GDPR Compliance

Last updated: 15 April 2026

Our Commitment to Data Protection

Fleet Investor Limited is committed to complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page provides specific information about your rights under these regulations and how we fulfil our obligations as a data controller.

Data Controller Information

Company Name: Fleet Investor Limited
Registration Number: 11456892
Registered Address: 42 Kensington Gardens Square, Bayswater, London W2 4BH, United Kingdom
Contact Email: [email protected]

Your GDPR Rights Explained

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. We provide this through our Privacy Policy and this GDPR page. We tell you what data we collect, why we collect it, how long we keep it, and who we share it with.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a "subject access request". We will provide this information free of charge within one month of receiving your request.

To make a subject access request, email us at [email protected] with "Subject Access Request" in the subject line. Please include:

  • Your full name and the email address associated with your account
  • Proof of identity (such as a copy of your passport or driving licence)
  • Details of the specific information you're requesting, if you don't want a complete copy

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly through your account settings. For data you cannot change yourself, contact us and we will make the corrections within one month.

Right to Erasure ("Right to Be Forgotten")

In certain circumstances, you can request that we delete your personal data. This right applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and we have no other legal basis to process it
  • You object to processing and we have no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Please note that we may need to retain certain information for legal or accounting purposes, even after you request deletion. We will inform you if this applies to your request.

Right to Restrict Processing

You can ask us to restrict how we use your data in certain situations:

  • You contest the accuracy of the data (we will restrict processing while we verify accuracy)
  • Processing is unlawful but you don't want the data erased
  • We no longer need the data but you need it for a legal claim
  • You've objected to processing and we're verifying whether our legitimate grounds override yours

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another service provider where technically feasible.

This right applies to:

  • Data you provided to us
  • Data processed based on consent or contract
  • Data processed by automated means

We can provide your data in JSON or CSV format. Contact us to request data portability.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Direct Marketing: You can object to marketing communications at any time by clicking "unsubscribe" in any marketing email or contacting us directly. We will stop sending marketing messages immediately.

Legitimate Interests: If we process your data based on legitimate interests, you can object by explaining your particular situation. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our use of your data for course recommendations and content improvement involves human oversight.

How to Exercise Your Rights

To exercise any of your GDPR rights, contact us at:

Email: [email protected]
Subject Line: GDPR Rights Request
Include: Your full name, account email address, and details of which right(s) you wish to exercise

We will respond to your request within one month. In complex cases, we may extend this by two additional months, and we will inform you if this is necessary.

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Contract Performance

Processing is necessary to provide the courses and services you've purchased. This includes:

  • Creating and managing your account
  • Delivering course content and tracking progress
  • Processing payments
  • Providing customer support

Legitimate Interests

We process data for our legitimate business interests, which include:

  • Improving our courses based on usage analytics
  • Preventing fraud and ensuring platform security
  • Understanding how students interact with content
  • Communicating important service updates

We balance these interests against your rights and will not process data in ways you would not reasonably expect.

Consent

For certain activities, we ask for your explicit consent:

  • Marketing communications
  • Non-essential cookies

You can withdraw consent at any time, and this will not affect the lawfulness of processing before withdrawal.

Legal Obligation

We may process data to comply with legal requirements, such as tax and accounting regulations.

Data Protection Principles

We ensure all personal data is:

  • Processed lawfully, fairly, and transparently: We are clear about what data we collect and why
  • Collected for specified, explicit, legitimate purposes: We don't use your data for purposes you haven't been informed about
  • Adequate, relevant, and limited: We only collect data we actually need
  • Accurate and kept up to date: We provide ways for you to correct information
  • Kept no longer than necessary: We delete data when we no longer have a valid reason to keep it
  • Processed securely: We use appropriate technical and organisational measures to protect your data

International Data Transfers

Some of our service providers are located outside the UK and European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place:

  • Transfers to countries with adequacy decisions from the UK or EU
  • Standard contractual clauses approved by the European Commission
  • Other legally approved transfer mechanisms

You can request information about the safeguards we use for specific transfers by contacting us.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk:

  • Encryption of data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls and authentication requirements
  • Staff training on data protection and security
  • Incident response procedures

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Document the breach and our response

Third-Party Data Processors

We work with carefully selected third-party service providers who process data on our behalf. These processors include:

  • Payment processing services
  • Email delivery platforms
  • Cloud hosting providers
  • Analytics services

All processors are bound by data processing agreements that ensure GDPR compliance. They can only process data according to our instructions and must implement appropriate security measures.

Children's Data

Our services are not intended for individuals under 16. We do not knowingly collect or process personal data of children. If we learn that we have collected data from a child, we will delete it promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first so we can address the issue. If you remain dissatisfied, you have the right to lodge a complaint with a supervisory authority.

For UK residents, the supervisory authority is:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.ico.org.uk

For EU residents, you can contact your national data protection authority.

Updates to GDPR Compliance

We regularly review our data protection practices to ensure ongoing GDPR compliance. When we make significant changes to how we process personal data, we will update this page and notify affected users.

Contact Our Data Protection Team

For questions about GDPR compliance or to exercise your rights, contact us:

Email: [email protected]
Subject: GDPR Enquiry
Address: Fleet Investor Limited, 42 Kensington Gardens Square, Bayswater, London W2 4BH, United Kingdom