Legal

GDPR Compliance

Last Updated: April 2026

Our Commitment to Data Protection

DiscovrAI Tech is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). This page explains how we protect your data and uphold your rights.

We are registered in England and Wales and take our responsibilities as a data controller seriously.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to obtain confirmation that your personal data is being processed and to access that data. You can request a copy of all personal data we hold about you.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your information through your account settings or by contacting us.

Right to Erasure ("Right to be Forgotten")

In certain circumstances, you have the right to request the deletion of your personal data, including when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects, unless certain conditions apply.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

Email: privacy@discovrai.tech

We will respond to your request within one month. In complex cases, we may extend this by up to two additional months, but we will inform you of any delay.

Lawful Bases for Processing

We process personal data under the following lawful bases:

Contract Performance

We process data necessary to:

  • Provide access to our platform
  • Deliver learning content and track progress
  • Process payments and manage subscriptions
  • Provide customer support

Legitimate Interests

We may process data for our legitimate business interests, including:

  • Improving our services and user experience
  • Preventing fraud and ensuring security
  • Marketing our services (with appropriate safeguards)

Consent

Where required, we obtain your explicit consent for:

  • Marketing communications
  • Non-essential cookies and tracking
  • Special category data processing

Legal Obligation

We may process data to comply with:

  • Tax and accounting requirements
  • Legal proceedings and court orders
  • Regulatory obligations

Data Protection Impact Assessments

For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimize risks to individuals.

Data Processors and Transfers

We work with carefully selected service providers who process data on our behalf. All processors are bound by data processing agreements that ensure GDPR compliance.

When transferring data outside the UK/EEA, we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours
  • Inform affected individuals without undue delay when required
  • Document all breaches and our response

Data Protection Officer

While not legally required to appoint a DPO, we have designated a privacy lead to oversee data protection compliance:

Email: privacy@discovrai.tech

Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and penetration testing
  • Employee training on data protection
  • Incident response procedures

Supervisory Authority

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

Enterprise Data Processing

For enterprise customers, we offer:

  • Data Processing Agreements (DPAs)
  • Sub-processor lists
  • Security documentation
  • Compliance certifications

Contact our enterprise team at enterprise@discovrai.tech for more information.

Updates to This Page

We regularly review and update our GDPR compliance practices. Any changes will be reflected on this page with an updated date.

Further Information

For more information about GDPR and your rights, visit: