GDPR Compliance

Our Commitment to GDPR

cogarc is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines how we comply with these regulations.

Legal Basis for Processing

We process personal data under the following legal bases:

Consent

When you submit forms, subscribe to communications, or explicitly agree to data processing, we rely on your consent as the legal basis.

Contractual Necessity

Processing is necessary for us to fulfill our contractual obligations when you book our services or programs.

Legitimate Interests

We may process data based on legitimate interests, such as improving our services, website security, and fraud prevention, provided these interests don't override your rights.

Legal Obligations

We process data when required to comply with legal obligations, such as tax and accounting requirements.

Data Controller Information

cogarc acts as the data controller for personal information collected through our website and services.

Data Controller: cogarc
Address: 27 Wellington Street, London, WC2E 7BD, United Kingdom
Email: [email protected]

Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal data:

Right to be Informed

You have the right to clear information about how we collect and use your personal data. This information is provided in our Privacy Policy.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure (Right to be Forgotten)

In certain circumstances, you can request deletion of your personal data. This applies when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there's no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation

Right to Restrict Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: [email protected]
• Subject line: "GDPR Request - [Type of Request]"

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two months, in which case we will inform you.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection
• Secure data backup and recovery procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours
• Inform affected individuals without undue delay
• Provide information about the nature of the breach and steps taken

International Data Transfers

We primarily store and process data within the UK and European Economic Area. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules for intra-organizational transfers

Data Protection Officer

For specific questions about data protection or to raise concerns, you can contact our data protection representative:

Email: [email protected]

Complaints

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
United Kingdom
Tel: 0303 123 1113
Website: ico.org.uk

Children's Data

We take extra care when processing data relating to children. We obtain parental consent before collecting personal data from children under 13 and ensure that data processing is lawful and appropriate for the child's age.

Updates to This Page

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates when changes were last made.