GDPR Compliance

Understanding your data protection rights

Our Commitment to Data Protection

LondvistaTech is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we uphold your data protection rights and meet our obligations as a data controller.

Data Controller Information

For the purposes of UK data protection legislation, the data controller is:

LondvistaTech
42 Kingsland Road
Shoreditch, London E2 8DA
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The specific basis depends on the purpose of processing:

Consent

Where you have given clear, affirmative consent for us to process your personal data for specific purposes, such as receiving optional communications about programme updates.

Contract Performance

Processing necessary to fulfil our contractual obligations when you purchase and access our educational programmes.

Legal Obligation

Processing required to comply with legal requirements, including tax obligations, financial record-keeping, and responding to lawful requests from authorities.

Legitimate Interests

Processing necessary for our legitimate business interests, provided these interests do not override your fundamental rights. This includes improving our services, ensuring website security, and conducting business analytics.

Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. We provide this through our Privacy Policy and this GDPR page.

Right of Access

You can request access to the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide a copy of your data free of charge within one month of your request.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will make corrections within one month and notify any third parties to whom we have disclosed the data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in specific circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Erasure is required for compliance with a legal obligation

Note that this right is not absolute. We may need to retain certain data to comply with legal obligations or establish legal claims.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not currently engage in automated decision-making of this nature.

How to Exercise Your Rights

To exercise any of your data protection rights, send a request to [email protected] with the subject line "Data Protection Request."

Please include:

  • Your full name and contact details
  • Specific details of your request
  • Proof of identity (to prevent unauthorised disclosure)

We will respond within one month. In complex cases, we may extend this by two additional months, but we will inform you of any delay and the reasons for it.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls limiting data access to authorised personnel only
  • Staff training on data protection responsibilities
  • Secure backup and disaster recovery procedures
  • Contractual safeguards with third-party processors

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document the breach, its effects, and remedial action taken
  • Take immediate steps to mitigate harm and prevent recurrence

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we ensure:

  • Formal data processing agreements are in place
  • Processors provide sufficient guarantees of appropriate technical and organisational measures
  • Processors only process data according to our documented instructions
  • Appropriate security measures are implemented
  • We conduct regular reviews of processor compliance

International Data Transfers

When we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognising equivalent data protection standards
  • Standard contractual clauses approved by the ICO
  • Binding corporate rules where applicable

Data Protection by Design and Default

We integrate data protection principles into our operations from the outset:

  • Minimising data collection to what is necessary
  • Implementing privacy-enhancing technologies
  • Ensuring default settings provide the highest privacy protection
  • Conducting Data Protection Impact Assessments for high-risk processing

Children's Data

Our services are not directed at children under 18. We do not knowingly process personal data of children. If we become aware that we have inadvertently collected such data, we will delete it promptly.

Complaints and Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: londvistatech.net

However, we encourage you to contact us first so we can address your concerns directly.

Record of Processing Activities

We maintain comprehensive records of our processing activities as required by UK GDPR Article 30, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients to whom data is disclosed
  • International transfers and safeguards
  • Retention periods
  • Technical and organisational security measures

Updates to This Information

We review and update our GDPR compliance information regularly to reflect changes in legislation or our practices. Material changes will be communicated through our website and, where appropriate, directly to affected individuals.

Contact for Data Protection Queries

For any questions about our GDPR compliance or your data protection rights, contact us at [email protected] with "Data Protection Enquiry" in the subject line.