General Data Protection Regulation Information
Emerald Star is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and explains your rights as a data subject.
Emerald Star acts as the data controller for the personal information collected through our website and course enrollment processes.
Contact details:
Emerald Star
42 Whitfield Street, Fitzrovia
London W1T 2RH
United Kingdom
Email: [email protected]
We process your personal data based on the following lawful grounds:
As a data subject under GDPR, you have the following rights:
You have the right to request access to your personal data and obtain confirmation as to whether we are processing your data. We will provide you with a copy of your data in a commonly used electronic format.
You have the right to request correction of inaccurate personal data and to have incomplete data completed.
You have the right to request deletion of your personal data under certain circumstances, including when:
You have the right to request restriction of processing of your personal data under certain conditions, such as when you contest the accuracy of the data or object to processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.
To exercise any of your rights under GDPR, please contact us at [email protected] with your request. We will respond to your request within one month, though this period may be extended by two additional months where necessary, taking into account the complexity and number of requests.
We may request specific information from you to help us confirm your identity and ensure your right to access the data or to exercise other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or transfers to countries with adequacy decisions.
We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. When determining retention periods, we consider:
We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. We encourage you to review this page regularly for the latest information.