GDPR Compliance

Last updated: January 2024

Our Commitment to Data Protection

reed-spark is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented measures to ensure your personal data is processed lawfully, fairly, and transparently.

Data Controller Information

reed-spark acts as the data controller for personal information collected through this website and our services. Our contact details are:

reed-spark
47 Commerce Street
Manchester, M2 4PD
United Kingdom

Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The legal bases we rely on include:

• Contractual necessity: Processing required to perform our mentoring services
• Legitimate interests: Processing for business purposes where your rights are not overridden
• Consent: Where you have freely given specific, informed, and unambiguous consent
• Legal obligation: Processing required to comply with the law

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond to valid requests within one month.

Right to Rectification

You can request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This right is not absolute and may be subject to legal retention requirements.

Right to Restrict Processing

You can ask us to limit how we use your data while a complaint is being investigated or when you contest the accuracy of your data.

Right to Data Portability

Where processing is based on consent or contract, you can request your data in a structured, commonly used, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure data storage systems
• Access controls limiting who can view personal data
• Staff training on data protection responsibilities
• Regular review of our security practices

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where appropriate, we will also notify affected individuals.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Notice

We may update this GDPR notice periodically. Significant changes will be communicated through our website or direct communication where appropriate.