GDPR COMMITMENT STATEMENT
​​
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in recent history, replacing that of the 1995 EU Data Protection Directive (European Directive 95/46/EC). It aims to support the rights individuals have on data about themselves which is collected and stored. It also aims to detect, identify and mitigate against data breaches or leaks for all companies in the EU, as well as enforcing reporting on these issues. This aims to create one uniform policy across the EU regardless of whether the UK is part of the European Union. Any business that deals with EU nationals and business alongside their data must comply with the legislation.
This website aims to comply with the applicable GDPR regulations and Freddie Russell (as data processor and controller) will comply with the GDPR legislation that came into force on 25th May 2018.
Data Collection
This website will sometimes collect information such as: name; email address; occupation; telephone number. ​Some examples of when we collect this information include: booking a lesson, signing up to a newsletter, entering a competition, downloading a document or other marketing material.
​
Data Retention and Deletion​
The data that we collect from you will be stored on a secure server that is password protected. ​We aim to keep data on file for a period of 4 years unless otherwise stipulated or Legitimate Interest has not been established. Data will be hard erased after this time unless the subject of the data requests otherwise or has been engaged with during this time.
​
Reporting Data Breach
As per the GDPR guidelines we agree to report a data breach within 72 hours after becoming aware of the breach, unless the breach itself is low risk. This is to be reported to the top authorities which would be ICO (Information Commissioner’s Office) and the Data Protection Act Submission Form. This can be reported by phone on 0303 123 1113. Once a data breach or leak has been detected than it would be reported to this authority. A data breach or leak includes but is not limited to, a lost USB stick, loss or theft of portable devices or data sent to the wrong person.
Internal Policies for GDPR
We use a number of cloud based systems. These systems may hold customer information in the UK and Europe in secure data centres. To ensure customers information is safe, access to these systems are restricted to authorised personnel only and only accessed via Multi Factor Authentication, ensuring breaches are avoided as much as possible.
This document is provided as of March 2021 for informational purposes to explain our stance on GDPR legislation and compliance. It is subject to change or removal without notice.