Our Commitment to Data Protection

moor-orca is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines your rights and how we process your personal information.

Data Controller

moor-orca acts as the data controller for personal information collected through our website and services. We are responsible for deciding how your personal data is processed and for what purposes.

Contact: [email protected]

Your Data Protection Rights

Right to Access

You have the right to request access to the personal data we hold about you. This is commonly known as a "data subject access request." Upon receiving your request, we will provide you with a copy of your personal data and information about how we are processing it.

Right to Rectification

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will take reasonable steps to ensure accuracy of data based on the information you provide.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Please note that this right is not absolute, and we may need to retain certain information for legal or legitimate business purposes.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis. If you raise an objection, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates data protection laws. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO).

ICO Contact: www.ico.org.uk

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. Include the following information in your request:

  • Your full name and contact details
  • Details of the specific right you wish to exercise
  • Any relevant information that will help us locate your data

We will respond to your request without undue delay and within one month of receipt. This period may be extended by two additional months where necessary, taking into account the complexity and number of requests.

Identity Verification

To protect your privacy and security, we may need to verify your identity before fulfilling data subject requests. This helps ensure that personal data is not disclosed to unauthorised parties.

Data Processing Principles

We process personal data in accordance with the following GDPR principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Legal Bases for Processing

We process personal data only when we have a valid legal basis, including:

  • Contract performance: necessary to provide the services you have requested
  • Legal obligation: required to comply with laws and regulations
  • Legitimate interests: necessary for our legitimate business purposes
  • Consent: you have given clear consent for specific purposes

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary depending on the type of data and legal requirements.

International Data Transfers

We primarily process data within the United Kingdom and European Economic Area. If personal data is transferred outside these regions, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures are regularly reviewed and updated as necessary.

Updates to Our Practices

We may update our data protection practices and this information from time to time. Significant changes will be communicated through our website and, where appropriate, directly to you.

Contact Information

For any questions about our GDPR compliance, data protection practices, or to exercise your rights, please contact us at [email protected].