GDPR Compliance Information

Last Updated: May 2026

Our Commitment to GDPR Compliance

cloudless-ranging is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about how we meet our obligations under these regulations and how you can exercise your rights.

Data Controller Information

For the purposes of UK GDPR, cloudless-ranging is the data controller responsible for your personal information.

Data Controller: cloudless-ranging
Address: 47 Whiteladies Road, Clifton, Bristol, BS8 2LR, United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data under the following lawful bases as defined by Article 6 of UK GDPR:

Contract Performance (Article 6(1)(b))

Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract. This applies when you register for our programmes.

Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. Our legitimate interests include:

• Operating and improving our educational services
• Communicating with clients about programmes
• Preventing fraud and ensuring security
• Understanding how our website is used

Legal Obligation (Article 6(1)(c))

Processing is necessary for compliance with legal obligations, such as tax and accounting requirements.

Consent (Article 6(1)(a))

Where required, we obtain your explicit consent for specific processing activities, such as marketing communications. You may withdraw consent at any time.

Your Rights Under UK GDPR

1. Right of Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data and to receive a copy of that data. You can request:

• What personal data we hold about you
• Why we are processing it
• Who we share it with
• How long we will retain it
• Your rights regarding the data

2. Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed. We will make corrections promptly and notify any third parties with whom we shared the data.

3. Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required for compliance with a legal obligation

Note that we may retain certain data where required by law or for legitimate business purposes such as financial record-keeping.

4. Right to Restriction of Processing (Article 18)

You can request that we restrict processing of your personal data when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want the data erased
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification of our legitimate grounds

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller. This applies to data:

• You provided to us
• Processed based on consent or contract
• Processed by automated means

6. Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significant effects. We do not currently engage in automated decision-making of this nature.

How to Exercise Your Rights

To exercise any of your rights under UK GDPR, please contact us:

Email: [email protected]
Post: 47 Whiteladies Road, Clifton, Bristol, BS8 2LR, United Kingdom

Please include the following in your request:

• Your full name and contact information
• Specific details of your request
• Proof of identity (to prevent unauthorised disclosure)

We will respond to requests without undue delay and within one month of receipt. This period may be extended by two months for complex requests, and we will inform you of any extension.

Data Security Measures

In compliance with Article 32 of UK GDPR, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Pseudonymisation and encryption of personal data
• Ongoing confidentiality, integrity, availability, and resilience of systems
• Regular testing and evaluation of security measures
• Staff training on data protection principles
• Access controls and authentication procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all breaches and remedial actions taken

Data Protection Impact Assessments

Where processing is likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) before commencing processing. This helps us identify and mitigate risks.

Third-Party Processors

We engage third-party service providers to process personal data on our behalf. All processors are selected carefully and required to:

• Process data only according to our documented instructions
• Implement appropriate security measures
• Maintain confidentiality
• Enter into written data processing agreements
• Comply with UK GDPR requirements

International Data Transfers

If we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place as required by Chapter V of UK GDPR, including:

• Adequacy decisions by the UK government
• Standard Contractual Clauses approved by the ICO
• Binding Corporate Rules where applicable

Children's Data

While our programmes serve children and teenagers, we collect personal information from parents or legal guardians acting on their behalf. We process data concerning minors with appropriate additional safeguards and obtain parental consent where required.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Our retention periods are documented and regularly reviewed.

Right to Lodge a Complaint

If you believe we have not complied with UK GDPR, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: https://cloudless-ranging.com
Telephone: 0303 123 1113
Email: [email protected]

Updates to This Information

We may update this GDPR information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Further Information

For additional details about how we handle your personal information, please refer to our Privacy Policy.