GDPR Compliance

Last Updated: January 2024

Our Commitment to GDPR

blaze-trek is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and explains your rights as a data subject.

Data Controller

blaze-trek acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact details:
Email: [email protected]
Address: 42 Botanic Avenue, Belfast BT7 1JQ, Northern Ireland

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you submit an enquiry form or sign up for our newsletter
• Contract: When processing is necessary to fulfil programme registrations
• Legitimate Interests: For website analytics and service improvement
• Legal Obligation: When required by law for record-keeping

Your Rights Under GDPR

Right to Access

You have the right to request a copy of the personal data we hold about you. We will respond to access requests within one month.

Right to Rectification

If the personal data we hold is inaccurate or incomplete, you have the right to request correction.

Right to Erasure

You may request deletion of your personal data when it is no longer necessary for the purpose it was collected, or when you withdraw consent.

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

Children's Data

Given the nature of our services, we collect limited information about children through their parents or guardians. We take extra care to protect children's data and only collect what is necessary to provide our educational programmes.

Parents or guardians maintain full control over their children's data and can exercise rights on their behalf.

Data Protection Measures

We implement appropriate security measures including:

• Encryption of data in transit and at rest
• Access controls limiting who can view personal data
• Regular security reviews and updates
• Staff training on data protection
• Secure disposal of data when no longer needed

Data Breach Procedures

In the event of a data breach that poses a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Affected individuals will be notified without undue delay when the breach is likely to result in high risk.

International Transfers

We primarily process data within the United Kingdom. If data needs to be transferred outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR.

Data Retention

We retain personal data only for as long as necessary:

• Enquiry data: 2 years from last contact
• Programme participant records: 6 years after completion
• Financial records: As required by law (typically 7 years)

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this by two months, but we will inform you of any extension within the initial month.

Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Notice

We may update this GDPR notice periodically. Material changes will be communicated through our website or direct notification where appropriate.