Last updated: January 2024
fjord-hub is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust approach to data protection, and this document outlines how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
fjord-hub acts as the data controller for personal information collected through our website and services. As data controller, we determine the purposes and means of processing personal data.
Contact details:
fjord-hub
47 Briggate
Leeds, LS1 6HB
United Kingdom
Email: [email protected]
We process personal data under the following lawful bases as defined by the UK GDPR:
We process data necessary to fulfil our contractual obligations to you, including arranging travel bookings, making reservations, and providing travel documents.
Where we rely on consent, you have the right to withdraw that consent at any time. This includes consent for marketing communications and non-essential cookies.
We may process data where it is in our legitimate interests to do so, provided those interests are not overridden by your rights. This includes improving our services and maintaining security.
We process certain data to comply with legal requirements, including tax and accounting regulations and travel industry compliance requirements.
Under the UK GDPR, you have the following rights:
You have the right to request a copy of the personal data we hold about you. We will respond to such requests within one month.
You have the right to request correction of inaccurate personal data without undue delay.
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected.
You have the right to request restriction of processing while we verify accuracy or legitimate grounds for processing.
You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making processes.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it and will inform affected individuals without undue delay.
Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, such as:
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods vary based on the type of data and legal requirements. Generally, booking records are retained for seven years following completion of travel for legal and accounting purposes.
To exercise any of your rights under GDPR, please contact us at:
Email: [email protected]
We will respond to your request within one month. In complex cases, we may extend this by up to two months, in which case we will inform you of the extension and reasons.
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.