GDPR Compliance

Our commitment to protecting your data rights under GDPR

Introduction

TechnoBlend is committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Economic Area (EEA) and United Kingdom. This page outlines how we fulfill our obligations under GDPR and explains your rights as a data subject.

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

Consent

When you enroll in our courses, subscribe to communications, or consent to optional data processing activities, we rely on your explicit consent as the legal basis for processing.

Contract Performance

Processing is necessary to fulfill our contractual obligations when you register for and participate in our educational programmes.

Legitimate Interests

We may process data based on legitimate interests, such as improving our services, conducting analytics, preventing fraud, and ensuring security—provided these interests do not override your fundamental rights and freedoms.

Legal Obligations

We process data when necessary to comply with legal requirements, such as tax regulations, safeguarding obligations, and responding to lawful requests from authorities.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is processed.

Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (Right to be Forgotten)

Under certain circumstances, you can request deletion of your personal data, including when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Right to Restriction of Processing

You can request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the details provided below. We will respond to your request without undue delay and within one month of receipt. In complex cases, this period may be extended by two additional months, and we will inform you of any such extension.

When making a request, please provide sufficient information to allow us to verify your identity and locate your data. We may request additional information if necessary for verification purposes.

Data Protection Officer

For questions specifically related to GDPR compliance or data protection matters, you may contact our designated Data Protection Officer:

Email: [email protected]

Data Processing Activities

Categories of Personal Data

We process the following categories of personal data:

  • Identity data (name, title)
  • Contact data (email address, postal address)
  • Demographic data (child's age, educational background)
  • Financial data (payment information, processed through secure third-party processors)
  • Technical data (IP address, browser type, device information)
  • Usage data (website interaction, course participation)
  • Communication data (correspondence, feedback, inquiries)

Data Recipients

We may share personal data with the following categories of recipients:

  • Educational service providers and instructors
  • IT service providers and hosting services
  • Payment processors and financial institutions
  • Professional advisors (legal, accounting, insurance)
  • Government authorities and regulators when legally required

International Transfers

Where we transfer personal data outside the EEA or UK, we implement appropriate safeguards to ensure adequate protection, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions confirming appropriate data protection levels
  • Binding corporate rules or certification mechanisms

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. Retention periods vary depending on:

  • The nature of the data and purposes for which it was collected
  • Legal, regulatory, or contractual obligations
  • Potential legal claims and limitation periods
  • Legitimate business interests

When personal data is no longer required, we securely delete or anonymize it in accordance with our data retention schedule.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and security
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery planning

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours of becoming aware of the breach. Where the breach poses a high risk, we will also notify affected individuals without undue delay.

Children's Data

Our services involve children under 16. We rely on parental consent for processing children's personal data and take extra care to ensure information is processed fairly, lawfully, and transparently. Parents and guardians can exercise children's data protection rights on their behalf.

Complaints and Supervisory Authority

If you believe we have processed your personal data in violation of GDPR, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly before escalating to a supervisory authority.

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website or directly to affected individuals.

Contact Information

For questions about GDPR compliance or to exercise your data protection rights, please contact us:

TechnoBlend
127 Education Lane
Bristol BS1 4QT
United Kingdom
Email: [email protected]
Data Protection Officer: [email protected]