GDPR Compliance Statement

Our Commitment to Data Protection

newtide-phantom is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines how we comply with these regulations and your rights under them.

Data Controller

For the purposes of data protection legislation, newtide-phantom acts as the data controller for personal information collected through our website and educational programmes.

Contact details:
Email: [email protected]
Address: 42 Deansgate, Manchester, M3 2FF, United Kingdom

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so:

• Consent: You have given clear permission for us to process your data for specific purposes
• Contract: Processing is necessary to fulfill our agreement to provide educational services
• Legal obligation: Processing is required to comply with legal requirements
• Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

Your Rights Under GDPR

You have comprehensive rights regarding your personal data:

Right to Access

You can request confirmation of whether we process your personal data and receive a copy of that data. We will provide this within one month of your request.

Right to Rectification

If you believe any information we hold about you is incorrect or incomplete, you can request that we correct or complete it.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent on which processing is based
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restriction of Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

Rights Related to Automated Decision Making

We do not use automated decision making or profiling. All decisions regarding programme placements and communications are made by our team.

How to Exercise Your Rights

To exercise any of your rights under GDPR, contact us at [email protected] with the following information:

• Your full name and contact details
• Specific right you wish to exercise
• Details of your request
• Proof of identity if required

We will respond to your request within one month. If your request is complex, we may extend this period by two months and will inform you of the extension.

Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, fairness, and transparency: We process data lawfully and inform you about processing activities
• Purpose limitation: We collect data for specific, explicit purposes and do not use it for incompatible purposes
• Data minimisation: We collect only data that is necessary for our purposes
• Accuracy: We take steps to ensure data is accurate and up to date
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We implement appropriate security measures
• Accountability: We can demonstrate compliance with these principles

Children's Data

When we process data about children participating in our programmes, we ensure:

• Parental or guardian consent is obtained for participants under 13
• Information is provided in clear, plain language appropriate for children
• Additional safeguards are in place to protect children's data
• Parents retain control over their children's information

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office within 72 hours of becoming aware
• Inform affected individuals without undue delay if the breach poses a high risk
• Provide information about the nature of the breach and steps taken to address it

Third-Party Processors

When we engage third parties to process data on our behalf, we ensure:

• Written contracts are in place defining processing activities
• Processors provide sufficient guarantees of compliance
• Processors only act on our documented instructions
• Appropriate technical and organisational measures are implemented

International Transfers

If we transfer your data outside the UK or EEA, we ensure adequate protection through:

• Countries with adequacy decisions from the UK or European Commission
• Standard contractual clauses approved by authorities
• Other appropriate safeguards as required by law

Record Keeping

We maintain records of our processing activities as required by GDPR, including:

• Purposes of processing
• Categories of data subjects and personal data
• Recipients of personal data
• International transfers and safeguards
• Retention periods
• Technical and organisational security measures

Right to Lodge a Complaint

If you are not satisfied with how we have handled your personal data or responded to your requests, you have the right to lodge a complaint with the supervisory authority.

In the United Kingdom, this is the Information Commissioner's Office (ICO):

Website: www.ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Updates to This Statement

We review and update this GDPR compliance statement regularly to ensure continued accuracy and compliance. Significant changes will be communicated through our website or direct notification.

Further Information

For more detailed information about how we collect and use your data, please see our Privacy Policy.