GDPR Compliance

Our Commitment to Data Protection

fiberblaze is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains our GDPR compliance practices and your rights as a data subject.

Data Controller

fiberblaze is the data controller responsible for your personal data. Our contact details are:

Email: [email protected]
Address: 47 Richmond Street, Bristol BS1 6LR, United Kingdom

Your Rights Under UK GDPR

1. Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy.

2. Right of Access

You have the right to access your personal data. You can request a copy of the personal information we hold about you. We will provide this information within one month of your request, free of charge.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will update your information within one month of notification.

4. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed
• The data must be erased to comply with a legal obligation

Note: We may be required to retain certain information for legal or regulatory purposes.

5. Right to Restrict Processing

You can request that we restrict processing of your personal data in certain situations:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification of legitimate grounds

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another service provider where technically feasible.

7. Right to Object

You have the right to object to:

• Processing based on legitimate interests
• Direct marketing
• Processing for research or statistical purposes

8. Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your rights, please contact us:

• Email: [email protected]
• Subject line: "GDPR Request - [Your Right]"

Please include the following in your request:

• Your full name
• Email address associated with your account
• Specific right you wish to exercise
• Any relevant details or context

We will respond to your request within one month. In complex cases, we may extend this by two additional months, and we will inform you if this is necessary.

Data Processing Activities

What Data We Collect

• Parent/guardian contact information
• Child's name and age
• Programme enrollment details
• Payment information (processed by third-party payment providers)
• Communication records
• Website usage data

Why We Process Your Data

• To deliver our educational services
• To communicate about programmes and schedules
• To process payments
• To improve our services
• To comply with legal obligations

Legal Basis for Processing

• Contract: To fulfill our service agreement with you
• Legitimate interests: To improve our services and protect against fraud
• Consent: Where you have explicitly agreed to specific processing
• Legal obligation: To comply with legal and regulatory requirements

Data Security

We implement appropriate technical and organisational measures to ensure data security:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Incident response procedures

Data Retention

We retain personal data only as long as necessary:

• Enrollment records: 7 years (educational and legal compliance)
• Communication records: 3 years
• Website analytics: 26 months
• Marketing consent: Until withdrawn

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions
• Standard contractual clauses
• Binding corporate rules

Children's Data

We process children's personal data only with parental/guardian consent. We take extra care to protect children's information and only collect what is necessary for providing our educational services.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours
• Inform affected individuals without undue delay
• Provide details about the nature of the breach
• Describe measures taken to address the breach

Third-Party Processors

We work with carefully selected third-party service providers who process data on our behalf. All processors are required to:

• Process data only on our instructions
• Maintain appropriate security measures
• Comply with UK GDPR requirements
• Have appropriate data processing agreements in place

Complaints

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Updates to This Page

We may update this GDPR compliance page to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or website notice.

Contact Our Data Protection Officer

For specific data protection questions or concerns, contact us at [email protected] with "Data Protection Query" in the subject line.