GDPR Compliance

Our Commitment to Data Protection

Silent Syllabus is committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page provides information about your rights under these regulations and how we ensure compliance.

Data Controller

Silent Syllabus is the data controller for the personal information we collect through our website and services. As the data controller, we determine the purposes and means of processing your personal data.

Contact details:
Email: [email protected]
Address: 47 Chancery Lane, London WC2A 1PL, United Kingdom

Your Rights Under GDPR

The UK GDPR provides you with the following rights regarding your personal data:

1. Right to Be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.

2. Right of Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month.

3. Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

4. Right to Erasure

Also known as the "right to be forgotten," you can request the deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with legal obligations

5. Right to Restrict Processing

You can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

7. Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object, we will stop processing unless we can demonstrate compelling legitimate grounds.

8. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

Lawful Bases for Processing

We process your personal data only when we have a lawful basis to do so. The lawful bases we rely on include:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contractual necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract
• Legal obligation: Processing is necessary to comply with our legal obligations
• Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights don't override these interests

Data Protection Principles

We adhere to the data protection principles set out in the UK GDPR:

• Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes
• Data minimisation: We collect only the data necessary for our purposes
• Accuracy: We keep personal data accurate and up to date
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We protect data against unauthorised processing and accidental loss
• Accountability: We are responsible for demonstrating compliance

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are determined based on:

• The nature of the data and the purposes of processing
• Legal, regulatory, and contractual requirements
• Legitimate business needs

International Data Transfers

If we transfer your personal data outside the United Kingdom, we ensure that appropriate safeguards are in place to protect your data, such as:

• Standard contractual clauses approved by the ICO
• Transfers to countries with adequate data protection laws
• Other lawful transfer mechanisms under UK GDPR

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data where appropriate
• Regular testing and evaluation of security measures
• Staff training on data protection
• Access controls to limit who can access personal data

Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office within 72 hours
• Communicate the breach to affected individuals without undue delay if there is a high risk
• Document all breaches and our response

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, this may be extended by a further two months, and we will inform you of any extension within the first month.

There is no fee to exercise your rights, except in cases of manifestly unfounded or excessive requests.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: 19 May 2026