GDPR Compliance

Our commitment to data protection under UK GDPR

Our GDPR Commitment

Tempest Logic is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented appropriate measures to protect your personal information.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: Processing necessary to fulfill our educational services contract with you
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal obligation: Where we must process data to comply with legal requirements including safeguarding duties
  • Legitimate interests: For business operations that don't override your rights and interests

Your Rights Under GDPR

Right to Access

You can request a copy of all personal data we hold about you and your child. We will provide this within one month of receiving your request.

Right to Rectification

If personal information we hold is inaccurate or incomplete, you have the right to have it corrected promptly.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. This right is not absolute and may be limited by legal retention requirements.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific circumstances while issues are resolved.

Right to Data Portability

You can request your personal data in a structured, commonly used format to transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling. All decisions regarding programme placement and enrollment are made by our team.

Data Protection Measures

We implement robust security measures including:

  • Encrypted storage of digital personal information
  • Secure physical storage for paper records
  • Access controls limiting who can view personal data
  • Regular security assessments and updates
  • Staff training on data protection obligations
  • Secure communication channels for sensitive information

Data Sharing and Transfers

We do not transfer personal data outside the United Kingdom. Any data sharing within the UK is limited to:

  • Trusted service providers bound by data processing agreements
  • Legal authorities when required by law
  • Safeguarding authorities when child protection concerns arise

Children's Data

We process children's personal data with particular care. Parental consent is required for enrollment. We only collect information necessary for providing educational services and maintaining safeguarding responsibilities.

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Inform affected individuals without undue delay
  • Take immediate steps to contain and remedy the breach
  • Investigate the cause and implement preventative measures

Exercising Your Rights

To exercise any of your GDPR rights, contact us at:

Email: [email protected]
Address: 47 Lothian Road, Edinburgh EH1 2DJ, United Kingdom

We will respond to all requests within one month. If your request is complex, we may extend this by two additional months and will inform you accordingly.

Complaints

If you believe we have not complied with GDPR requirements, you can:

  • Contact us directly to resolve the issue
  • Lodge a complaint with the Information Commissioner's Office (ICO)

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: tempest-logic.com

Updates to GDPR Practices

We regularly review our data protection practices to ensure ongoing compliance. Significant changes will be communicated to enrolled families and reflected in our Privacy Policy.