GDPR Compliance

mistfire-path is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains our data processing practices and your rights under these regulations.

Data Controller Information

mistfire-path is the data controller responsible for your personal information. Our contact details are:

mistfire-path
127 Alcester Road, Moseley
Birmingham B13 8JP
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Consent

We process your data based on your explicit consent when you submit booking forms, subscribe to communications, or otherwise agree to provide your information.

Contract Performance

We process data necessary to fulfil our contractual obligations when you engage our educational services.

Legitimate Interests

We may process certain data based on our legitimate business interests, such as improving our services and website functionality, provided these interests do not override your rights and freedoms.

Legal Obligations

We process data when required to comply with legal obligations, such as safeguarding requirements relevant to working with children.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You can request that we temporarily restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to the processing of your personal data in certain circumstances, particularly when we process data based on legitimate interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that would significantly affect you.

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time.

Exercising Your Rights

To exercise any of your rights under UK GDPR, please contact us at [email protected]. Please include:

• Your full name
• Your contact details
• A clear description of your request
• Proof of identity (if required)

We will respond to your request within one month, although this period may be extended in complex cases.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Pseudonymisation and encryption of personal data
• Regular testing and assessment of security measures
• Secure data storage with access controls
• Staff training on data protection
• Incident response procedures

Data Protection Impact Assessments

Where our processing operations are likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments to identify and mitigate these risks.

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions
• Standard contractual clauses
• Binding corporate rules

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.

Children's Data

We take extra care when processing information about children. We:

• Only collect children's information through parent/guardian consent
• Limit data collection to what is necessary for educational purposes
• Ensure age-appropriate privacy notices
• Implement enhanced security measures for children's data
• Comply with safeguarding requirements

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk

Updates to This Information

We may update this GDPR information periodically to reflect changes in our practices or legal requirements. We encourage you to review this page regularly.