GDPR Compliance

How we comply with the General Data Protection Regulation

Our Commitment to GDPR

duskfire-ember is committed to complying with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. This page outlines how we meet our obligations under these regulations.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you provide information through our enquiry forms or sign up for programmes
  • Contract: To fulfil our obligations when you book our services
  • Legitimate Interests: To improve our services and communicate with existing clients
  • Legal Obligation: To comply with UK law and regulations

Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal information we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal information.

Right to Erasure

You can request that we delete your personal information in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your personal information.

Right to Data Portability

You can request a copy of your data in a commonly used, machine-readable format.

Right to Object

You can object to our processing of your personal information in certain circumstances.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling in our services.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Address: 42 Hanover Street, Edinburgh, EH2 2DR, United Kingdom

We will respond to your request within one month. In complex cases, we may extend this by two additional months.

Data Protection Officer

For questions about data protection, you can contact our team at the email address above.

Data Retention

We retain personal information only for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

International Data Transfers

We store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place.

Data Security Measures

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Children's Data

We process data about children only with parental consent. Parents and guardians have the right to access, rectify, or erase their child's information at any time.

Complaints

If you believe we have not complied with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

Updates to This Page

We may update this information to reflect changes in our practices or legal requirements. Please check this page periodically for updates.