GDPR Compliance

Our Commitment to Data Protection

laser-knowledge is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities as a data controller seriously and have implemented comprehensive measures to protect your personal information.

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so. The specific legal basis depends on the purpose of processing.

Consent

For certain processing activities, particularly marketing communications and non-essential cookies, we rely on your explicit consent. You may withdraw consent at any time by contacting us or adjusting your preferences.

Contractual Necessity

When you engage our training services, we process information necessary to fulfill our contractual obligations, including delivering training, providing materials, and handling payments.

Legitimate Interests

We process certain information based on legitimate business interests, such as improving our services, preventing fraud, and maintaining website security. We balance these interests against your rights and freedoms.

Legal Obligations

Some processing is necessary to comply with legal requirements, including tax obligations, record-keeping requirements, and responses to lawful requests from authorities.

Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal information. We are committed to facilitating the exercise of these rights.

Right of Access

You have the right to request confirmation of whether we process your personal data and to receive a copy of that data along with supplementary information about how we use it.

Right to Rectification

If personal information we hold is inaccurate or incomplete, you may request that we correct or complete it without undue delay.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, including when information is no longer necessary for its original purpose or when you withdraw consent.

This right is not absolute and may be limited by legal obligations to retain information.

Right to Restriction of Processing

You may request that we restrict processing of your personal information in specific situations, such as when you contest data accuracy or object to processing based on legitimate interests.

Right to Data Portability

For information you provided based on consent or contract, you may request to receive that data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Upon receiving an objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not currently engage in automated decision-making or profiling that produces legal or similarly significant effects. Should this change, you would have the right not to be subject to such decisions without human involvement.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected] with sufficient information to identify you and specify which right you wish to exercise.

We will respond to your request within one month, though this may be extended by two additional months for complex requests. We will inform you of any extension and the reasons for delay.

We do not charge fees for most requests. However, if requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse to comply.

Data Processing Principles

Our data processing adheres to the core principles established by UK GDPR.

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. This policy and our privacy notices explain how and why we process information.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes.

Data Minimization

We collect only personal data that is adequate, relevant, and limited to what is necessary for the stated purposes.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is corrected or deleted without delay.

Storage Limitation

We retain personal data only as long as necessary for the purposes for which it was collected, considering legal obligations and legitimate business needs.

Integrity and Confidentiality

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Accountability

We maintain records of processing activities and implement policies demonstrating compliance with data protection principles.

Data Security Measures

We have implemented comprehensive security measures to protect personal information, including:

Encryption of data in transit and at rest
Access controls limiting who can view or process information
Regular security assessments and updates
Staff training on data protection responsibilities
Secure backup and disaster recovery procedures
Vendor management to ensure third parties meet security standards

Data Breach Notification

In the unlikely event of a data breach that poses risks to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach.

If the breach poses high risks to you, we will also notify you directly without undue delay, providing information about the nature of the breach, likely consequences, and measures taken or proposed to address it.

International Data Transfers

Your personal information is primarily stored and processed within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, which may include:

Transfers to countries with adequacy decisions from the UK government
Standard contractual clauses approved by UK authorities
Binding corporate rules for transfers within corporate groups
Other mechanisms recognized under UK data protection law

Children's Data

Our services are not intended for individuals under 18 years of age. We do not knowingly process personal data of children. If we discover that we have inadvertently collected information from a child, we will delete it promptly.

Third-Party Processors

When we engage third-party service providers to process personal data on our behalf, we ensure they meet GDPR requirements through:

Written contracts specifying processing terms and responsibilities
Verification of appropriate technical and organizational measures
Regular assessments of processor compliance
Restrictions on sub-processing without our authorization

Data Protection Impact Assessments

For processing activities that pose high risks to individual rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate those risks before beginning processing.

Updates to This Statement

We may update this GDPR compliance statement periodically to reflect changes in our practices, legal requirements, or regulatory guidance. Significant changes will be communicated through our website.

Contact and Complaints

For questions about our GDPR compliance or to exercise your data protection rights, contact us at:

laser-knowledge
58 Colmore Row
Birmingham B3 2AS
United Kingdom
Email: [email protected]

Supervisory Authority

If you are dissatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We encourage you to contact us first so we can attempt to resolve your concerns directly.