Last updated: January 2024

Our Commitment to Data Protection

starlight-byte is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and outlines your rights as a data subject.

Data Controller

starlight-byte is the data controller for personal information collected through our website and services. This means we determine how and why your personal data is processed.

Contact details:
starlight-byte
142 West Regent Street
Glasgow G2 4RZ
Email: [email protected]

Lawful Bases for Processing

Under UK GDPR, we must have a valid lawful basis for processing your personal data. We rely on the following bases:

Contract Performance

When you enrol in one of our programmes, we process your personal data to fulfil our contractual obligations. This includes:

Consent

We obtain your explicit consent for certain processing activities, including:

You have the right to withdraw consent at any time by contacting us.

Legitimate Interests

We may process data based on our legitimate business interests, where those interests are not overridden by your rights. Examples include:

Legal Obligation

We process certain data to comply with legal requirements, such as maintaining financial records and responding to regulatory requests.

Your Rights Under UK GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with supplementary information about the processing.

Right to Rectification (Article 16)

You can request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose or when you withdraw consent.

Right to Restriction of Processing (Article 18)

You can request that we limit how we use your personal data while we verify its accuracy or consider an objection you have raised.

Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by a further two months, and we will inform you if this is the case.

We may ask you to verify your identity before processing your request to ensure the security of your data.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO or transfers to countries with adequate data protection laws.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Children's Data

As our services involve children's education, we take special care with children's data. We collect information about children only with parental consent, and we implement additional safeguards to protect this data. Parents have full rights to access, correct, or request deletion of their children's data.

Data Protection Impact Assessments

For processing activities that may result in high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise risks.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.