GDPR Compliance

Last updated: May 2026

Our Commitment to GDPR

dark-flame is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We respect your privacy rights and work to ensure your personal data is handled lawfully, fairly, and transparently.

Data Controller

dark-flame acts as the data controller for personal information collected through our website and services. Our contact details are:

dark-flame
47 Colmore Row
Birmingham, B3 2BS
United Kingdom
Email: [email protected]

Lawful Bases for Processing

We process personal data under the following lawful bases:

• Contract: Processing necessary to fulfil our service agreement when you enrol in a programme
• Legitimate Interests: Processing for operational purposes such as improving services and website functionality, where this does not override your rights
• Consent: For marketing communications and optional data collection, which you can withdraw at any time
• Legal Obligation: When we must comply with applicable laws

Your Rights Under UK GDPR

As a data subject, you have the following rights:

Right of Access

You may request a copy of the personal data we hold about you. We will respond within one month of receiving your request.

Right to Rectification

If any information we hold is inaccurate or incomplete, you have the right to request correction.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose.

Right to Restrict Processing

You may request that we limit how we use your data while we address concerns about accuracy or our lawful basis for processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used format.

Right to Object

You may object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Programme placements involve human review.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Protection for Children

Our services involve processing limited data about children (first name and age) for educational purposes. We obtain this information from parents or guardians, who provide consent on behalf of their children. We implement enhanced safeguards for this data and do not contact children directly.

International Data Transfers

We primarily store and process data within the United Kingdom. If any data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

Supervisory Authority

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

Updates to This Notice

We review our GDPR compliance practices regularly. Any updates to this notice will be posted here with the revised date.