This Privacy Policy explains how GBPress ("we", "us", "our") collects, uses, stores, and protects personal data in connection with our website at gbpress.digital and associated educational services. We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, and the Data Protection Act 2018. This policy applies to all visitors to our website and all individuals who communicate with us.
GBPress is the data controller for personal data collected through this website. Our registered address is 278-280 City Rd, Sheffield S2 5HP, England. You may contact us at any time regarding data protection matters by emailing [email protected] or by writing to us at the address above.
The table below describes the categories of personal data we may collect, the purpose for which each category is processed, and the lawful basis under UK GDPR on which we rely for that processing.
| Data Category | Examples | Purpose | Lawful Basis (UK GDPR Art. 6) |
|---|---|---|---|
| Contact details | Name (if provided), email address | To respond to enquiries submitted via the contact form or by email | Legitimate interests (Art. 6(1)(f)) |
| Technical data | IP address, browser type, operating system, referring URLs, pages visited, time of visit | To understand how the website is used, diagnose technical issues, and improve content | Legitimate interests (Art. 6(1)(f)) or consent where cookies are involved |
| Cookie preference data | Record of cookie consent choices | To comply with our legal obligation to obtain valid consent before setting non-essential cookies | Legal obligation (Art. 6(1)(c)) |
| Mailing list data | Name, email address | To send educational content updates and webinar notifications to individuals who have requested this | Consent (Art. 6(1)(a)) |
| Course progress data | Module completion status, quiz scores | To enable users to save and resume course progress across sessions | Consent (Art. 6(1)(a)) / Legitimate interests (Art. 6(1)(f)) |
We collect personal data directly from you when you submit the contact form on our website, email us directly, sign up to receive webinar notifications or library updates, or create an account to save course progress. We also collect technical data automatically through the operation of our website, including through cookies and similar tracking technologies as described in our Cookie Policy. We do not collect personal data from third-party sources.
We use contact details solely to respond to the enquiry submitted. We do not add individuals to any mailing list without their separate, explicit consent. We use technical data in aggregated, anonymised form to understand how the website is used and to improve the quality and accessibility of our educational content. We do not use personal data to make automated decisions or to carry out profiling. No personal data is used for advertising targeting or sold to third parties under any circumstances.
Contact enquiry data is retained for a period of twelve months from the date of the last communication in the relevant thread, after which it is deleted from our systems. Technical and analytics data is retained in anonymised form only, with no personal identifiers, for a period of up to twenty-four months. Mailing list subscriber data is retained until you withdraw consent by unsubscribing. Course progress data is retained for as long as your account remains active and for a period of twelve months following the last login, after which inactive accounts are deleted along with associated data.
We do not sell, rent, or trade personal data. We may share limited personal data with the following categories of third-party service providers who assist us in operating this website and educational platform, each of whom is bound by appropriate data processing agreements and operates under equivalent data protection standards to those required under UK GDPR. These processors include our web hosting provider, our email delivery service provider, and our analytics platform. We do not permit any third-party processor to use personal data for their own purposes or to process it in any way other than as instructed by us.
We may disclose personal data where required to do so by law, regulation, or court order, or where necessary to protect the rights, property, or safety of GBPress, our users, or the public.
Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place as required by UK GDPR. This may include transfers to countries with an adequacy decision from the UK Secretary of State, or transfers subject to International Data Transfer Agreements (IDTAs) or UK Addenda to Standard Contractual Clauses. Details of the specific safeguards applicable to any such transfer are available on request.
Under UK GDPR, you have a number of rights in relation to personal data that we hold about you. These rights include the right to access the personal data we hold about you, the right to have inaccurate data corrected, the right to erasure of personal data in certain circumstances, the right to restrict or object to processing, the right to data portability where processing is based on consent or contract, and the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month as required by UK GDPR.
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. These measures are reviewed regularly and updated in line with developments in security practice. While we take reasonable steps to protect your data, no internet transmission is completely secure and we cannot guarantee absolute security.
If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. The ICO can be contacted at ico.org.uk or by telephone on 0303 123 1113. We would, however, appreciate the opportunity to address your concerns before you approach the ICO and encourage you to contact us in the first instance.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this document. We encourage you to review this policy periodically. Continued use of our website following any changes constitutes acceptance of the updated policy.
