GDPR Compliance

Our commitment to data protection

Our Approach to Data Protection

sharp-pathways Ltd takes data protection seriously. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that personal information is handled responsibly and transparently.

This page provides specific information about our GDPR compliance. For our full data handling practices, please also review our Privacy Policy.

Data Controller Information

sharp-pathways Ltd acts as the data controller for personal information collected through our website and services.

Data Controller: sharp-pathways Ltd
Company Number: 07841293
ICO Registration: ZA472918
Address: Floor 3, Westgate House, 47-51 Great Eastern Street, London EC2A 3HP
Contact: [email protected]

Lawful Bases for Processing

We process personal data under the following lawful bases as defined by Article 6 of the UK GDPR:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications. You may withdraw consent at any time by contacting us or using the unsubscribe option in our emails.

Contract

Processing necessary for the performance of a contract with you. This applies when you book a programme, engage our consulting services, or enter into any commercial arrangement with us.

Legitimate Interests

Processing necessary for our legitimate business interests, provided these do not override your fundamental rights. Examples include:

  • Responding to enquiries you submit through our website
  • Improving our services based on participant feedback
  • Maintaining records for administrative purposes
  • Protecting our business against fraud

Legal Obligation

Processing required to comply with UK law, including tax reporting, accounting requirements, and responding to lawful requests from regulatory authorities.

Your Rights Under GDPR

The UK GDPR provides you with the following rights:

Right to Be Informed

You have the right to know how your data is collected and used. This information is provided in our Privacy Policy and this GDPR statement.

Right of Access

You may request a copy of the personal data we hold about you. We will respond within one month and provide the data in a commonly used electronic format.

Right to Rectification

If personal data we hold is inaccurate or incomplete, you have the right to have it corrected. Contact us with details of any corrections needed.

Right to Erasure

In certain circumstances, you may request deletion of your personal data. This applies when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the basis for processing)
  • You object to processing and there are no overriding legitimate grounds
  • The data was processed unlawfully

Note that we may need to retain certain data for legal or contractual reasons.

Right to Restrict Processing

You may request restriction of processing in certain circumstances, such as while we verify the accuracy of disputed data or consider an objection you have raised.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format for transfer to another organisation.

Right to Object

You may object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making

We do not currently use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Exercising Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]
Post: Data Protection, sharp-pathways Ltd, Floor 3, Westgate House, 47-51 Great Eastern Street, London EC2A 3HP

Please provide sufficient information to verify your identity and specify which rights you wish to exercise. We aim to respond within one month, though this may be extended by two months for complex requests.

Data Protection Impact Assessments

We conduct data protection impact assessments (DPIAs) for processing activities that may result in high risk to individuals, such as when introducing new systems or significantly changing how we use personal data.

Data Breach Procedures

We maintain procedures for detecting, reporting, and investigating personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours. If the breach is likely to result in a high risk, we will also notify affected individuals directly.

International Data Transfers

When personal data is transferred outside the UK, we ensure adequate protection through:

  • Transfers to countries with adequacy decisions from the UK government
  • Standard contractual clauses approved by the ICO
  • Other appropriate safeguards as permitted by UK GDPR

Data Protection Officer

Given the nature and scale of our processing activities, we are not required to appoint a Data Protection Officer under Article 37 of the UK GDPR. However, our senior management maintains oversight of data protection compliance, and enquiries should be directed to the contact details above.

Supervisory Authority

If you are not satisfied with how we handle your data or respond to your rights requests, you may lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our data protection practices regularly. Any material changes to this GDPR compliance information will be posted on this page with an updated revision date.

Last reviewed: January 2024