GDPR Compliance Statement

Our Commitment to GDPR Compliance

volta-shine is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our data protection responsibilities seriously and have implemented appropriate measures to ensure the security and privacy of your personal data.

Data Controller Information

volta-shine acts as the data controller for personal information collected through our website and services.

Data Controller: volta-shine
Address: 15 Royal Avenue, Belfast BT1 1DA, United Kingdom
Email: [email protected]

Legal Basis for Processing Personal Data

We process personal data only when we have a lawful basis to do so. The legal bases we rely on include:

1. Consent

We obtain your explicit consent before processing your personal data for specific purposes, such as:

• Enrolling in our educational programs
• Receiving marketing communications
• Using non-essential cookies

You have the right to withdraw consent at any time by contacting us.

2. Contract Performance

Processing is necessary to perform our contract with you, including:

• Delivering educational services you've enrolled in
• Communicating about scheduled sessions
• Processing payments

3. Legitimate Interests

We may process data based on legitimate business interests when they do not override your rights, such as:

• Improving our services and website functionality
• Preventing fraud and ensuring security
• Analysing website usage to enhance user experience

4. Legal Obligations

We process data when required to comply with legal obligations, such as tax and accounting requirements.

Your Rights Under UK GDPR

Right to Be Informed

You have the right to clear, transparent information about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR statement.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this information within one month of receiving your request.

Right to Rectification

If the personal data we hold about you is inaccurate or incomplete, you can request that we correct or complete it.

Right to Erasure (Right to Be Forgotten)

You can request deletion of your personal data when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there's no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

Right to Object

You can object to processing of your personal data when we rely on legitimate interests as the legal basis. We will stop processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: [email protected]
• Subject line: "GDPR Rights Request"

Please include:

• Your full name and contact details
• Specific right you wish to exercise
• Any relevant details to help us locate your information

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will notify you of the extension.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls limiting who can view personal data
• Regular security assessments and updates
• Staff training on data protection principles
• Secure data backup and recovery procedures

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach poses a high risk to you, we will also notify you without undue delay.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected. Our retention periods are based on:

• The length of time we provide services to you
• Legal and regulatory requirements
• Our legitimate business interests

When data is no longer needed, we securely delete or anonymise it.

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK Government
• Standard contractual clauses approved by the ICO
• Other approved transfer mechanisms

Children's Data

We provide services to children and teenagers with parental consent. We take extra care to protect children's personal data and ensure parents can exercise rights on behalf of their children.

Third-Party Data Processors

When we use third-party service providers who process personal data on our behalf, we ensure they:

• Comply with UK GDPR requirements
• Implement appropriate security measures
• Process data only according to our instructions
• Have written data processing agreements in place

Complaints

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. We will notify you of significant changes and update the "Last Updated" date at the top of this page.

Contact Us

For any questions about our GDPR compliance or data protection practices, please contact us:

volta-shine
Email: [email protected]
Address: 15 Royal Avenue, Belfast BT1 1DA, United Kingdom