Information on this site is advertising in nature.

GDPR Compliance

Last updated: May 2026

Our Commitment to Data Protection

firelash-crest is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

firelash-crest acts as the data controller for personal information collected through this website and our educational programmes. We are responsible for ensuring that your data is processed lawfully, fairly, and transparently.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request.

Right to Rectification

If any personal information we hold is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes it was collected or when you withdraw consent.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations, such as when you contest its accuracy or object to processing.

Right to Data Portability

You can request that we transfer your data to another organisation or provide it to you in a structured, commonly used format.

Right to Object

You can object to processing of your personal data where we rely on legitimate interests as the lawful basis.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

[email protected]

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two months and will notify you accordingly.

Data Security Measures

We implement appropriate technical and organisational security measures to protect personal data, including:

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. Specific retention periods include:

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. If such transfers become necessary, we will ensure appropriate safeguards are in place as required by UK GDPR.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours as required by law.

Right to Lodge a Complaint

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised date.

Contact

For questions about our GDPR compliance or data protection practices:

[email protected]