GDPR Compliance

Understanding your data protection rights

Our Commitment to Data Protection

FocusExploration takes data protection seriously and operates in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we uphold your rights and maintain the highest standards of data handling.

We recognise that trust is fundamental to our client relationships, and protecting your personal information is central to maintaining that trust.

Data Controller Information

For the purposes of data protection legislation, FocusExploration acts as the data controller. This means we determine how and why your personal data is processed.

Data Controller Details:
FocusExploration
42 Kingsway Boulevard
Manchester
M2 4JB
United Kingdom

Contact: [email protected]

Your Rights Under GDPR

UK GDPR grants you significant rights over your personal information. We respect these rights and have established clear processes to help you exercise them.

Right to Be Informed

You have the right to clear information about what personal data we collect and how we use it. This information is provided through our Privacy Policy and at the point of data collection.

Right of Access

You can request a copy of the personal data we hold about you, free of charge. This is commonly known as a Subject Access Request. We will provide this information within one month, along with details of how we use it and who we share it with.

Right to Rectification

If the information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We encourage you to inform us promptly of any changes to ensure our records remain current.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances, such as when it is no longer needed for the purpose it was collected or if you withdraw consent.

Right to Restrict Processing

You can ask us to limit how we use your data while we investigate a concern you have raised about accuracy or lawfulness of processing. During this period, we will store the data but not actively use it.

Right to Data Portability

Where technically feasible, you can request that we transfer your personal data to another organisation or provide it to you in a structured, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals. Should this change, we will inform you and provide appropriate safeguards.

How to Exercise Your Rights

To make a request or raise any concerns about how we handle your data, please contact us at [email protected].

When making a request, please include:

  • Your full name and contact details
  • Details of the specific right you wish to exercise
  • Any relevant information that will help us locate your data

We may need to verify your identity before fulfilling certain requests to protect against fraudulent access to your information.

We aim to respond to all requests within one month. In complex cases, we may extend this by up to two additional months and will inform you if this is necessary.

Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so. The primary legal grounds we rely on are:

Contract

Processing is necessary to fulfil our contractual obligations to you or your organisation, such as delivering training services and managing client relationships.

Legitimate Interests

We may process data where it serves our legitimate business interests, provided these do not override your fundamental rights. Examples include improving our services, preventing fraud, and maintaining business records.

Consent

For certain activities, such as sending marketing communications, we rely on your explicit consent. You can withdraw this consent at any time by contacting us or using the unsubscribe link in our emails.

Legal Obligation

In some cases, we process data to comply with legal requirements, such as tax regulations or employment law.

Data Protection Principles

We adhere to the core principles set out in UK GDPR when handling personal data:

  • Lawfulness, Fairness, and Transparency: We process data legally, fairly, and in a transparent manner.
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes only.
  • Data Minimisation: We only collect data that is adequate, relevant, and necessary for our purposes.
  • Accuracy: We take steps to ensure data is accurate and kept up to date.
  • Storage Limitation: We retain data only for as long as necessary.
  • Integrity and Confidentiality: We implement appropriate security measures to protect data.
  • Accountability: We take responsibility for compliance and can demonstrate adherence to these principles.

Security Measures

We employ robust technical and organisational measures to safeguard your personal information against unauthorised access, accidental loss, or malicious attacks. Our security practices include:

  • Encryption of sensitive data both in transit and at rest
  • Regular security audits and vulnerability assessments
  • Strict access controls ensuring only authorised personnel can access personal data
  • Staff training on data protection responsibilities and security best practices
  • Secure disposal procedures for data that is no longer needed
  • Incident response plans to address any potential data breaches swiftly

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by law.

We will provide clear information about the nature of the breach, the likely consequences, and the steps we are taking to address it and prevent future incidents.

Third-Party Processing

Where we engage third-party service providers to process personal data on our behalf, we ensure they meet stringent data protection standards. We enter into data processing agreements that clearly define their responsibilities and require them to:

  • Process data only in accordance with our instructions
  • Implement appropriate security measures
  • Maintain confidentiality
  • Assist us in fulfilling data subject rights requests
  • Delete or return data when services conclude

International Data Transfers

We primarily process data within the United Kingdom. Should we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognising equivalent data protection standards
  • Standard contractual clauses approved by relevant authorities
  • Binding corporate rules for transfers within corporate groups

Children's Data

Our services are directed at businesses and professional audiences. We do not knowingly collect personal data from individuals under the age of 16. If we become aware of such data, we will take steps to delete it promptly.

Updates to Our Practices

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR and evolving best practices. Significant changes will be communicated through updates to our Privacy Policy and this GDPR page.

Questions and Concerns

If you have questions about how we comply with GDPR or concerns about how your data is handled, please contact us at [email protected]. We take all enquiries seriously and will respond promptly.

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately.

ICO Contact Information:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.focusex-ploration.com