GDPR Compliance

Last Updated: May 8, 2026

Our Commitment to GDPR

GlobeFusion is committed to complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We respect your privacy rights and handle your personal data with care and transparency.

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Consent

When you provide information through our enrollment forms or subscribe to communications, you give explicit consent for us to process your data for specified purposes.

Contractual Necessity

Processing is necessary to perform our contract with you when you enrol in our programmes.

Legitimate Interests

We process certain data based on legitimate interests, such as improving our services and website functionality, provided these interests don't override your rights.

Legal Obligation

We may process data to comply with legal obligations, such as tax requirements or safeguarding duties.

Your GDPR Rights

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure

You can request that we delete your personal data in certain circumstances, such as when it's no longer necessary for the purpose it was collected or if you withdraw consent.

Right to Restrict Processing

You can ask us to restrict processing of your personal data in specific situations, such as when you're contesting the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transfer it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Subject Line: GDPR Data Request

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you of any such extension.

Data Protection Principles

We adhere to the following GDPR data protection principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner.
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes only.
  • Data minimisation: We collect only data that is adequate, relevant, and necessary.
  • Accuracy: We keep personal data accurate and up to date.
  • Storage limitation: We retain data only as long as necessary.
  • Integrity and confidentiality: We process data securely and protect against unauthorised access.
  • Accountability: We are responsible for and can demonstrate compliance with these principles.

Children's Data

When processing data about children enrolled in our programmes, we:

  • Only collect data through parent or guardian consent
  • Process minimal data necessary for programme delivery
  • Ensure parents can access, rectify, or delete their child's data at any time
  • Apply heightened security measures for children's data
  • Do not use children's data for marketing without explicit parental consent

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all breaches, including facts, effects, and remedial actions taken

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Phone: 0303 123 1113
Website: ico.org.uk

However, we encourage you to contact us first so we can address your concerns directly.

Contact Our Data Protection Officer

For questions about our GDPR compliance or to exercise your rights:

Email: [email protected]
Address: 127 Finsbury Pavement, Belfast EC2A 1NT, United Kingdom