Last Updated: May 15, 2026
crystalveil-rift is committed to complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines our data protection practices and your rights under these regulations.
crystalveil-rift acts as the data controller for personal information collected through our website and services. We determine the purposes and means of processing your personal data.
Contact Details:
Email: [email protected]
Address: 42 Sauchiehall Street, Glasgow G2 3AT, United Kingdom
We process personal data only when we have a lawful basis to do so. Our processing activities rely on the following legal bases:
We obtain explicit consent before processing personal data for specific purposes, such as marketing communications. You may withdraw consent at any time by contacting us.
We process data necessary to fulfill our contractual obligations when you enroll in our educational programmes.
We process data based on legitimate interests in operating our business, improving services, and ensuring security, provided these interests do not override your fundamental rights and freedoms.
We process data when required by law, such as maintaining records for regulatory purposes or responding to legal requests.
You have the following rights regarding your personal data:
You can request confirmation of whether we process your personal data and obtain a copy of that data.
You can request correction of inaccurate or incomplete personal data.
You can request deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
You can request that we limit processing of your personal data in specific situations, such as while we verify data accuracy or assess whether our legitimate interests override your rights.
You can request that we provide your personal data in a structured, commonly used, machine-readable format, or transmit it directly to another controller where technically feasible.
You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.
To exercise any of these rights, contact us at [email protected] with your request. We will respond within one month of receiving your request. If your request is complex or we receive multiple requests, we may extend this period by two additional months, notifying you of the extension and reasons for delay.
We may request additional information to verify your identity before processing your request. We will not charge a fee for processing requests unless they are manifestly unfounded or excessive.
We adhere to the following data protection principles:
We process personal data lawfully, fairly, and transparently, providing clear information about our processing activities.
We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.
We collect only personal data that is adequate, relevant, and necessary for the purposes for which it is processed.
We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or corrected promptly.
We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law.
We implement appropriate security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
We take responsibility for our compliance with data protection principles and can demonstrate our compliance.
We implement technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
If we transfer personal data outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as:
We take additional precautions when processing data about children participating in our educational programmes. We obtain parental consent before collecting information from children and provide parents with the ability to review, modify, or delete their child's information.
We engage third-party service providers to process personal data on our behalf. We ensure these processors:
We retain personal data according to the following retention schedule:
After retention periods expire, we securely delete or anonymize personal data.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
We may update this GDPR Compliance page to reflect changes in our practices or legal requirements. The "Last Updated" date indicates when changes were last made.
If you have questions about our GDPR compliance or wish to exercise your data protection rights, contact us at [email protected]