GDPR Compliance Statement

Last Updated: May 20, 2026

Our Commitment to GDPR

ion-junct is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This document outlines our compliance measures and your rights under GDPR.

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you provide explicit consent for specific purposes (e.g., marketing communications)
• Contract: When processing is necessary to fulfill our contractual obligations to provide educational services
• Legitimate Interests: When processing serves our legitimate business interests without overriding your rights
• Legal Obligation: When required by UK or EU law

Data Controller Information

ion-junct acts as the data controller for personal information collected through our website and services.

Data Controller: ion-junct
Address: 127 Division Street, Sheffield, S1 4GH, United Kingdom
Email: [email protected]

Your Rights Under GDPR

As a data subject, you have the following rights:

1. Right to Access

You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.

2. Right to Rectification

You can request correction of inaccurate or incomplete personal data.

3. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances, including:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

4. Right to Restriction of Processing

You can request that we limit how we use your personal data in certain situations.

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

6. Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or significant effects. We do not currently engage in automated decision-making.

8. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended by two additional months in complex cases.

We may need to verify your identity before processing your request to ensure we are disclosing information to the correct person.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls limiting who can view personal data
• Staff training on data protection principles
• Secure data backup and recovery procedures
• Incident response and breach notification procedures

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. Our retention periods include:

• Enrollment inquiries: 2 years from last contact
• Active client records: Duration of engagement plus 6 years (for contractual and tax purposes)
• Marketing communications: Until consent is withdrawn
• Website analytics: 26 months

International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding corporate rules for intra-group transfers

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all breaches and our response measures

Children's Data

While our services are designed for children and teenagers, we collect personal information from parents or legal guardians. We process children's data only with explicit parental consent and implement additional safeguards to protect minors' information.

Third-Party Processors

When we engage third-party processors, we ensure they:

• Provide sufficient guarantees of GDPR compliance
• Process data only on our documented instructions
• Maintain confidentiality and security
• Enter into written data processing agreements

Complaints and Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with a supervisory authority.

In the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website and, where appropriate, via email.

Contact Us

For questions about GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Address: 127 Division Street, Sheffield, S1 4GH, United Kingdom