Your data protection rights under UK GDPR
Last updated: January 2024
aurora-moose is committed to protecting your personal data and respecting your privacy rights. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we fulfil our obligations and your rights under these regulations.
aurora-moose is the data controller responsible for your personal data collected through this website and our services. This means we determine how and why your personal data is processed.
Contact details:
Email: [email protected]
Address: 42 Corporation Street, Birmingham, B4 6QB, United Kingdom
The UK GDPR provides you with the following rights regarding your personal data:
You have the right to be informed about how we collect and use your personal data. Our Privacy Policy provides detailed information about our data processing activities.
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month.
If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will take reasonable steps to verify and correct inaccurate data.
Also known as the right to be forgotten, you can request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose or if you withdraw consent.
You have the right to request that we limit the way we use your personal data while concerns about accuracy or processing are resolved.
Where technically feasible, you can request that we provide your personal data in a structured, commonly used, machine-readable format so that you can transfer it to another service provider.
You have the right to object to certain types of processing, including direct marketing and processing based on legitimate interests.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.
We process personal data only when we have a valid lawful basis. The lawful bases we rely on include:
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:
Some of your personal data may be transferred to countries outside the UK when arranging travel services. When this occurs, we ensure appropriate safeguards are in place to protect your data, such as standard contractual clauses approved by the Information Commissioner's Office.
To exercise any of your GDPR rights, please contact us using the details above. We may need to verify your identity before processing your request. There is no fee for most requests, though we may charge a reasonable fee for repetitive, manifestly unfounded, or excessive requests.
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.
We may update this GDPR compliance information periodically. Any changes will be posted on this page with an updated revision date.