Your data protection rights under UK GDPR
Last updated: January 2024
starlight-byte is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and outlines your rights as a data subject.
starlight-byte is the data controller for personal information collected through our website and services. This means we determine how and why your personal data is processed.
Contact details:
starlight-byte
142 West Regent Street
Glasgow G2 4RZ
Email: [email protected]
Under UK GDPR, we must have a valid lawful basis for processing your personal data. We rely on the following bases:
When you enrol in one of our programmes, we process your personal data to fulfil our contractual obligations. This includes:
We obtain your explicit consent for certain processing activities, including:
You have the right to withdraw consent at any time by contacting us.
We may process data based on our legitimate business interests, where those interests are not overridden by your rights. Examples include:
We process certain data to comply with legal requirements, such as maintaining financial records and responding to regulatory requests.
As a data subject, you have the following rights:
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with supplementary information about the processing.
You can request that we correct any inaccurate personal data or complete any incomplete data we hold about you.
Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose or when you withdraw consent.
You can request that we limit how we use your personal data while we verify its accuracy or consider an objection you have raised.
You can request to receive your personal data in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller.
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by a further two months, and we will inform you if this is the case.
We may ask you to verify your identity before processing your request to ensure the security of your data.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO or transfers to countries with adequate data protection laws.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.
As our services involve children's education, we take special care with children's data. We collect information about children only with parental consent, and we implement additional safeguards to protect this data. Parents have full rights to access, correct, or request deletion of their children's data.
For processing activities that may result in high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise risks.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We would, however, appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.
We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.