Your data protection rights under UK GDPR
maple-expanse is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about how we comply with these regulations.
maple-expanse acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.
Contact details:
maple-expanse
42 Wellington Place
Belfast BT1 6GE
Email: [email protected]
The UK GDPR provides you with specific rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request. To make a subject access request, email us at [email protected].
If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will respond to rectification requests within one month.
You have the right to request deletion of your personal data in certain circumstances, including:
Note that we may need to retain certain data for legal or accounting purposes even after an erasure request.
You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of data or while we consider an objection you have raised.
Where we process your data based on consent or contract, and processing is automated, you have the right to receive your data in a structured, commonly used format and to transfer it to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing immediately.
We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
We process personal data under the following lawful bases:
Processing necessary to deliver services you have booked with us, including programme delivery, communications about your booking, and payment processing.
Where you have given explicit consent, such as for marketing communications. You can withdraw consent at any time by contacting us or using the unsubscribe link in marketing emails.
Processing necessary for our legitimate business interests, provided these do not override your fundamental rights. This includes website analytics to improve user experience and fraud prevention measures.
Processing required to comply with UK law, such as maintaining financial records for tax purposes.
We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
We conduct Data Protection Impact Assessments (DPIAs) where processing is likely to result in a high risk to individuals' rights and freedoms, in line with Article 35 of UK GDPR.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach poses a high risk, we will also notify affected individuals directly.
To exercise any of your rights under UK GDPR, please contact us:
Email: [email protected]
Post: maple-expanse, 42 Wellington Place, Belfast BT1 6GE
We will respond to all requests within one month. If your request is complex or you have made multiple requests, we may extend this period by up to two months, but we will inform you within the first month if this is necessary.
If you are dissatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We would appreciate the opportunity to address your concerns directly before you escalate to the ICO. Please contact us first so we can try to resolve the issue.
We review our GDPR compliance regularly and will update this page if our practices change. Significant changes will be communicated through our website.
Last reviewed: 25 May 2026