GDPR Compliance

Information about how we comply with the General Data Protection Regulation

Our Commitment to GDPR

Springboard Education is committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals whose personal data we process.

Data Controller

For the purposes of GDPR, Springboard Education acts as the data controller. Our contact details are:

Springboard Education
47 Culinary Lane
Bristol BS1 4QT
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests

Your Rights Under GDPR

Under GDPR, you have the following rights:

Right to Access

You have the right to request copies of your personal data.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

We do not transfer your personal data outside the UK/EEA. If this changes, we will ensure appropriate safeguards are in place and inform you accordingly.

Updates to This Policy

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.