GDPR Compliance - BrightMetric

BrightMetric Education Ltd is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and protect your rights.

1. Our Commitment to Data Protection

We recognise the importance of protecting personal data and have implemented comprehensive policies and procedures to ensure compliance with UK data protection law.

As a data controller, we process personal data fairly, lawfully, and transparently, and only for specified, explicit, and legitimate purposes.

2. Data Protection Principles

We adhere to the following principles when processing personal data:

Lawfulness, fairness, and transparency: We process data lawfully and are transparent about how we use it
Purpose limitation: We collect data for specific, legitimate purposes only
Data minimisation: We collect only the data necessary for our purposes
Accuracy: We take steps to ensure data is accurate and up to date
Storage limitation: We retain data only as long as necessary
Integrity and confidentiality: We protect data with appropriate security measures
Accountability: We can demonstrate our compliance with these principles

3. Legal Basis for Processing

We process personal data under one or more of the following legal bases:

3.1 Contract Performance

When you enrol in our programmes, we process your data to fulfil our contractual obligations to you.

3.2 Legitimate Interests

We process data for our legitimate business interests, such as improving services and communicating with customers, provided these interests do not override your rights.

3.3 Consent

Where required, we obtain your explicit consent before processing your data, particularly for marketing communications.

3.4 Legal Obligation

We process data when necessary to comply with legal requirements, such as tax and accounting obligations.

4. Your Data Protection Rights

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

1. Right to be informed
You have the right to clear information about how we use your data.

2. Right of access
You can request a copy of the personal data we hold about you.

3. Right to rectification
You can ask us to correct inaccurate or incomplete data.

4. Right to erasure
You can request deletion of your personal data in certain circumstances.

5. Right to restrict processing
You can ask us to limit how we use your data.

6. Right to data portability
You can request your data in a portable format.

7. Right to object
You can object to processing based on legitimate interests or for direct marketing.

8. Rights related to automated decision-making
You have rights regarding automated decisions that significantly affect you.

5. How to Exercise Your Rights

To exercise any of your data protection rights:

Email us at [email protected]
Write to our Data Protection Officer at the address below
Contact us through our contact page

We will respond to your request within one month. If your request is complex, we may extend this by two months and will inform you of the extension.

These requests are generally free of charge. However, we may charge a reasonable fee for manifestly unfounded or excessive requests.

6. Data Security Measures

We implement appropriate technical and organisational security measures, including:

Encryption of data in transit and at rest
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Staff training on data protection and security
Incident response procedures
Regular backups and disaster recovery plans
Secure development practices

7. Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

We will notify the Information Commissioner's Office within 72 hours of becoming aware
We will notify affected individuals without undue delay if the breach poses a high risk
We will document all breaches and our response actions

8. Third-Party Data Processors

When we engage third-party service providers to process data on our behalf, we:

Conduct due diligence to ensure they meet GDPR standards
Establish written contracts specifying their data protection obligations
Monitor their compliance regularly
Ensure they only process data according to our instructions

9. International Data Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place:

Standard contractual clauses approved by the UK authorities
Adequacy decisions by the UK government
Additional security measures where necessary

10. Children's Data

We take extra care when processing children's personal data:

We obtain parental consent before processing data of children under 13
We use clear, age-appropriate language when communicating with children
We limit data collection to what is strictly necessary
We implement enhanced security measures for children's data

11. Data Protection Officer

We have appointed a Data Protection Officer to oversee our compliance:

Data Protection Officer
BrightMetric Education Ltd
42 Wellington Street
London, WC2E 7BD
United Kingdom

Email: [email protected]

12. Complaints and Supervisory Authority

If you believe we have not complied with data protection law, you can:

Contact our Data Protection Officer to resolve the issue
Lodge a complaint with the Information Commissioner's Office (ICO)

Information Commissioner's Office:
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Telephone: 0303 123 1113
Website: ico.org.uk

13. Record Keeping

We maintain records of our processing activities, including:

Purposes of processing
Categories of data subjects and personal data
Categories of recipients
International data transfers
Retention periods
Security measures

14. Regular Reviews

We regularly review and update our data protection practices to ensure ongoing compliance with UK GDPR requirements.

15. Further Information

For more information about how we process your data, please see our Privacy Policy.

For information about cookies, see our Cookie Policy.

GDPR Compliance Statement