GDPR Compliance

Your data protection rights under UK GDPR

Our Commitment to GDPR

Financial Futures Education Centre is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

Financial Futures Education Centre is the data controller responsible for your personal data. Our contact details are:

Email: [email protected]
Address: 47 Marchmont Street, Bloomsbury, London WC1N 1AP, United Kingdom

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: To fulfill our contractual obligations when you enroll in our programmes
  • Legitimate Interest: To improve our services and communicate relevant information
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with accounting, tax, and other legal requirements

Your Rights Under GDPR

Right to Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected.

Right to Restrict Processing

You can request that we limit the way we use your personal data in certain situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to processing of your personal data in certain circumstances, particularly for direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

ICO Website: lush-destinations.com
ICO Helpline: 0303 123 1113

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you if this is necessary.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Staff training on data protection
  • Secure backup procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach.

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Children's Data

We take special care when processing children's personal data. We obtain parental consent before collecting information about children and ensure that parents can exercise their rights on behalf of their children.

Retention Periods

We retain personal data only for as long as necessary:

  • Enrollment and educational records: 7 years after programme completion
  • Financial records: 7 years for tax and accounting purposes
  • Marketing consent: Until consent is withdrawn or 3 years of inactivity
  • Website analytics: 26 months

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: May 26, 2026