GDPR Compliance

Last updated: May 25, 2026

1. Our Commitment to GDPR

Radiate Flow is committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Economic Area and the United Kingdom.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you explicitly agree to our processing of your data
• Contract: When processing is necessary to fulfill our agreement with you (e.g., delivering educational programs)
• Legal Obligation: When we must process data to comply with the law
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided your rights are not overridden

3. Your Rights Under GDPR

As a data subject, you have the following rights:

3.1 Right to Access

You can request a copy of the personal data we hold about you.

3.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

3.3 Right to Erasure

You can request deletion of your personal data under certain circumstances.

3.4 Right to Restrict Processing

You can request that we limit how we use your data.

3.5 Right to Data Portability

You can request your data in a structured, commonly used format to transfer to another service.

3.6 Right to Object

You can object to our processing of your data based on legitimate interests or for direct marketing.

3.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

3.8 Right to Lodge a Complaint

You can file a complaint with the Information Commissioner's Office (ICO) if you believe we have mishandled your data.

4. Data Protection Officer

For questions about data protection or to exercise your rights, contact:

Email: [email protected]
Address: 42 Portland Street, Manchester M1 4QU, United Kingdom

5. Data Retention

We retain personal data only as long as necessary:

• Enrollment data: Duration of program plus 3 years for educational records
• Marketing data: Until consent is withdrawn
• Financial data: 7 years for tax and accounting purposes
• Website analytics: 26 months maximum

6. International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

7. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

8. Security Measures

We implement appropriate technical and organizational measures including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Incident response procedures

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach.

10. Children's Data

We process data about children only with verified parental consent. Parents/guardians can exercise all GDPR rights on behalf of their children.

11. How to Exercise Your Rights

To exercise any of your GDPR rights:

1. Send a request to [email protected]
2. We will verify your identity
3. We will respond within 30 days (extended to 60 days for complex requests)
4. There is no charge for most requests

12. Supervisory Authority

Information Commissioner's Office (ICO)
Website: radiate-flow.com
Helpline: 0303 123 1113

13. Updates to This Notice

We may update this GDPR compliance notice. Significant changes will be communicated directly to affected individuals.