Last updated: 15 May 2026
brightfrost-shore is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page explains how we comply with GDPR principles and how you can exercise your rights.
For the purposes of GDPR, brightfrost-shore is the data controller responsible for your personal information.
Contact details:
Email: [email protected]
Address: Bristol Community Learning Centre, Clifton Village, Bristol BS8 4AA, United Kingdom
We adhere to the following GDPR principles when processing personal data:
We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate what data we collect, why we collect it, and how we use it through our privacy policy and direct communications.
We collect personal data for specific, explicit, and legitimate purposes related to delivering our educational programmes. We do not use your data for unrelated purposes without your consent.
We collect only the personal data that is necessary for our stated purposes. We do not request or retain excessive information.
We take reasonable steps to ensure personal data is accurate and up to date. We provide mechanisms for you to update or correct your information.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. See our privacy policy for specific retention periods.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage.
GDPR grants you specific rights regarding your personal data. Here's how to exercise them:
You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format.
To request access, email us at [email protected] with the subject line "Data Access Request." We will respond within one month of receiving your request.
If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction.
Contact us at [email protected] to update your information. We will make corrections within one month and notify any third parties with whom we've shared the data.
Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances:
Note that we may be required to retain certain information for legal or safeguarding purposes, even if you request erasure.
You can request that we limit how we use your personal data in certain situations:
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another organisation where technically feasible.
This right applies when processing is based on consent or contract and is carried out by automated means.
You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
You have an absolute right to object to processing for direct marketing purposes.
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
To exercise any of these rights, please contact us:
Email: [email protected]
Subject line: Include the specific right you wish to exercise (e.g., "Data Access Request")
We will respond to your request within one month. In complex cases, we may extend this period by two months and will inform you of the extension and reasons.
We will not charge a fee for processing requests unless they are manifestly unfounded, excessive, or repetitive.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
We primarily store and process data within the United Kingdom. If we transfer data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as:
Given the nature and scale of our operations, we are not required to appoint a dedicated Data Protection Officer. However, data protection responsibilities are managed by our senior management team.
For all data protection enquiries, contact: [email protected]
If you believe we have not handled your personal data appropriately or have concerns about our GDPR compliance, you have the right to lodge a complaint with the supervisory authority.
In the United Kingdom, the supervisory authority is:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Telephone: 0303 123 1113
We encourage you to contact us first so we can address your concerns directly, but you have the right to contact the ICO at any time.
We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Significant changes will be communicated to enrolled families and posted prominently on our website.