Overview
flickering-bright is fully committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines our approach to data protection and your rights under GDPR.
Data controller
flickering-bright is the data controller for the personal information we collect and process. We are responsible for ensuring that your data is handled in accordance with GDPR requirements.
Contact details:
Email: [email protected]
Address: 47 Argyle Street, Glasgow G2 8AY, United Kingdom
Lawful basis for processing
We process personal data only when we have a lawful basis to do so. Our lawful bases include:
- Consent: You have given clear consent for us to process your personal data for specific purposes
- Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- Legal obligation: Processing is necessary for us to comply with the law
- Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests
Your GDPR rights
Right to be informed
You have the right to be informed about the collection and use of your personal data. This information is provided in our Privacy Policy and this GDPR page.
Right of access
You have the right to request a copy of the personal information we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.
Right to rectification
You have the right to have inaccurate personal data corrected or completed if it is incomplete. We will respond to your request within one month.
Right to erasure
Also known as the 'right to be forgotten', you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
Right to restrict processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.
Right to data portability
You have the right to obtain and reuse your personal data for your own purposes across different services. We will provide your data in a structured, commonly used, and machine-readable format.
Right to object
You have the right to object to the processing of your personal data in certain circumstances, particularly for processing based on legitimate interests or for direct marketing purposes.
Rights related to automated decision-making
We do not use automated decision-making or profiling in our services. All decisions regarding programme suitability and enrolment are made by our team members.
Exercising your rights
To exercise any of your GDPR rights, please contact us at [email protected]. Include the following information in your request:
- Your full name
- Contact details
- Specific details of your request
- Proof of identity (if required)
We will respond to your request within one month. If your request is particularly complex, we may extend this period by up to two months, and we will inform you of any such extension.
Data protection principles
In accordance with GDPR, we ensure that personal data is:
- Processed lawfully, fairly, and transparently
- Collected for specified, explicit, and legitimate purposes
- Adequate, relevant, and limited to what is necessary
- Accurate and kept up to date
- Kept in a form that permits identification for no longer than necessary
- Processed in a manner that ensures appropriate security
Data security measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication procedures
- Staff training on data protection and security
- Secure backup and disaster recovery procedures
Data breach notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.
International data transfers
We do not transfer personal data outside the United Kingdom. All data is stored and processed within the UK.
Children's data
We take extra care when processing children's personal data. Where we process children's data, we ensure:
- Parental consent is obtained for children under 13
- Information is provided in clear, age-appropriate language
- Only necessary data is collected
- Enhanced security measures are in place
- Parents can exercise rights on behalf of their children
Complaints
If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Updates to this information
We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. The date of the last update will be shown at the top of this page.