GDPR Policy
1. Introduction
Crossroads Educational Consultants is dedicated to safeguarding the privacy and security of personal data entrusted to us by our clients, partners, and users. This General Data Protection Regulation (GDPR) policy outlines how we collect, process, store, and protect personal data in accordance with the GDPR requirements applicable in the United Kingdom.
2. Data Controller
Crossroads Educational Consultants serves as the data controller for the personal data it collects. Our contact details are as follows:
Crossroads Educational Consultants
31 Drum Tower, Caerphilly CF83 2XY
Katherine Gibson (Director)
katherine.gibson@crossroads.wales
Gavin Gibson (Director)
Gavin.gibson@crossroads.wales
3. Types of Personal Data Collected
We collect and process various types of personal data for the purposes of providing educational consulting services. This may include, but is not limited to, the following:
- Contact information (names, addresses, phone numbers, email addresses) ● Educational and professional background information
- Financial information for billing and payment purposes
- Information provided during consultations and meetings
- Any other relevant information required for the provision of our services 1
4. Legal Basis for Processing Personal Data
We will only process personal data when there is a legal basis to do so. The legal bases for processing personal data may include the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest or in the exercise of official authority, and legitimate interests pursued by the data controller or a third party.
5. Purpose of Processing Personal Data
Crossroads Educational Consultants processes personal data for the following purposes:
- Providing educational consulting services
- Communicating with clients and partners
- Billing and financial transactions
- Ensuring the security and integrity of our systems
- Compliance with legal obligations
6. Data Subject Rights
Individuals have the right to access, rectify, erase, and restrict the processing of their personal data. They also have the right to object to the processing of their personal data and the right to data portability. Crossroads Educational Consultants will respond to data subject requests in accordance with applicable data protection laws.
7. Data Security Measures
Crossroads Educational Consultants implements appropriate technical and organisational measures to ensure the security and confidentiality of personal data. This includes, but is not limited to, encryption, access controls, and regular security assessments.
8. Data Breach Response
In the event of a data breach, Crossroads Educational Consultants will promptly assess the risk to individuals and take appropriate measures to mitigate the impact of the breach. We will also notify the Information Commissioner’s Office (ICO) and affected individuals as required by law.
9. Data Retention
Personal data will be retained only for as long as necessary for the purposes for which it was collected and in accordance with applicable legal requirements.
10. Data Protection Officer
Crossroads Educational Consultants has appointed a Data Protection Officer (DPO) to oversee compliance with this policy and applicable data protection laws. The DPO can be contacted at kate.gibson@crossroads.wales or on 07985423284.
11. Policy Review and Updates
This GDPR policy will be reviewed regularly to ensure its continued relevance and effectiveness. Any updates will be communicated to relevant stakeholders.
Date of Last Revision: 28/3/2026
Approved by: K.S. Gibson
K.S. Gibson
Katherine Gibson, Director