GDPR Compliance

Last updated: May 8, 2026

Our Commitment to GDPR

frostydatalog is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.

Data Controller

frostydatalog is the data controller responsible for your personal data. Our contact details are:

frostydatalog
47 Wellington Street
London, WC2E 7BD
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process your personal data based on the following lawful grounds:

  • Consent: When you have given clear consent for us to process your personal data for specific purposes
  • Contract: When processing is necessary for a contract we have with you, such as providing educational services
  • Legal obligation: When we must process your data to comply with the law
  • Legitimate interests: When processing is necessary for our legitimate interests or those of a third party, provided your interests don't override those interests

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.

2. Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

3. Right to Erasure

You have the right to request that we erase your personal data, under certain conditions, such as when the data is no longer necessary for the purposes it was collected.

4. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions, such as if you contest the accuracy of the data.

5. Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions, particularly for direct marketing purposes.

6. Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

7. Right to Withdraw Consent

If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two months for complex requests.

When making a request, please provide:

  • Your full name and contact information
  • A clear description of the right you wish to exercise
  • Any relevant details to help us locate your data
  • Proof of identity (to protect your data from unauthorized access)

Data Protection Principles

We ensure that all personal data is:

  • Processed lawfully, fairly, and transparently
  • Collected for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Kept only as long as necessary
  • Processed in a secure manner

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Regular backups and disaster recovery procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

When we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Other legally approved transfer mechanisms

Children's Data

We take extra care when processing children's personal data. We obtain parental consent before collecting data from children under 13 and ensure that our processing activities meet enhanced protection requirements for children's data.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purpose of processing.

Third-Party Processing

When we use third-party service providers to process personal data on our behalf, we ensure they:

  • Process data only on our documented instructions
  • Maintain appropriate security measures
  • Comply with GDPR requirements
  • Have entered into data processing agreements with us

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. Please check back regularly for updates.

Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact us at [email protected].