GDPR Compliance

Your data protection rights under the UK General Data Protection Regulation

Last updated: 1 January 2026

Wave Cascade is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains our commitment to protecting your data rights and how we fulfil our obligations as a data controller.

Our Role as Data Controller

Wave Cascade acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data and are responsible for ensuring this processing complies with data protection law.

Our contact details for data protection purposes are:

Wave Cascade
Suite 204, Enterprise House
47 Portland Street
Manchester M1 3LF
Email: [email protected]

Lawful Bases for Processing

We only process personal data where we have a lawful basis to do so. The bases we rely on include:

Consent

Where you have freely given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications. You can withdraw consent at any time.

Contract

Where processing is necessary for the performance of a contract with you, such as delivering educational services you have enrolled in.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided your rights do not override these interests. Examples include website analytics and fraud prevention.

Legal Obligation

Where processing is necessary to comply with a legal obligation, such as maintaining financial records.

Your Rights Under UK GDPR

Right to Be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.

Right of Access

You have the right to access your personal data and supplementary information. You can request a copy of the personal data we hold about you, and we will provide this within one month of your request.

Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete. Contact us if you believe any information we hold about you is incorrect.

Right to Erasure

You have the right to have personal data erased in certain circumstances, including where data is no longer necessary for its original purpose or where you withdraw consent. This right is not absolute and may be limited by legal requirements.

Right to Restrict Processing

You have the right to request the restriction of processing of your personal data in certain circumstances, such as where you contest the accuracy of the data.

Right to Data Portability

You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to have this data transmitted to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or direct marketing at any time.

Rights Related to Automated Decision Making

You have rights related to automated decision making and profiling. We do not currently use automated decision making that produces legal or similarly significant effects.

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by two months, but we will inform you of any extension within the first month.

We will not charge a fee to deal with your request unless the request is manifestly unfounded or excessive. We may also refuse to comply with a request in such circumstances.

Data Processing for Children

Given that our services are designed for children and teenagers, we take additional care with their personal data:

  • We collect children's data only through parents or guardians
  • We use children's data solely to deliver educational services
  • We never share children's data with third parties for marketing
  • Parents can access, correct, or request deletion of their child's data at any time

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Data Breaches

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office within 72 hours of becoming aware of the breach.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

Updates to This Information

We may update this GDPR information from time to time. Significant changes will be communicated through our website or direct contact where appropriate.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing, you consent to our use of cookies. Learn more