GDPR Compliance

Your data protection rights under UK GDPR

Our Commitment to Data Protection

stellar-lectures Ltd takes data protection seriously. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and outlines your rights as a data subject.

Data Controller

stellar-lectures Ltd is the data controller for personal information collected through this website and in connection with our training services. This means we determine the purposes and means of processing your personal data.

Contact details:
stellar-lectures Ltd
Wellington House, 36 Wellington Street
Leeds LS1 2DE
Email: [email protected]

Lawful Basis for Processing

Under UK GDPR, we must have a valid lawful basis to process your personal data. We rely on the following bases:

Contractual Necessity

We process data necessary to fulfil our contractual obligations when you register for a course. This includes processing your registration details, managing your participation, issuing certificates, and providing post-course support.

Legitimate Interests

We process certain data based on our legitimate business interests, provided these are not overridden by your rights. This includes improving our services, understanding how our website is used, ensuring security, and communicating about relevant training opportunities. We conduct balancing tests to ensure our interests do not unfairly impact you.

Consent

Where we send marketing communications, we rely on your explicit consent. You may withdraw this consent at any time by clicking the unsubscribe link in any email or contacting us directly.

Legal Obligation

We may process data where necessary to comply with legal requirements, such as maintaining financial records for tax purposes.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge in most circumstances.

Right to Rectification

If the information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make the necessary changes within one month.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose or when you withdraw consent.

Right to Restrict Processing

You can ask us to limit how we use your data. This applies where you contest accuracy, object to processing, or believe processing is unlawful but prefer restriction over deletion.

Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format. This applies to data you have provided to us and which we process by automated means based on consent or contract.

Right to Object

You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently make such automated decisions.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. To help us locate your records, please provide:

  • Your full name
  • Email address associated with your enquiry or registration
  • Details of your request

We may need to verify your identity before processing certain requests. We will respond within one month, though this may be extended by two months for complex requests, in which case we will inform you.

Data Protection Principles

We adhere to the core principles of UK GDPR:

  • Lawfulness, fairness, and transparency: We process data lawfully and are transparent about our practices.
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes.
  • Data minimisation: We collect only data that is necessary for our stated purposes.
  • Accuracy: We keep personal data accurate and up to date.
  • Storage limitation: We retain data only as long as necessary.
  • Integrity and confidentiality: We implement appropriate security measures.
  • Accountability: We can demonstrate compliance with these principles.

Data Breach Procedures

We maintain procedures to detect, report, and investigate personal data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also report qualifying breaches to the Information Commissioner's Office within 72 hours of becoming aware.

International Transfers

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place. This may include transfers to countries with adequacy decisions or the use of Standard Contractual Clauses approved by the UK Government.

Complaints

If you are dissatisfied with how we handle your data, please contact us first so we can try to resolve your concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our data protection practices regularly and may update this page accordingly. The current version was last updated in January 2024.