GDPR Compliance

Your data protection rights under UK GDPR

Our Commitment to Data Protection

Frosty Learning Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We respect your privacy and are dedicated to protecting your personal data responsibly and transparently.

Who We Are

Frosty Learning Ltd is the data controller responsible for your personal data. Our contact details are:

Frosty Learning Ltd
47 Queen Square
Bristol, BS1 4LH
United Kingdom
Email: [email protected]

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to know how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR information page. We explain what data we collect, why we collect it, and how we use it.

Right of Access

You can request a copy of all personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month. There is no fee for this service under normal circumstances.

Right to Rectification

If you believe any personal data we hold is inaccurate or incomplete, you have the right to request correction. We will respond within one month and update our records accordingly.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was processed unlawfully

Note that we may need to retain certain data for legal or regulatory purposes, such as financial records required for tax compliance.

Right to Restrict Processing

You can request that we limit how we use your data while concerns are being investigated. This applies when:

  • You contest the accuracy of data (restriction applies while we verify)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification of legitimate grounds

Right to Data Portability

Where we process your data based on consent or contract, you can request your data in a structured, commonly used, machine-readable format. You may also request that we transmit this data directly to another organisation where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop immediately. For other objections, we will assess whether our legitimate grounds override your interests.

Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling. We do not currently use automated decision-making that produces legal effects or similarly significant impacts on individuals.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We will:

  • Respond to your request within one month
  • Verify your identity before processing requests
  • Provide information free of charge (in most cases)
  • Explain any reasons if we cannot fulfil your request

If your request is complex or we receive numerous requests, we may extend the response period by a further two months. We will inform you of any extension within one month of your initial request.

How We Protect Your Data

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Secure disposal of data when no longer needed

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Communicate with affected individuals without undue delay if there is a high risk
  • Document all breaches, including facts, effects, and remedial actions

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by the ICO
  • Other approved transfer mechanisms

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when introducing new technologies or processing activities that are likely to result in high risk to individuals' rights and freedoms. This helps us identify and minimise data protection risks.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity: To deliver courses you have booked and provide related services
  • Legitimate interests: For business operations, improving services, and communicating relevant information
  • Consent: For marketing communications, which you can withdraw at any time
  • Legal obligation: To comply with tax, accounting, and regulatory requirements

Complaints

If you are unhappy with how we have handled your personal data, please contact us first at [email protected]. We take all complaints seriously and will work to resolve any issues.

You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: frosty-learning.com

Updates to This Information

We may update this GDPR information periodically. Significant changes will be communicated through our website. We encourage you to review this page regularly.

Last updated: April 2026