GDPR Compliance

Your rights under the General Data Protection Regulation

Last updated: January 2024

Our Commitment to GDPR

blaze-fortress is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we uphold your data protection rights and what you can expect from us.

Data Controller

blaze-fortress is the data controller for the personal information we collect. This means we determine how and why your data is processed.

Contact details:
Email: [email protected]
Address: 142 West George Street, Glasgow G2 2HG

Your Rights Under GDPR

Right to Be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides this information in clear, accessible language.

Right of Access

You can request a copy of the personal data we hold about you. We will respond to your request within one month and provide the information free of charge in most cases.

Right to Rectification

If you believe any personal data we hold is inaccurate or incomplete, you have the right to request correction. We will respond within one month.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your data while we address your concerns about accuracy or the lawfulness of processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request your data in a commonly used, machine-readable format.

Right to Object

You can object to processing based on legitimate interests, including for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making that falls under this provision.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. Please provide:

  • Your full name
  • Contact details
  • Clear description of your request
  • Any information that helps us locate your data

We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests.

Lawful Bases for Processing

We only process personal data when we have a lawful basis to do so:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose
  • Contract: Processing is necessary to fulfil a contract with you or to take steps at your request before entering a contract
  • Legal obligation: Processing is necessary to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, unless overridden by your rights

Data Protection for Children

As our services involve children and young people, we take additional care:

  • We obtain parental or guardian consent for children under 16
  • We use clear, age-appropriate language when communicating with young people
  • We minimise data collection to what is necessary
  • We implement enhanced security measures for children's data

International Transfers

We primarily process data within the UK. If we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Notify affected individuals without undue delay where there is high risk
  • Document the breach and our response

Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Website: ico.org.uk
Telephone: 0303 123 1113

Updates to This Information

We review our GDPR compliance regularly and may update this page. Check back periodically for the most current information.

We use cookies to improve your experience on our site. By continuing to browse, you agree to our Cookie Policy.