GDPR Compliance Notice

Last updated: May 15, 2026

Our Commitment to Data Protection

noble-gadget is committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This notice outlines how we comply with data protection principles and safeguard your rights.

Data Controller

noble-gadget acts as the data controller for personal information collected through our website and services.

Contact details:
noble-gadget
42 Rodney Street
Liverpool L1 9EH
United Kingdom
Email: [email protected]

Data Protection Principles

We process personal data in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only data that is adequate, relevant, and necessary
  • Accuracy: We take reasonable steps to ensure data accuracy and update records when necessary
  • Storage Limitation: Data is retained only as long as necessary for the intended purposes
  • Integrity and Confidentiality: We implement appropriate security measures to protect data
  • Accountability: We demonstrate compliance with these principles

Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Performance of a Contract: Processing necessary to provide services you have requested
  • Legitimate Interests: Processing necessary for our legitimate business interests, balanced against your rights
  • Legal Obligation: Processing required to comply with legal requirements, including safeguarding duties
  • Consent: Processing based on your freely given, specific, informed consent

Your Rights Under GDPR

Right to Be Informed

You have the right to clear information about how we use your personal data, provided through this notice and our Privacy Policy.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal data. We will make corrections within one month.

Right to Erasure

In certain circumstances, you can request deletion of your personal data, including when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

This right may be limited where we have legal obligations to retain data, particularly safeguarding records.

Right to Restrict Processing

You can request restriction of processing in specific situations, such as when you contest data accuracy or object to processing.

Right to Data Portability

You can request transfer of your data to another service provider in a structured, commonly used, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling in our services.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. Please provide:

  • Your full name and contact information
  • Details of your request
  • Proof of identity (if required to verify your request)

We will respond to requests within one month. In complex cases, we may extend this period by two months and will inform you of any extension.

Data Security Measures

We implement appropriate technical and organizational security measures, including:

  • Encryption of sensitive data during transmission and storage
  • Access controls limiting data access to authorized personnel only
  • Regular security assessments and updates
  • Staff training on data protection responsibilities
  • Secure backup and recovery procedures
  • Confidentiality agreements with third-party service providers

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document the breach, including facts, effects, and remedial action taken

Children's Data

Given the nature of our services, we process data relating to children and young people. We take additional care to ensure:

  • Parental or guardian consent is obtained for all enrolments
  • Information is collected and used only for legitimate educational and safeguarding purposes
  • Enhanced security measures protect children's data
  • Staff are trained in handling children's information responsibly

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. If international transfers become necessary, we will implement appropriate safeguards as required by UK GDPR.

Third-Party Processing

Where we engage third-party service providers to process personal data on our behalf, we:

  • Conduct due diligence to ensure they meet GDPR standards
  • Establish written contracts specifying processing instructions and security requirements
  • Monitor their compliance with data protection obligations
  • Ensure they process data only according to our documented instructions

Data Protection Impact Assessments

For processing activities that pose high risks to individuals' rights and freedoms, we conduct Data Protection Impact Assessments to identify and mitigate risks.

Record Keeping

We maintain records of our processing activities, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • Retention periods
  • Security measures implemented

Complaints and Supervisory Authority

If you are not satisfied with how we handle your personal data, you can lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

We encourage you to contact us first so we can attempt to resolve your concerns directly.

Updates to This Notice

We review and update this GDPR notice periodically to reflect changes in our practices or legal requirements. The last updated date at the top of this page indicates when changes were made.

Contact for Data Protection Queries

For questions about GDPR compliance or data protection practices, contact us at [email protected].