Information on this site is advertising in nature.

Last updated: January 2024

Our Commitment to Data Protection

fjord-hub is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust approach to data protection, and this document outlines how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

fjord-hub acts as the data controller for personal information collected through our website and services. As data controller, we determine the purposes and means of processing personal data.

Contact details:
fjord-hub
47 Briggate
Leeds, LS1 6HB
United Kingdom
Email: [email protected]

Lawful Bases for Processing

We process personal data under the following lawful bases as defined by the UK GDPR:

Contractual Necessity

We process data necessary to fulfil our contractual obligations to you, including arranging travel bookings, making reservations, and providing travel documents.

Consent

Where we rely on consent, you have the right to withdraw that consent at any time. This includes consent for marketing communications and non-essential cookies.

Legitimate Interests

We may process data where it is in our legitimate interests to do so, provided those interests are not overridden by your rights. This includes improving our services and maintaining security.

Legal Obligation

We process certain data to comply with legal requirements, including tax and accounting regulations and travel industry compliance requirements.

Your Rights Under GDPR

Under the UK GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will respond to such requests within one month.

Right to Rectification

You have the right to request correction of inaccurate personal data without undue delay.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to request restriction of processing while we verify accuracy or legitimate grounds for processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making processes.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest where appropriate
  • Regular security assessments and updates
  • Staff training on data protection procedures
  • Access controls limiting data access to authorised personnel
  • Secure disposal of data no longer required

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it and will inform affected individuals without undue delay.

International Transfers

Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequacy decisions
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods vary based on the type of data and legal requirements. Generally, booking records are retained for seven years following completion of travel for legal and accounting purposes.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected]

We will respond to your request within one month. In complex cases, we may extend this by up to two months, in which case we will inform you of the extension and reasons.

Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Document

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.