GDPR Compliance

Last updated: May 15, 2026

Introduction

darkbloom-peak is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page explains how we comply with GDPR requirements and your rights as a data subject.

Data Controller

For the purposes of data protection legislation, darkbloom-peak is the data controller. We are responsible for deciding how we hold and use personal information about you.

Contact details:
darkbloom-peak
42 Kensington Gardens Square
London W2 4BQ
United Kingdom
Email: info at darkbloom-peak.com

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The lawful bases we rely on include:

• Consent: You have given explicit consent for us to process your personal data for specific purposes, such as sending marketing communications
• Contract: Processing is necessary to fulfill our contractual obligations when you enroll in our programmes
• Legal obligation: Processing is required to comply with legal or regulatory requirements
• Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to obtain confirmation that we are processing your personal data and to request a copy of that data. This is commonly known as a "subject access request."

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restriction of Processing

You can request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing of your personal data where we rely on legitimate interests as the legal basis. You also have an absolute right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently engage in automated decision-making.

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at info at darkbloom-peak.com. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

We may need to verify your identity before processing your request. This is a security measure to ensure that personal data is not disclosed to unauthorized persons.

Data We Collect

We collect and process the following categories of personal data:

• Identity data: names of parents/guardians
• Contact data: email addresses, postal addresses
• Child information: age, educational needs (when relevant to programme delivery)
• Technical data: IP addresses, browser types, device information
• Usage data: how you interact with our website
• Marketing and communications data: your preferences for receiving communications

How We Use Your Data

We use your personal data for purposes including:

• Providing educational programmes and services
• Managing enrollments and communications
• Improving our website and services
• Compliance with legal obligations
• Sending relevant programme updates (with your consent)

Data Sharing

We do not sell your personal data. We may share data with:

• Service providers who assist in delivering our services, under strict confidentiality agreements
• Legal authorities when required by law
• Third parties with your explicit consent

International Transfers

We store and process data within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place to protect your personal data in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Enrollment records are typically retained for seven years.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication procedures
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

Children's Data

While our services are designed for children, we collect personal data only from parents or guardians, not directly from children. When processing data about children, we take extra care to ensure appropriate safeguards are in place.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Policy

We may update this GDPR compliance statement periodically. We will notify you of significant changes by posting the updated version on our website with a revised date.

Contact Us

For questions about our GDPR compliance or to exercise your rights, please contact us at info at darkbloom-peak.com.