← All policies

Your data rights and how to use them

Version 1.0 Reviewed: June 2026 Next review: June 2027 Owner: Jazz (Data Protection Lead)

Who runs SoloCogs: SoloCogs is the brand name for the online learning platform operated by Portsdown Tuition, a sole-trader business based in Portsmouth, England. Throughout this page, "Portsdown Tuition", "we", "us", and "our" refer to the operator and legal entity. The data controller for personal data processed through SoloCogs is Portsdown Tuition.

Contact: hello@solocogs.co.uk

1. Your rights under UK GDPR

UK GDPR (the Data Protection Act 2018 and the retained EU GDPR) gives every person whose personal data we hold a set of rights. You can use any of them by emailing us. We never charge a fee for the first request, and we respond within one calendar month.

2. How to make a request

Email hello@solocogs.co.uk with the subject line "Data rights request". Tell us:

You can also write to us at the postal address listed in the Privacy Policy, but email is faster.

3. Children making requests

UK GDPR gives children the same rights as adults. In practice, we follow this approach:

4. How we verify identity

Before releasing personal data we have to be sure we are giving it to the right person. We use the lightest verification that gives us reasonable confidence:

If we cannot verify identity to a reasonable standard we will say so and ask for more information rather than release anything.

5. What we send for an access request

For a Subject Access Request (SAR), we send a CSV or JSON export of everything we hold about you, including:

We do NOT send:

6. What erasure ("right to be forgotten") actually removes

When you ask us to delete your data we hard-delete the following from our database:

Some data is retained for a limited period for legal reasons, but only in narrowly-scoped form:

7. Our internal timeline

StepTarget
Acknowledge receiptWithin 3 working days
Verify identityWithin 7 working days
Complete the responseWithin 1 calendar month of the original request
Extension (complex requests only)+2 months, but only with written notice to you explaining why

8. If we have to refuse a request

UK GDPR allows us to refuse a request only in narrow circumstances - for example, if it is "manifestly unfounded or excessive" (such as repeated identical requests), or where complying would expose another person's data. If we ever refuse, we will tell you in writing within one month, explain why, and remind you of your right to complain to the ICO.

9. Review

This page is reviewed annually. The version number and review date at the top of the page are updated each cycle.