GDPR Compliance

Your data protection rights under UK GDPR

Our Commitment to Data Protection

Slippin Ocu is committed to protecting the privacy and security of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains your rights as a data subject and how we fulfill our obligations as a data controller.

Data Controller Information

For the purposes of data protection legislation, Slippin Ocu is the data controller responsible for your personal information.

Data Controller: Slippin Ocu
Address: 14 Meadow Lane, Bristol, BS3 2JH, United Kingdom
Contact: [email protected]

Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so. The legal grounds we rely on include:

Performance of a Contract

When you book lessons with us, we process your data to fulfill our contractual obligations, including scheduling lessons, maintaining attendance records, and processing payments.

Legitimate Interests

We process certain data based on our legitimate business interests, such as:

  • Maintaining accurate student records to track progress and tailor instruction
  • Communicating with parents and students about lesson-related matters
  • Improving our teaching methods and services
  • Operating our website efficiently and securely

We always balance these interests against your rights and freedoms, and you have the right to object to processing based on legitimate interests.

Legal Obligation

We process data where required by law, including:

  • Maintaining financial records for tax and accounting purposes
  • Complying with safeguarding requirements for students under 18
  • Responding to lawful requests from regulatory authorities

Consent

Where we rely on consent, such as for marketing communications, you have the right to withdraw that consent at any time by contacting us or using the unsubscribe mechanism provided.

Your Rights Under UK GDPR

Right to Be Informed

You have the right to clear information about how we collect and use your personal data. This information is provided in our Privacy Policy and on this page.

Right of Access

You can request a copy of the personal data we hold about you, free of charge. We will provide this within one month of your request. This is commonly known as a Subject Access Request (SAR).

To make a request, email us at [email protected] with sufficient information to verify your identity.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will update our records within one month and notify any third parties with whom we've shared the data, where appropriate.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent on which processing is based
  • You object to processing based on legitimate interests and there are no overriding grounds
  • The data was unlawfully processed

This right is not absolute. We may need to retain certain information to comply with legal obligations or for the establishment, exercise, or defense of legal claims.

Right to Restrict Processing

You can request that we limit how we use your data in the following situations:

  • You contest the accuracy of the data while we verify it
  • Processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing and await verification of our legitimate grounds

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request that we provide your data in a structured, commonly used, machine-readable format. You may also request that we transfer this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to marketing, we will stop such processing immediately. For objections based on legitimate interests, we will cease processing unless we can demonstrate compelling grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling in relation to our students or website users.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

Email: [email protected]

In your request, please:

  • Clearly state which right you wish to exercise
  • Provide sufficient information to verify your identity
  • Specify what data or processing you are referring to, if applicable

We will respond to your request within one month, though in complex cases this may be extended by a further two months. We will inform you of any such extension within the initial month.

Data Protection Principles

We ensure that all personal data is processed in accordance with the following principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes only
  • Data minimisation: We collect only what is necessary for the stated purposes
  • Accuracy: We take steps to ensure data is accurate and kept up to date
  • Storage limitation: We retain data only for as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures to protect data
  • Accountability: We demonstrate compliance with these principles

International Transfers

We do not routinely transfer personal data outside the United Kingdom. If circumstances require international transfer, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or transfers to countries with adequacy decisions.

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware. If the breach poses a high risk, we will also notify affected individuals without undue delay, providing information about the nature of the breach and the measures being taken.

Children's Data

We take special care when processing data about children under the age of 16. Where consent is required, we obtain it from a parent or guardian. We ensure that information provided to children about data processing is clear, accessible, and age-appropriate.

Data Protection by Design and Default

We implement data protection measures from the outset of any new process or system. This includes:

  • Minimising data collection to what is strictly necessary
  • Pseudonymising data where appropriate
  • Ensuring transparency in how data is processed
  • Implementing technical and organisational security measures

Staff Training and Awareness

All staff members who handle personal data receive regular training on data protection principles, GDPR requirements, and our internal policies. We maintain clear procedures for data handling, security, and breach response.

Record of Processing Activities

We maintain comprehensive records of our processing activities, including:

  • The purposes of processing
  • Categories of data subjects and personal data
  • Recipients of personal data
  • Retention periods
  • Security measures in place

Third-Party Processors

Where we engage third-party processors to handle personal data on our behalf, we ensure:

  • Written contracts are in place detailing processing obligations
  • Processors provide sufficient guarantees of security and compliance
  • We maintain oversight of their processing activities
  • Sub-processors are engaged only with our authorization

Making a Complaint

If you have concerns about how we handle your personal data, please contact us first so we can address the issue. If you remain dissatisfied, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk
Report concerns: ico.org.uk/make-a-complaint

Updates to This Information

We review our GDPR compliance regularly and update this page as necessary. Significant changes will be communicated to current students and parents via email. The current version was last updated on 15 April 2026.

Further Information

For more detailed information about our privacy practices, please see our Privacy Policy. For information about cookies, see our Cookies Policy.