protection Regulation

Overview

We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page explains how we comply with these regulations when processing personal information of families participating in our educational programmes.

Data Controller

For the purposes of data protection legislation, icewhisper-guard acts as the data controller for personal information collected through our website and workshop operations.

icewhisper-guard
42 Colmore Row
Birmingham, B3 2BS
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal grounds we rely on include:

Consent

When you submit an enrollment form or contact us voluntarily, you provide consent for us to process your information for the purposes stated at the point of collection. You may withdraw this consent at any time by contacting us.

Legitimate Interests

We process certain information based on our legitimate interests in operating educational programmes effectively, improving our services, and communicating with enrolled families. We carefully balance these interests against your rights and freedoms.

Legal Obligations

In some cases, we process personal data to comply with legal requirements, such as maintaining records required for educational service providers.

Your Rights Under GDPR

The GDPR provides you with specific rights regarding your personal data:

Right to Access

You have the right to request confirmation of whether we process your personal data and to receive a copy of that data. We will provide this information within one month of your request, free of charge for the first request.

Right to Rectification

If you believe personal information we hold about you is inaccurate or incomplete, you have the right to request correction or completion of that data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restriction of Processing

You may request that we restrict how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

Right to Object

You can object to processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not engage in automated decision-making processes.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with your request. Please include:

  • Your full name
  • The email address you used when enrolling or contacting us
  • A clear description of which right you wish to exercise
  • Any relevant details that will help us locate your information

We may need to verify your identity before fulfilling your request to ensure we are disclosing information only to the appropriate individual.

Data Protection Principles

We adhere to the GDPR's core data protection principles:

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. We clearly communicate how and why we collect and use personal information.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization

We collect only personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date. Inaccurate data is corrected or deleted without delay.

Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure data security, protecting against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Security Measures

We employ various security measures to protect your personal information:

  • Secure servers and encrypted connections for data transmission
  • Access controls limiting who can view personal data
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Confidentiality agreements with any third parties who process data on our behalf

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

International Data Transfers

Our operations and data storage are located within the United Kingdom. If circumstances require transfer of data outside the UK or European Economic Area, we will ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Children's Data

While our workshops serve minors, we collect personal information from parents or guardians rather than directly from children. We process children's names and ages only with parental consent and for the legitimate purpose of providing educational services.

Third-Party Processing

When we engage third-party service providers who may process personal data on our behalf (such as email service providers), we ensure:

  • Data processing agreements are in place
  • They comply with GDPR requirements
  • They implement appropriate security measures
  • They process data only according to our instructions

Updates to GDPR Compliance

We regularly review our data protection practices to ensure ongoing compliance with GDPR requirements. This page will be updated to reflect any significant changes in our approach or procedures.

Supervisory Authority

If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
United Kingdom
Website: ico.org.uk

Contact for Data Protection Queries

For any questions or concerns about how we process your personal data or to exercise your GDPR rights, please contact us at [email protected].