Our Commitment to GDPR

glistening-path is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing UK law and abides by the data protection principles set out in the UK General Data Protection Regulation (UK GDPR).

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract: Where processing is necessary for the performance of a contract with you (e.g., programme registration)
  • Legal obligation: Where processing is necessary to comply with the law
  • Legitimate interests: Where processing is necessary for our legitimate interests and does not override your rights

Data Controller Information

glistening-path is the data controller for the personal information we collect and process. Our contact details are:

  • Organisation: glistening-path
  • Address: 47 Oakwood Lane, Headingley, Leeds, LS6 3PW
  • Email: [email protected]

Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR notice.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month.

Right to Rectification

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will respond to your request within one month.

Right to Erasure

Also known as the "right to be forgotten", you can request that we delete your personal data when:

  • The data is no longer necessary for the purpose it was originally collected
  • You withdraw consent (where consent was the lawful basis)
  • You object to processing and there is no overriding legitimate interest
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transfer this data directly to another organisation where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests, direct marketing, or processing for research purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months, but we will inform you if this is the case.

There is no charge for exercising your rights. However, if your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

Data Protection for Children

As we provide services to children, we take special care with their personal data:

  • Parental/guardian consent is required for children under 13
  • We collect only the minimum data necessary
  • Children's data is kept separate and with additional security measures
  • We provide age-appropriate privacy information when required

Data Breaches

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where required. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

International Transfers

We do not transfer personal data outside the United Kingdom. All data is stored and processed within the UK.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at [email protected].

Contact Us

For any questions about GDPR or to exercise your data rights:

  • Email: [email protected]
  • Post: Data Protection, glistening-path, 47 Oakwood Lane, Headingley, Leeds, LS6 3PW