GDPR Compliance

Last updated: May 6, 2026

Our Commitment to GDPR

Velocity Spark is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

Data Controller

For the purposes of GDPR, the data controller is:

Velocity Spark
42 Wellington Street
Leeds LS1 2EE
United Kingdom
Email: [email protected]

What Personal Data We Collect

We collect and process the following categories of personal data:

• Identity Data: Name, age range
• Contact Data: Email address, postal address
• Technical Data: IP address, browser type, device information
• Usage Data: Information about how you use our website and services
• Marketing and Communications Data: Your preferences in receiving marketing from us

Lawful Basis for Processing

We will only use your personal data when the law allows us to. Most commonly, we use your personal data in the following circumstances:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose
• Performance of Contract: Where it is necessary for the performance of a contract we are about to enter into or have entered into with you
• Legal Obligation: Where we need to comply with a legal obligation
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

Your GDPR Rights

Under GDPR, you have the following rights:

1. Right to be Informed

You have the right to be informed about the collection and use of your personal data. This is outlined in our Privacy Policy.

2. Right of Access

You have the right to access your personal data and receive a copy of the information we hold about you.

3. Right to Rectification

You have the right to have inaccurate personal data corrected or incomplete data completed.

4. Right to Erasure

You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

5. Right to Restrict Processing

You have the right to request the restriction or suppression of your personal data under certain circumstances.

6. Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services.

7. Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.

8. Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month, though this may be extended by two further months if your request is complex.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection
• Incident response procedures

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Typical retention periods:

• Active customer data: Duration of service relationship plus 6 years
• Marketing data: Until consent is withdrawn
• Website analytics: 26 months

International Transfers

We do not routinely transfer your personal data outside the European Economic Area (EEA). If we do need to transfer your data internationally, we will ensure appropriate safeguards are in place.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

Children's Data

While we provide educational services for children, we require parental consent before processing personal data of children under 16 years of age.

Third-Party Links

Our website may include links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

Cookies and Tracking

We use cookies and similar tracking technologies on our website. For detailed information, please see our Cookies Policy.

Updates to This Policy

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

Complaints

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us:

Email: [email protected]
Address: 42 Wellington Street, Leeds LS1 2EE, United Kingdom