GDPR Compliance

Last updated: 20 May 2026

Our commitment to data protection

dusk-core is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take data protection seriously and have implemented appropriate measures to ensure your personal information is processed lawfully, fairly, and transparently.

Data controller information

Data Controller: dusk-core
Address: 42 Leith Walk, Edinburgh, EH6 5HB, United Kingdom
Email: [email protected]

As the data controller, we are responsible for deciding how we hold and use personal information about you.

Lawful basis for processing

We process personal data under the following lawful bases:

Consent

When you submit forms on our website or contact us directly, you provide explicit consent for us to process your information to respond to your enquiries and provide information about our programs.

Contract

When you enroll in a program, processing your personal data is necessary for us to fulfill our contractual obligations to deliver that program.

Legitimate interests

We have legitimate interests in maintaining records of program participants for continuity of service, quality improvement, and operational efficiency. These interests are balanced against your rights and do not override your fundamental rights and freedoms.

Legal obligation

We retain certain financial records as required by UK tax law and accounting regulations.

Your rights under GDPR

Under UK GDPR, you have the following rights regarding your personal data:

Right to be informed

You have the right to be informed about the collection and use of your personal data. This page and our Privacy Policy provide that information.

Right of access

You can request access to the personal data we hold about you. We will provide a copy of your data free of charge within one month of your request.

Right to rectification

If personal information we hold about you is inaccurate or incomplete, you have the right to have it corrected.

Right to erasure

Also known as the "right to be forgotten," you can request deletion of your personal data when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note that this right is not absolute. We may need to retain certain information to comply with legal obligations.

Right to restrict processing

You can request that we restrict how we use your personal data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want the data erased
  • We no longer need the data but you need it for legal claims
  • You've objected to processing and we're verifying whether our legitimate grounds override yours

Right to data portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format, or request that we transfer it to another organization.

Right to object

You have the right to object to processing of your personal data where we rely on legitimate interests as the lawful basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights related to automated decision-making

We do not use automated decision-making or profiling in our operations.

How to exercise your rights

To exercise any of these rights, contact us at:

Email: [email protected]
Address: 42 Leith Walk, Edinburgh, EH6 5HB, United Kingdom

Please include sufficient information to identify yourself and specify which right you wish to exercise. We will respond to your request within one month.

In some cases, we may need to request additional information to verify your identity before responding to your request.

Data protection principles

We ensure all personal data is:

  • Processed lawfully, fairly, and transparently: We explain how and why we use your data
  • Collected for specified, explicit purposes: We only collect data for legitimate program delivery and communication
  • Adequate, relevant, and limited: We collect only the data we actually need
  • Accurate and kept up to date: We provide ways to correct inaccurate information
  • Kept no longer than necessary: We have clear retention periods and delete data when no longer needed
  • Processed securely: We implement appropriate technical and organizational security measures

Data security measures

We have implemented appropriate technical and organizational measures to protect personal data, including:

  • Secure data storage systems
  • Access controls limiting who can view personal data
  • Encryption of sensitive data
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures

Data breach notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals without undue delay.

International data transfers

We operate exclusively in the United Kingdom and do not transfer personal data outside the UK. Should this change, we will ensure appropriate safeguards are in place and notify affected individuals.

Children's data

We provide services to minors but collect personal information from parents or legal guardians. We do not knowingly collect personal data directly from children under 16 without appropriate parental consent.

During programs, we may process limited information about young participants (age, program progress, educational needs) but only with parental knowledge and consent, and only as necessary to deliver the program effectively.

Third-party processors

We may use third-party service providers for specific functions such as email communication and website hosting. These processors:

  • Process data only on our instructions
  • Are bound by data processing agreements
  • Implement appropriate security measures
  • Do not use your data for their own purposes

We verify that all processors comply with UK GDPR requirements.

Accountability and governance

We maintain documentation of our data processing activities and regularly review our practices to ensure ongoing compliance. This includes:

  • Maintaining records of processing activities
  • Conducting data protection impact assessments where appropriate
  • Regular policy reviews and updates
  • Staff training and awareness programs

Complaints and supervisory authority

If you believe we have not complied with your data protection rights or UK GDPR requirements, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: dusk-core.com
Helpline: 0303 123 1113

We encourage you to contact us first so we can address your concerns directly.

Updates to this statement

We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. The last updated date at the top of this page indicates when changes were last made.

Return to home