GDPR Information

Last Updated: 17 June 2026

Overview

The UK General Data Protection Regulation (UK GDPR) provides comprehensive data protection rights for individuals. At comet-panther, we are committed to complying with UK GDPR requirements and respecting your privacy rights.

Data Controller

comet-panther acts as the data controller for personal information collected through our website and training programmes. We determine the purposes and means of processing your personal data.

Contact details:
Email: [email protected]
Address: 42 Wellington Street, Manchester, M1 4EG, United Kingdom

Personal Data We Process

We process the following categories of personal data:

• Identity data: Full name
• Contact data: Email address
• Technical data: IP address, browser type, device information
• Usage data: Information about how you use our website and services
• Profile data: Training programme preferences, experience level

Legal Basis for Processing

We process your personal data under the following lawful bases:

• Performance of a contract: To provide training services you have enrolled in
• Legitimate interests: To improve our services, ensure security, and communicate relevant information
• Consent: Where you have given specific consent for certain processing activities
• Legal obligation: To comply with applicable laws and regulations

Your Rights Under UK GDPR

Right to Access

You have the right to obtain confirmation about whether we process your personal data and to receive a copy of that data. We will provide this information within one month of your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request correction. We will update your information promptly upon verification.

Right to Erasure

You may request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restriction of Processing

You can request that we restrict processing of your personal data when:

• You contest the accuracy of the data
• Processing is unlawful but you prefer restriction over erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification

Right to Data Portability

Where processing is based on consent or contract performance and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing conducted before withdrawal.

Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not currently engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. Include sufficient information to identify yourself and specify which right you wish to exercise.

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Pseudonymization and encryption of personal data
• Ongoing confidentiality, integrity, availability, and resilience of processing systems
• Regular testing and assessment of security effectiveness
• Incident response and data breach notification procedures

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are outlined in our Privacy Policy.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, where required by law.

International Data Transfers

When we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the UK authorities
• Transfers to countries with adequacy decisions
• Binding corporate rules where applicable

Third-Party Processing

We work with third-party service providers who process personal data on our behalf. We ensure these processors:

• Provide sufficient guarantees of compliance with UK GDPR
• Process data only on our documented instructions
• Implement appropriate technical and organizational measures
• Maintain confidentiality and security of personal data

Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. If you remain dissatisfied, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

Updates to This Information

We may update this GDPR information to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website with an updated effective date.

Contact Us

For questions about your data protection rights or our GDPR compliance practices, contact us at [email protected]