GDPR Compliance

Our GDPR Commitment

arcade-burst is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities regarding your personal data seriously and have implemented comprehensive measures to ensure compliance.

Data Controller

arcade-burst acts as the data controller for the personal information we collect and process. We are responsible for ensuring that your data is processed lawfully, fairly, and transparently.

Our contact details:

arcade-burst
47 Wellington Street
Covent Garden
London WC2E 7BD
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only collect and process personal data where we have a lawful basis to do so. Our lawful bases include:

Consent

When you provide explicit consent for us to process your personal data for specific purposes, such as receiving marketing communications or enrolling in our programmes.

Contractual Necessity

When processing is necessary to fulfill our contractual obligations to you, such as delivering the educational programmes you have enrolled in.

Legal Obligation

When we are required by law to process your data, such as for tax and accounting purposes or safeguarding requirements.

Legitimate Interests

When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms. This includes improving our services and ensuring website security.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy and this GDPR notice.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we restrict how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to our processing of your personal data in certain circumstances, particularly when we are relying on legitimate interests as our lawful basis.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not engage in automated decision-making.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

• Email: [email protected]
• Post: 47 Wellington Street, Covent Garden, London WC2E 7BD

We will respond to your request within one month. In complex cases, this may be extended by a further two months, and we will inform you if this is necessary.

We may need to verify your identity before processing your request to ensure we are disclosing data to the right person.

Data Security Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection and security
• Secure backup and disaster recovery procedures
• Regular monitoring for security incidents

Data Breach Procedures

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Document all data breaches and our response to them
• Take immediate steps to contain and remedy the breach

Data Retention

We only retain personal data for as long as necessary to fulfill the purposes for which it was collected. Our retention periods are based on:

• Legal and regulatory requirements
• The nature of the services provided
• Contractual obligations
• Legitimate business interests

When personal data is no longer required, we securely delete or anonymize it.

International Data Transfers

Your personal data is stored and processed within the United Kingdom. If we need to transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by the ICO
• Binding corporate rules

Children's Data

While our services are designed for children and teenagers, we only collect personal information from parents or legal guardians. We recognize the importance of protecting children's data and ensure that:

• Parental consent is obtained before collecting any child's information
• We minimize data collection to what is necessary for our educational services
• Enhanced security measures protect children's data
• Staff are trained on handling children's data appropriately

Third-Party Processors

When we engage third-party service providers to process personal data on our behalf, we ensure they:

• Provide sufficient guarantees of compliance with UK GDPR
• Process data only on our documented instructions
• Maintain appropriate security measures
• Sign data processing agreements with us

Updates to This Notice

We may update this GDPR compliance notice to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised date.

Complaints

If you have concerns about our data processing practices, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Further Information

For more detailed information about how we process your personal data, please refer to our Privacy Policy.

If you have any questions about our GDPR compliance or data protection practices, please contact us at [email protected].