GDPR Compliance Information

This page explains how persistent-guide complies with the General Data Protection Regulation and UK data protection laws. We are committed to transparency about our data practices and ensuring you can exercise your rights effectively.

Last Updated: 9 April 2026

Our Commitment to Data Protection

We take our data protection obligations seriously and have implemented comprehensive measures to ensure compliance with GDPR principles. These principles guide every aspect of how we collect, process, and store personal information.

We process data lawfully, fairly, and transparently. You will always know what information we collect, why we collect it, and how we use it. We limit collection to what is necessary for specific purposes and ensure accuracy through regular reviews and your ability to update information.

We retain data only as long as needed for its intended purpose or to meet legal obligations. Security measures protect against unauthorized access, loss, or damage, and we hold ourselves accountable for demonstrating compliance with these principles.

Your Rights Under GDPR

GDPR grants you specific rights regarding your personal data. Understanding these rights empowers you to control your information.

Right to Be Informed

You have the right to clear information about what personal data we collect and how we use it. Our privacy policy and this page fulfill this obligation by explaining our practices in straightforward language. Before collecting your data, we inform you about the purpose, legal basis, retention period, and your rights.

Right of Access

You can request a copy of all personal data we hold about you, known as a Subject Access Request. We will provide this information within one month, free of charge, in a format that is easy to understand and use.

Your access request will include details about what data we process, why we process it, who we share it with, how long we keep it, and the source if we didn't collect it directly from you. We will also explain your rights and provide information about any automated decision-making.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you can request corrections. We strive to maintain accurate records and will update information promptly when you notify us of errors. This applies to factual information such as contact details, attendance records, and preference information.

Right to Erasure

Also known as the right to be forgotten, this allows you to request deletion of your personal data in certain circumstances. These include situations where data is no longer necessary for its original purpose, you withdraw consent on which processing was based, you object to processing and we have no overriding legitimate grounds, or data was processed unlawfully.

However, we may retain data if we have legal obligations to keep it, such as financial records for tax purposes, or if retention is necessary for establishing or defending legal claims. We will explain if any such grounds apply to your deletion request.

Right to Restrict Processing

In specific situations, you can request that we limit how we use your data while retaining it. This applies when you contest the accuracy of data and we need time to verify it, when processing is unlawful but you prefer restriction rather than erasure, when we no longer need the data but you require it for legal claims, or when you object to processing and we need to verify whether our legitimate grounds override yours.

During restriction, we will store the data but not actively process it except with your consent or for specific legal purposes.

Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format. This applies to data you provided to us based on consent or contract and that we process automatically. You can receive this data yourself or request that we transmit it directly to another service provider where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. If you object to marketing communications, we will stop immediately. For objections based on other grounds, we will stop processing unless we can demonstrate compelling legitimate reasons that override your interests or we need the data for legal claims.

Rights Related to Automated Decision-Making

We do not use automated systems to make decisions that significantly affect you without human involvement. Our hobby recommendations always involve personal consultation and human judgment. If our practices change, we will ensure you have rights regarding any automated decision-making.

How to Exercise Your Rights

Exercising your GDPR rights is straightforward. Contact us at [email protected] with your request. Please include enough information to help us locate your records, such as your full name and email address used for our services.

For security reasons, we may ask for additional identification to confirm your identity before fulfilling requests involving access to or deletion of personal data. This protects you by ensuring we don't disclose your information to someone else or delete it based on a fraudulent request.

We aim to respond to all requests within one month of receipt. If your request is complex or we receive multiple requests from you, we may extend this by two additional months. We will inform you of any extension within the initial month and explain the reason for delay.

We do not charge fees for exercising your rights unless your request is clearly unfounded, repetitive, or excessive. In such cases, we may charge a reasonable fee or refuse to act on the request. We will explain our reasoning if this situation arises.

Lawful Bases for Processing

GDPR requires that we have a valid legal basis for processing personal data. We rely on different bases depending on the context:

Contract

When you book a consultation, workshop, or other service, we process your data to fulfill our contractual obligation to deliver what you've purchased. This includes communicating about your booking, preparing materials, maintaining attendance records, and providing follow-up support.

Consent

For marketing communications, research surveys, or sharing your information with hobby communities, we rely on your explicit consent. You can withdraw consent at any time, and we will stop the relevant processing immediately. Withdrawal does not affect processing that occurred before you withdrew consent.

Legitimate Interests

We have legitimate business interests in maintaining records of our work, understanding service effectiveness, and improving our offerings. Before processing data on this basis, we conduct assessments to ensure our interests do not override your rights and freedoms. You can object to processing based on legitimate interests.

Legal Obligation

Some data retention is required by law, such as maintaining financial records for tax authorities. In these cases, we process data to comply with legal requirements and cannot delete it until the required retention period expires.

Data Protection by Design

We incorporate data protection considerations into everything we do, from initial service design through ongoing operations. This approach, called data protection by design and by default, means we think about privacy implications before collecting or processing data.

We collect only the minimum information necessary for specific purposes. Systems are configured to provide appropriate privacy protection by default, such as limiting data access to authorized personnel and using encryption for sensitive information.

When developing new services or changing existing ones, we conduct privacy impact assessments to identify and mitigate potential risks to your personal data. This proactive approach helps us prevent problems rather than react to them.

Third-Party Processing

When we engage service providers who process personal data on our behalf, we ensure they meet GDPR standards. Written agreements specify exactly what data they can access, how they may use it, and what security measures they must implement.

These processors include our payment provider, email service, website hosting company, and cloud backup service. All are carefully selected based on their data protection practices and are contractually bound to process data only according to our instructions.

We remain responsible for third-party processors and regularly review their compliance with our data protection requirements.

International Data Transfers

We primarily store data within the United Kingdom. When data must be transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place.

These safeguards may include standard contractual clauses approved by relevant authorities, verification that the destination country has adequate data protection laws, or binding corporate rules for transfers within multinational companies.

We will not transfer your personal data internationally without ensuring protection equivalent to what GDPR provides.

Data Breach Procedures

Despite our preventive measures, data breaches can occur. We have procedures to detect, report, and investigate suspected breaches. If a breach occurs that is likely to risk your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it.

If the breach poses high risk to you, we will also notify you directly without undue delay. Our notification will explain what happened, what data was affected, the likely consequences, and what measures we are taking to address the breach and mitigate harm.

We maintain detailed documentation of all data breaches, including facts about the incident, its effects, and remedial actions taken. This helps us learn from incidents and improve our security measures.

Children's Data

When providing services to individuals under 16, we obtain verifiable parental consent before processing their personal data. Parents have the right to access their child's information, request corrections or deletion, and withdraw consent.

We design communications and services for younger clients with appropriate privacy protections, using clear language and ensuring they understand what information is collected and why.

Data Protection Officer

While our organization is not legally required to appoint a Data Protection Officer, we have designated a responsible person to oversee GDPR compliance, handle data protection queries, and serve as a point of contact with supervisory authorities.

You can reach our data protection lead at [email protected] with any questions or concerns about how we handle your personal data.

Records and Accountability

We maintain comprehensive records of our processing activities, including purposes of processing, data categories, recipient categories, retention periods, security measures, and international transfers. These records demonstrate our compliance and help us manage data responsibly.

Regular audits and reviews ensure our practices remain aligned with GDPR requirements and best practices. We document decisions about data processing, including assessments of risks and appropriate safeguards.

Complaints and Supervisory Authority

If you believe we have not handled your personal data properly or have not responded adequately to your concerns, you have the right to lodge a complaint with the Information Commissioner's Office, the UK's data protection supervisory authority.

You can contact the ICO through their website at persistent-guide.com, by email at [email protected], or by calling 0303 123 1113. Their postal address is Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Before approaching the ICO, we encourage you to contact us directly so we can attempt to resolve your concerns. However, you have the absolute right to contact the supervisory authority at any time.

Updates to This Information

We review and update this GDPR information periodically to reflect changes in our practices, legal requirements, or guidance from regulatory authorities. Significant changes will be communicated to active clients via email.

The date at the top of this page indicates when it was last updated. We recommend reviewing this information periodically to stay informed about how we protect your rights.

Contact Information

For any questions about GDPR compliance, to exercise your rights, or to raise concerns about our data practices, please contact us at [email protected]. We take all inquiries seriously and will respond as quickly as possible.