GDPR Compliance

Our Commitment to GDPR

gentle-cliff is committed to ensuring full compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We recognise the importance of protecting personal data and have implemented comprehensive measures to safeguard your information.

Data Controller Information

gentle-cliff acts as the data controller for personal information collected through this website. For any data protection enquiries, you may contact us at:

Email: [email protected]
Address: 47 Queen Street, Manchester, M2 5HQ, United Kingdom

Lawful Basis for Processing

We process personal data based on one or more of the following legal grounds:

• Consent: When you submit an enquiry form, you consent to us processing your information to respond to your request
• Contractual necessity: Processing required to provide educational services you have enrolled in
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services and website functionality
• Legal obligation: Processing required to comply with applicable laws and regulations

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request a copy of the personal information we hold about you. We will respond to such requests within one month.

Right to Rectification

If you believe any information we hold about you is inaccurate or incomplete, you have the right to request correction.

Right to Erasure

You may request deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and may be subject to legal retention requirements.

Right to Restrict Processing

You have the right to request that we limit how we use your data in certain circumstances.

Right to Data Portability

Where technically feasible, you may request that your data be transferred to another organisation in a structured, commonly used format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not make decisions based solely on automated processing that produce legal effects concerning you.

Data Protection Measures

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit using secure protocols
• Regular security assessments and updates
• Access controls limiting data access to authorised personnel
• Staff training on data protection responsibilities
• Incident response procedures for potential data breaches

International Data Transfers

We primarily process and store data within the United Kingdom. If any data transfer outside the UK becomes necessary, we ensure appropriate safeguards are in place in compliance with applicable regulations.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Making a Complaint

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

Updates to This Information

We may update this GDPR information periodically. Any significant changes will be communicated through our website.

Last updated: June 2024