GDPR Compliance

Last updated: May 8, 2026

Our Commitment to GDPR

infragrove is committed to full compliance with the General Data Protection Regulation (GDPR) and UK data protection laws. This page explains how we meet our obligations and protect your rights.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you provide explicit consent for specific purposes
  • Contract: To fulfill our contractual obligations in providing educational services
  • Legal Obligation: To comply with legal requirements
  • Legitimate Interests: For business operations, where balanced against your rights

Your GDPR Rights

Right to Access

You can request a copy of all personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restriction of Processing

You can request we limit how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format to transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling. We do not currently use automated decision-making.

Exercising Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]
Address: 47 Deansgate, Manchester M3 2AY, United Kingdom

We will respond to your request within one month. If your request is complex, we may extend this by two additional months and will inform you.

Data Protection Officer

For data protection inquiries, contact our Data Protection Officer at [email protected].

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Children's Data

When processing data about children under 18, we:

  • Obtain parental or guardian consent
  • Collect only necessary information
  • Implement enhanced security measures
  • Provide clear information about processing in age-appropriate language
  • Allow parents to access, modify, or delete their child's data

International Data Transfers

When transferring data outside the UK or EEA, we ensure:

  • Transfers are to countries with adequate protection levels
  • Use of Standard Contractual Clauses approved by the UK ICO
  • Implementation of appropriate safeguards

Data Retention

We retain personal data only as long as necessary:

  • Enrollment and service data: 7 years (for legal and accounting purposes)
  • Marketing communications: Until consent is withdrawn
  • Website analytics: 26 months

Third-Party Processors

We work with carefully selected third-party processors who meet GDPR standards. All processors sign data processing agreements ensuring compliance.

Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

Updates to GDPR Practices

We regularly review and update our data protection practices to ensure ongoing GDPR compliance. Material changes will be communicated to affected individuals.