GDPR Compliance Information

Last Updated: May 8, 2026

Our Commitment to Data Protection

technolure is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about how we meet our obligations under these regulations.

Data Controller

technolure is the data controller responsible for your personal information. Our contact details are:

Organization: technolure
Email: [email protected]
Address: 42 Educational Quarter, Bristol BS1 6TH, United Kingdom

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. Depending on the purpose, we rely on:

Consent

When you provide explicit consent for us to process your data for specific purposes, such as:

• Enrolling in our educational programmes
• Receiving marketing communications
• Processing children's information for educational services

You may withdraw your consent at any time by contacting us.

Contractual Necessity

Processing necessary to fulfill our contract with you, including:

• Delivering the educational programmes you've enrolled in
• Processing payments and managing accounts
• Communicating about programme schedules and updates

Legal Obligation

Processing required to comply with legal requirements, such as:

• Maintaining records for tax purposes
• Responding to legal requests or court orders
• Meeting safeguarding obligations for children

Legitimate Interests

Processing necessary for our legitimate business interests, provided these do not override your rights and freedoms:

• Improving our services and website
• Analyzing usage patterns and effectiveness
• Detecting and preventing fraud
• Managing customer relationships

Your Rights Under UK GDPR

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This information is provided through our Privacy Policy and this GDPR page.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure ("Right to be Forgotten")

In certain circumstances, you can request that we delete your personal data, including when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there's no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format and have it transmitted to another controller where technically feasible.

Right to Object

You have the right to object to:

• Processing based on legitimate interests
• Direct marketing (including profiling)
• Processing for research or statistical purposes

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not currently use automated decision-making for our services.

How to Exercise Your Rights

To exercise any of your rights under UK GDPR:

1. Send an email to [email protected] with your request
2. Clearly state which right you wish to exercise
3. Provide sufficient information to identify you (we may request additional identification for security purposes)
4. Specify any particular data or processing activities your request relates to

We will respond to your request within one month. In complex cases, we may extend this by up to two months and will inform you of any delay.

Data Protection by Design and Default

We implement data protection principles throughout our organization:

• Collecting only necessary personal data
• Limiting access to personal data to authorized personnel
• Implementing appropriate security measures
• Regularly reviewing and updating our practices
• Training staff on data protection requirements

Data Security Measures

We employ technical and organizational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Staff training on data security
• Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all breaches and our response
• Take appropriate steps to mitigate the breach

Third-Party Data Processors

When we engage third-party service providers who process personal data on our behalf, we ensure:

• Appropriate contracts are in place (Data Processing Agreements)
• They provide sufficient guarantees of data protection
• They process data only on our instructions
• They implement appropriate security measures

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK authorities
• Adequacy decisions recognizing equivalent data protection
• Other approved transfer mechanisms

Children's Data Protection

We take special care with children's personal data:

• We obtain verifiable parental consent before processing children's data
• We provide clear, age-appropriate privacy information
• We limit data collection to what is necessary for educational purposes
• Parents can access, correct, or delete their child's data at any time
• We implement enhanced security for children's information

Record Keeping

We maintain records of our processing activities as required by UK GDPR, including:

• Purposes of processing
• Categories of data subjects and personal data
• Categories of recipients
• International transfers (if applicable)
• Retention periods
• Security measures

Regular Reviews

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR requirements and to identify opportunities for improvement.

Questions and Concerns

If you have questions about our GDPR compliance or wish to raise a concern, please contact us:

Email: [email protected]
Address: 42 Educational Quarter, Bristol BS1 6TH, United Kingdom

Right to Lodge a Complaint

If you believe we have not complied with UK GDPR requirements, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk