Quick summary
This policy explains how we handle personal data when you use this website or enquire about programmes based in England. It is designed to align with the UK GDPR and the Data Protection Act 2018. It does not replace professional legal advice for your specific situation.
1. Who we are
The data controller is Bloxarynnnjlixux, Carmelite Priory, Chilswell Ln, Boars Hill, Oxford OX1 5HB, United Kingdom. Email callback@bloxarynnnjlixux.world, phone +441865604003.
2. Data we collect
When you submit the contact form, we process your name, email address, message content, and a record that you consented to processing for the purpose of responding. Technical logs generated by hosting infrastructure may include IP address, timestamp, and browser type for security monitoring. Cookie preferences are stored locally in your browser as described in the Cookies Policy.
3. Purposes and legal bases
We process enquiry data under Article 6(1)(b) GDPR (steps prior to a contract) and Article 6(1)(a) GDPR where you tick the consent checkbox. Security logs rely on Article 6(1)(f) GDPR (legitimate interests in protecting our systems). Optional analytics or marketing processing, when activated, relies on Article 6(1)(a) GDPR.
4. Retention
Contact messages and related correspondence are retained for up to twenty-four months unless a longer period is required for legal claims, after which they are deleted or anonymised. Consent logs tied to marketing may be kept for three years from the last interaction to evidence compliance.
5. Recipients and processors
We use email and hosting providers who process data under written agreements requiring appropriate safeguards. We do not sell personal data.
6. International transfers
If a processor stores data outside the UK or EEA, we ensure a valid transfer mechanism such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses, supplemented where required by a transfer impact assessment.
7. Security
We apply access controls, encrypted transport (HTTPS), device hardening for staff laptops handling inboxes, and periodic review of vendor security practices.
8. Your rights
You may request access, rectification, erasure, restriction, objection (where legitimate interests apply), and data portability where applicable. You may withdraw consent at any time without affecting prior lawful processing. You may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
9. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
10. Children
Programmes target adults. If you believe a child has submitted personal data, contact us and we will delete it promptly where required by law.
11. Electronic marketing (PECR)
We send electronic marketing (for example programme announcements) only where you have given clear, affirmative consent or another lawful basis under the Privacy and Electronic Communications Regulations 2003 (PECR) applies. Every marketing email includes a straightforward way to withdraw consent.
12. Data Protection Act 2018
Where processing falls outside the UK GDPR but within the Data Protection Act 2018 (for example certain competent authority processing), we apply the relevant provisions. Day-to-day programme enquiries are processed under the UK GDPR as described above.
13. Law enforcement and regulatory requests
We may disclose personal data when required by a court order or lawful instruction from a UK regulator with jurisdiction. Where permitted, we will notify you before disclosure unless prohibited by law.
14. Legitimate interests
Where we rely on legitimate interests (for example network security), we balance those interests against your rights and keep a concise record of the assessment. You may object to processing based on legitimate interests; we will stop unless we demonstrate compelling grounds.
15. Updates
Material changes will be signposted on this page with a revised effective date.