GDPR Compliance

Last updated: May 14, 2026

Our Commitment to GDPR

witchfire-run is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws. This page explains how we comply with GDPR principles and your rights under this regulation.

GDPR Principles

We process personal data in accordance with the following GDPR principles:

1. Lawfulness, Fairness, and Transparency

We process your data lawfully, fairly, and in a transparent manner. We clearly communicate what data we collect, why we collect it, and how we use it.

2. Purpose Limitation

We collect personal data for specific, explicit, and legitimate purposes. We do not process your data in ways incompatible with these purposes.

3. Data Minimization

We collect only the personal data that is adequate, relevant, and necessary for our specified purposes.

4. Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is corrected or deleted without delay.

5. Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

6. Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure security of personal data, protecting against unauthorized or unlawful processing and accidental loss, destruction, or damage.

7. Accountability

We are responsible for and can demonstrate compliance with all GDPR principles.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided through our Privacy Policy and this GDPR page.

Right of Access

You have the right to access your personal data and receive information about how we process it. You can request a copy of your personal data free of charge.

Right to Rectification

You have the right to have inaccurate personal data corrected or incomplete data completed.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances:

Right to Restrict Processing

You have the right to request restriction of processing your personal data in certain situations:

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data where:

Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Subject line: GDPR Request
Address: 42 Kelvin Way, Glasgow G12 8QQ, United Kingdom

Response Time

We will respond to your request without undue delay and within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of the extension and reasons.

Verification

To protect your privacy, we may need to verify your identity before processing your request. We may request additional information to confirm your identity.

No Fee

You will not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you may contact our designated data protection contact:

Email: [email protected]

Legal Basis for Processing

We process your personal data under the following legal bases:

Consent

For certain processing activities, such as marketing communications, we rely on your explicit consent. You may withdraw consent at any time.

Contract

Processing is necessary to perform our contract with you (providing educational services).

Legitimate Interests

We process certain data based on legitimate interests, such as improving our services and website functionality, provided these interests do not override your rights.

Legal Obligation

We process data where required to comply with legal obligations.

Data Breaches

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

International Transfers

If we transfer your personal data outside the UK/EEA, we ensure appropriate safeguards are in place:

Children's Data

When processing data about children participating in our programmes, we obtain consent from parents or legal guardians as required by GDPR. We take extra care to protect children's personal data and ensure it is processed lawfully and fairly.

Complaints

If you believe we have not complied with GDPR or UK data protection laws, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Page

We may update this GDPR compliance page to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates when changes were last made.

Further Information

For more details about how we collect, use, and protect your personal data, please see our Privacy Policy.