GDPR Compliance

Your data protection rights under UK and EU law

Home / GDPR

Last updated: January 2024

brightor-flare is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page explains your rights and how we comply with these regulations.

Data Controller

brightor-flare is the data controller responsible for your personal data. Our contact details are:

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of receiving your request.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

Right to Erasure

Also known as the "right to be forgotten", you can request that we delete your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw your consent (where consent was the legal basis)
  • You object to the processing and there are no overriding legitimate grounds

Right to Restrict Processing

You can request that we limit how we use your data while a complaint is being investigated or when you have objected to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing of your personal data where we are relying on legitimate interests or where processing is for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you. We do not currently use automated decision-making processes.

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The bases we rely on include:

  • Contractual necessity: To fulfil our obligations when you book a session
  • Legitimate interests: To operate our business, improve services, and communicate with you
  • Consent: For marketing communications and optional data collection
  • Legal obligation: To comply with laws and regulations

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular security assessments
  • Access controls limiting who can view personal data
  • Staff training on data protection

International Transfers

We primarily store and process data within the UK and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place.

Data Breach Procedures

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Inform affected individuals without undue delay where there is a high risk
  • Document the breach and our response

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex, we may extend this by a further two months, but we will inform you of this within the first month.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

Cookie Notice

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Learn more