GDPR Compliance

Our Commitment to Data Protection

brave-motif is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations and protect your rights.

Data Controller

brave-motif is the data controller responsible for your personal information. Our contact details are:

Email: [email protected]
Address: The Tobacco Factory, Raleigh Road, Southville, Bristol, BS3 1TF

Your Rights Under UK GDPR

Right to Be Informed

We are transparent about how we collect and use your personal data. Our Privacy Policy provides detailed information about our data processing activities.

Right of Access

You have the right to obtain confirmation that we are processing your data and to access your personal information. To request access, email [email protected] with the subject line "Subject Access Request". We will respond within one month.

Right to Rectification

If your personal information is inaccurate or incomplete, you can request that we correct it. Contact us at [email protected] to update your details.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances. Please note that we may need to retain some information for legal or regulatory reasons.

Right to Restrict Processing

You can request that we limit how we use your data while we investigate concerns you've raised about its accuracy or our use of it.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format to transfer to another organisation.

Right to Object

You can object to processing based on legitimate interests, direct marketing, or processing for research purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling in our services.

How to Exercise Your Rights

To exercise any of these rights:

1. Send an email to [email protected]
2. Clearly state which right you wish to exercise
3. Provide sufficient information to verify your identity
4. Specify the information or processing activities concerned

We will respond to your request within one month. If your request is complex, we may extend this by two additional months and will inform you of the delay.

Data Processing Principles

We ensure that personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Kept for no longer than necessary
• Processed securely

Legal Basis for Processing

We process your data based on:

• Contract: When necessary to fulfil our agreement with you (e.g., delivering programmes you've booked)
• Legitimate interests: For improving our services and communicating relevant information
• Legal obligation: When required by law (e.g., tax records)
• Consent: For certain marketing activities (where you have opted in)

Data Security

We implement appropriate technical and organisational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Staff training on data protection
• Access controls limiting who can view personal data
• Secure deletion of data when no longer needed

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach.

Third-Party Processors

We work with carefully selected third-party processors (e.g., payment providers, email services). All processors are bound by data processing agreements that require them to comply with UK GDPR.

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place.

Children's Data

While our services are for children and teenagers, we collect data from parents or guardians who have parental responsibility. We do not collect data directly from children under 13.

Complaints

If you believe we have not complied with your data protection rights, you can lodge a complaint with us at [email protected] or directly with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

Policy Updates

We review and update our data protection practices regularly. Any changes will be reflected on this page with an updated date.