GDPR Compliance Statement

Last Updated: May 8, 2026

Our Commitment

BytePeak is committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals whose personal data we process. As a UK-based organization, we adhere to both UK GDPR and EU GDPR requirements.

Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract: To fulfill our obligations under enrollment contracts for educational services
• Legal Obligation: To comply with legal requirements such as safeguarding and record-keeping
• Legitimate Interests: For business operations, provided your rights are not overridden

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We will provide this information within one month of your request.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose collected.

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data under certain conditions.

Right to Data Portability

You have the right to request transfer of your personal data to another organization or directly to you in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts.

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: [email protected]

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Program enrollment data: Duration of program plus 6 years (for legal and safeguarding requirements)
• Marketing communications: Until consent is withdrawn
• Financial records: 7 years as required by UK law

International Data Transfers

We primarily process data within the UK. If we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

Children's Data

We take special care with children's personal data. We obtain parental consent before processing personal data of children under 13 and implement additional safeguards for children's privacy.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject Line: GDPR Request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated to you via email or prominent notice on our website.