GDPR Compliance

Last updated: 15 January 2026

Our Commitment to Data Protection

Nova Scholar Limited is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities seriously and have implemented comprehensive policies and procedures to ensure your personal data is processed lawfully, fairly, and transparently.

This page provides detailed information about your rights under data protection law and how we fulfill our obligations as a data controller.

Data Controller Details

Nova Scholar Limited is the data controller responsible for your personal information. You can contact us regarding data protection matters:

Company Name: Nova Scholar Limited
Registration Number: 09247856
Registered Address: 42 Stokes Croft, Bristol BS1 3QD, United Kingdom
Email: [email protected]

Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data. Here is a detailed explanation of each right and how to exercise it:

Right of Access

You have the right to obtain confirmation that we are processing your personal data and to receive a copy of that data along with supplementary information about how we use it. This is commonly known as a "subject access request."

How to exercise this right: Email us at [email protected] with your request. We will provide the information within one month, free of charge for your first request. We may need to verify your identity before providing access.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed. This ensures our records remain accurate and up to date.

How to exercise this right: Contact us with details of the information you believe is incorrect, and we will make the necessary corrections promptly.

Right to Erasure (Right to be Forgotten)

In certain circumstances, you can request deletion of your personal data. This right applies when:

  • The data is no longer needed for the purposes for which it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Note that we may not be able to delete your data if we need to retain it for legal or regulatory reasons, such as tax or accounting requirements.

Right to Restriction of Processing

You can request that we limit how we use your personal data in specific situations:

  • You contest the accuracy of the data (we will restrict processing while we verify accuracy)
  • Processing is unlawful, but you prefer restriction over deletion
  • We no longer need the data, but you need it for legal claims
  • You have objected to processing pending verification of our legitimate grounds

When processing is restricted, we can still store the data but not use it without your consent or for specific limited purposes.

Right to Data Portability

Where technically feasible, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another organization. This right applies when:

  • Processing is based on your consent or a contract
  • Processing is carried out by automated means

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if we need the data for legal claims.

You have an absolute right to object to processing for direct marketing purposes. If you object, we will stop processing your data for marketing immediately.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. Currently, we do not engage in automated decision-making or profiling.

Right to Withdraw Consent

Where our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. To withdraw consent, contact us at [email protected].

Data Protection Principles

We process all personal data in accordance with the following principles established by UK GDPR:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes only
  • Data minimization: We collect only data that is adequate, relevant, and necessary
  • Accuracy: We take reasonable steps to ensure data is accurate and kept up to date
  • Storage limitation: We retain data only as long as necessary for the purposes collected
  • Integrity and confidentiality: We process data securely, protecting against unauthorized or unlawful processing and accidental loss, destruction, or damage
  • Accountability: We are responsible for and can demonstrate compliance with these principles

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The lawful bases we rely on are:

  • Contractual necessity: Processing is necessary to perform our contract with you or to take steps at your request before entering a contract
  • Legal obligation: Processing is necessary to comply with legal obligations we are subject to
  • Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms
  • Consent: You have given clear consent for us to process your personal data for a specific purpose

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Pseudonymization and encryption of personal data where appropriate
  • Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems
  • Regular testing, assessment, and evaluation of security effectiveness
  • Staff training on data protection obligations and security practices
  • Access controls ensuring only authorized personnel can access personal data
  • Secure disposal procedures for data no longer required

Data Breach Procedures

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Report the breach to the Information Commissioner's Office within 72 hours of becoming aware of it
  • Notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
  • Document all data breaches, including facts, effects, and remedial action taken
  • Implement measures to mitigate any adverse effects

International Data Transfers

We primarily store and process data within the United Kingdom. If we need to transfer your personal data outside the UK, we will ensure appropriate safeguards are in place, such as:

  • Transfer to countries with adequacy decisions recognizing equivalent data protection standards
  • Use of standard contractual clauses approved by regulatory authorities
  • Other mechanisms recognized under UK data protection law

We will inform you if we transfer your data internationally and provide information about the safeguards in place.

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we ensure they:

  • Process data only on our documented instructions
  • Maintain appropriate technical and organizational security measures
  • Assist us in meeting our data protection obligations
  • Delete or return personal data at the end of the service provision
  • Operate under a written contract meeting UK GDPR requirements

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us by email at [email protected] or by post at our registered address listed above.

We will respond to your request within one month. In complex cases, we may extend this period by an additional two months, but we will inform you if this is necessary and explain the reasons for the delay.

We will not charge a fee for most requests. However, we may charge a reasonable fee for manifestly unfounded or excessive requests, particularly repeated requests for copies of the same information.

To protect your privacy, we may need to verify your identity before fulfilling your request. This is a security measure to ensure personal data is not disclosed to unauthorized individuals.

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with data protection law, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.nova-scholar.com

Changes to This Information

We review our data protection practices regularly and will update this page as necessary to reflect changes in our procedures or legal requirements. The "Last updated" date at the top of this page indicates when changes were last made.

Additional Information

For more general information about how we handle your personal data, including what data we collect and how we use it, please refer to our Privacy Policy.