GDPR Compliance

Our Commitment to GDPR

Fury Trail is committed to full compliance with the General Data Protection Regulation (GDPR) and UK data protection laws. This page outlines how we meet our obligations and protect your rights as a data subject.

Data Controller

Fury Trail is the data controller for personal information collected through our website and programs. We are responsible for ensuring your data is processed lawfully, fairly, and transparently.

Contact details:
Fury Trail
42 Kensington High Street
London W8 4PF
United Kingdom
Email: [email protected]

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data. We will provide this information within one month of your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent and there's no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed

Right to Restriction of Processing

You can request that we limit how we use your data when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification of legitimate grounds

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of these rights, send a request to [email protected] with:

• Your full name and email address used for enrollment
• Specific right you wish to exercise
• Any relevant details to help us locate your data

We will respond within one month. If your request is complex, we may extend this by two months and will notify you.

Lawful Basis for Processing

We process personal data based on the following lawful bases:

• Contract performance: Processing enrollment information to deliver educational programs
• Legitimate interests: Improving our services, website analytics, fraud prevention
• Consent: Marketing communications and non-essential cookies
• Legal obligation: Compliance with tax and accounting requirements

Data Protection Principles

We adhere to GDPR's core principles:

• Lawfulness, fairness, transparency: We process data legally and inform you how we use it
• Purpose limitation: We collect data for specific, explicit purposes and don't use it for incompatible purposes
• Data minimization: We only collect data necessary for our stated purposes
• Accuracy: We take reasonable steps to ensure data accuracy and enable corrections
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We implement appropriate security measures
• Accountability: We demonstrate compliance through documentation and policies

Data Security Measures

We implement technical and organizational measures including:

• Encryption of data in transit and at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and updates
• Staff training on data protection
• Secure backup and recovery procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR.

International Data Transfers

We process and store data within the United Kingdom. Any transfers to countries outside the UK will be protected by appropriate safeguards such as standard contractual clauses approved by the UK Information Commissioner's Office.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Phone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated via email to enrolled participants.