GDPR Information

Your data protection rights under UK GDPR

Overview

The UK General Data Protection Regulation (UK GDPR) provides comprehensive protection for personal data. As a data controller, stormfrost-seal is committed to transparency about how we collect, use, and protect your personal information.

Your Rights Under UK GDPR

1. Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided through our Privacy Policy and this GDPR information page.

2. Right of Access

You can request access to the personal data we hold about you. This is commonly known as a "subject access request." We will provide:

  • Confirmation that we are processing your data
  • Access to your personal data
  • Additional information about how we process your data

We will respond to subject access requests within one month of receipt.

3. Right to Rectification

If personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will respond to rectification requests within one month and will inform any third parties with whom we have shared your data about the correction.

4. Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is necessary for compliance with a legal obligation

This right is not absolute and may not apply in certain circumstances, such as when we need to retain data for legal compliance.

5. Right to Restrict Processing

You can request that we restrict how we use your personal data in specific situations:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want the data erased
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification of our legitimate grounds

6. Right to Data Portability

Where technically feasible, you have the right to obtain and reuse your personal data for your own purposes across different services. This applies when:

  • Processing is based on consent or contract performance
  • Processing is carried out by automated means

7. Right to Object

You have the right to object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests or public interest
  • Direct marketing purposes
  • Processing for research or statistical purposes

We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

8. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]
Subject line: GDPR Request

Please include:

  • Your full name
  • Email address associated with your enrolment or enquiry
  • Specific right you wish to exercise
  • Any relevant details to help us locate your information

Response Timeframes

We will respond to requests within one month of receipt. In complex cases, we may extend this by up to two additional months and will inform you of any such extension.

Verification Process

To protect your personal data, we may request additional information to verify your identity before responding to requests. This is a security measure to ensure data is only disclosed to the rightful individual.

No Fee Required

We do not charge a fee for exercising your GDPR rights unless requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse to act on the request.

Data Protection Officer

For questions about our data protection practices or to raise concerns, you can contact us at the email address above. We take data protection seriously and will address all enquiries promptly.

Right to Lodge a Complaint

If you are dissatisfied with how we handle your personal data or your GDPR rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: www.ico.org.uk

Data Processing Activities

We process personal data for the following purposes:

  • Enrolment processing and programme administration
  • Communication about sessions and programme updates
  • Responding to enquiries and providing information
  • Service improvement and quality assurance
  • Legal and regulatory compliance

Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Enrolment data: Duration of programme participation plus six years for administrative purposes
  • Enquiry data: Two years from last contact unless deleted earlier upon request
  • Financial records: Seven years for tax and accounting compliance

Third-Party Data Sharing

We do not share personal data with third parties except:

  • Service providers operating under data processing agreements
  • When legally required by authorities
  • To protect rights and safety as permitted by law

International Transfers

Personal data is stored and processed within the United Kingdom. If international transfers become necessary, we will ensure appropriate safeguards are in place as required by UK GDPR.

Updates to This Information

We may update this GDPR information to reflect changes in our practices or legal requirements. Updates will be posted on this page with revision dates.