GDPR Compliance

Our commitment to protecting your data rights under UK GDPR

Data Controller

Flash Volt is the data controller responsible for your personal information. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you provide explicit consent for us to process your information (e.g., program enrollment)
  • Contract: When processing is necessary to fulfill our contract with you (e.g., delivering educational services)
  • Legitimate Interests: When we have a legitimate interest in processing your data (e.g., improving our services)
  • Legal Obligation: When we must process data to comply with legal requirements

Your GDPR Rights

Under UK GDPR, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your data in certain situations.

Right to Data Portability

You can request to receive your data in a structured, commonly used format and transfer it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing. We do not use automated decision-making processes.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active program enrollment: Duration of the program plus 1 year
  • Inquiry information: 2 years from last contact
  • Financial records: 7 years (legal requirement)

International Data Transfers

We do not transfer your personal data outside the United Kingdom. Should this change, we will ensure appropriate safeguards are in place and notify you accordingly.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page.