GDPR compliance

This page summarises how we approach the UK/EU General Data Protection Regulation (GDPR) and related standards. It is informational and does not replace legal advice tailored to your business.

Lawful bases

We process personal data only where we have a lawful basis, such as contract (for example, fulfilling a booking), legitimate interests (for example, improving our services, balanced against your rights), consent where required, or legal obligation.

Your rights (EEA/UK)

Subject to conditions in the GDPR and local law, you may have the right to: access your data; rectify inaccuracies; erase data in certain cases; restrict processing; object to processing based on legitimate interests; data portability where processing is automated and based on contract or consent; and withdraw consent at any time where we rely on it.

Complaints

You may lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can try to resolve your concern.

International transfers

If personal data is transferred outside the EEA or UK, we use appropriate safeguards such as standard contractual clauses or adequacy decisions, where applicable.

Contact

For data protection enquiries, use the details on our contact page. Replace this section with a named data protection contact or DPO when you appoint one.