GDPR Information

Last updated: 9 April 2026

Our Commitment to Data Protection

NeuroGleam Learning takes data protection seriously and complies fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about your rights and how we fulfil our obligations under these regulations.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

NeuroGleam Learning
42 Redchurch Street
Shoreditch
London E2 7DP
United Kingdom
Email: [email protected]

Your Data Protection Rights

Under GDPR, you have comprehensive rights regarding your personal data. We respect these rights and have established processes to ensure you can exercise them effectively.

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. Our Privacy Policy and this GDPR page provide transparent details about our data processing activities.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information free of charge within one month of your request, though complex requests may take up to three months.

Right to Rectification

If any personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will update our records promptly and notify any third parties with whom we've shared the data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there's no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Please note that we may need to retain certain information for legal compliance or legitimate business purposes, such as financial records required by UK tax law.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations:

  • You contest the accuracy of the data while we verify it
  • The processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you require it for legal claims
  • You've objected to processing pending verification of our legitimate grounds

Right to Data Portability

Where technically feasible, you can receive your personal data in a structured, commonly used, machine-readable format. You can also request that we transmit this data directly to another organisation where possible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to marketing communications, we will stop immediately. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

We do not use automated decision making or profiling in our service delivery. All consultations and recommendations involve human expertise and judgment.

How to Exercise Your Rights

To exercise any of your data protection rights, contact us by email at [email protected] or write to us at the address above. Please include:

  • Your full name and contact details
  • A clear description of which right you wish to exercise
  • Any relevant details that will help us locate your data
  • Proof of identity (we may request this to protect your data from unauthorised access)

We will respond to your request within one month, though this may be extended to three months for complex requests. We will keep you informed of any such extension.

Legal Bases for Processing

We process your personal data only when we have a valid legal basis. The specific basis depends on the type of processing:

Consent

For marketing communications and certain optional processing activities, we rely on your freely given, specific, and informed consent. You can withdraw this consent at any time.

Contract Performance

When you engage our services, processing is necessary to fulfil our contractual obligations to you, such as delivering consultations and managing appointments.

Legal Obligation

Some processing is required to comply with legal requirements, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.

Legitimate Interests

We may process data based on legitimate business interests, such as improving our services, maintaining security, or managing our operations. We carefully balance these interests against your rights and freedoms.

Data Transfers

We primarily store and process your data within the United Kingdom. If we use service providers located outside the UK or transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK authorities
  • Adequacy decisions recognising equivalent data protection standards
  • Other legally approved transfer mechanisms

Data Security Measures

We implement appropriate technical and organisational measures to ensure data security commensurate with the risks involved:

  • Encryption of data in transit and at rest
  • Access controls limiting who can view personal data
  • Regular security assessments and updates
  • Staff training on data protection obligations
  • Secure disposal of data when no longer needed
  • Incident response procedures for potential breaches

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will also report qualifying breaches to the Information Commissioner's Office within 72 hours of becoming aware of them, as required by GDPR.

Children's Data

Our services are intended for adults. We do not knowingly process data of children under 16 without appropriate parental or guardian consent. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

Data Protection by Design and Default

We incorporate data protection principles into everything we do:

  • We collect only the minimum data necessary for our purposes
  • Privacy settings are set to the most protective level by default
  • We consider data protection implications when developing new services
  • We conduct privacy assessments for higher-risk processing activities

Accountability and Records

We maintain records of our processing activities as required by GDPR and can demonstrate our compliance with data protection obligations. This includes:

  • Documentation of legal bases for processing
  • Records of consent where applicable
  • Data protection impact assessments for high-risk processing
  • Logs of data subject requests and how we responded

Questions and Complaints

If you have questions about how we handle your data or concerns about our compliance with GDPR, please contact us at [email protected]. We take all queries seriously and will investigate thoroughly.

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

However, we encourage you to contact us first so we can address your concerns directly.

Updates to This Information

We review and update this GDPR information regularly to reflect changes in our practices or legal requirements. Significant updates will be communicated through our website and, where appropriate, directly to affected individuals.