GDPR Compliance

Our Commitment to Data Protection

glint-shock is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and have implemented comprehensive measures to protect your personal data.

Data Controller

glint-shock acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact Details:
glint-shock
17 Exchange Street
Liverpool, L2 3PQ
United Kingdom
Email: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides you with specific rights regarding your personal data:

Right to Be Informed

You have the right to know how your data is being collected and used. Our Privacy Policy provides this information in a clear and accessible format.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to valid requests within one month.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will make the necessary amendments promptly upon receiving a valid request.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose.

Right to Restrict Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of your data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.

Right to Object

You can object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making processes.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: For marketing communications and non-essential cookies
• Contractual necessity: To provide our educational services when you enrol
• Legal obligation: For safeguarding requirements and financial record-keeping
• Legitimate interests: For improving our services and website functionality

Data Processing for Children

As our services are designed for children and young people, we take additional care when processing data about minors:

• We obtain parental or guardian consent before collecting data about children under 13
• We collect only the minimum data necessary to provide our services
• Parents and guardians can access, modify, or request deletion of their child's data
• We have enhanced security measures for data relating to minors

Data Protection Measures

We have implemented appropriate technical and organisational measures to ensure security of personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Staff training on data protection principles
• Access controls limiting who can view personal data
• Secure data backup procedures
• Incident response procedures for potential breaches

International Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected. Our standard retention periods are:

• Enquiry data: 2 years from last contact
• Programme participant records: 6 years after programme completion
• Financial records: 7 years as required by law
• Marketing consent records: Duration of consent plus 2 years

Making a Request

To exercise any of your data protection rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this by up to two months, and will inform you if this is necessary.

We may ask you to verify your identity before processing your request to ensure we protect your data from unauthorised access.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to complain to the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Website: ico.org.uk

We encourage you to contact us first so we can try to resolve any concerns directly.

Updates to This Information

We may update this GDPR information from time to time. Significant changes will be communicated through our website and, where appropriate, by email.