GDPR Compliance
Your data protection rights under the General Data Protection Regulation
Our Commitment to Data Protection
moor-orca is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines your rights and how we process your personal information.
Data Controller
moor-orca acts as the data controller for personal information collected through our website and services. We are responsible for deciding how your personal data is processed and for what purposes.
Contact: [email protected]
Your Data Protection Rights
Right to Access
You have the right to request access to the personal data we hold about you. This is commonly known as a "data subject access request." Upon receiving your request, we will provide you with a copy of your personal data and information about how we are processing it.
Right to Rectification
If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will take reasonable steps to ensure accuracy of data based on the information you provide.
Right to Erasure
Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances, including:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent on which processing is based
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Please note that this right is not absolute, and we may need to retain certain information for legal or legitimate business purposes.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing based on legitimate interests.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another controller where technically feasible.
Right to Object
You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis. If you raise an objection, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Right to Withdraw Consent
Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates data protection laws. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO).
ICO Contact: www.ico.org.uk
Exercising Your Rights
To exercise any of your data protection rights, please contact us at [email protected]. Include the following information in your request:
- Your full name and contact details
- Details of the specific right you wish to exercise
- Any relevant information that will help us locate your data
We will respond to your request without undue delay and within one month of receipt. This period may be extended by two additional months where necessary, taking into account the complexity and number of requests.
Identity Verification
To protect your privacy and security, we may need to verify your identity before fulfilling data subject requests. This helps ensure that personal data is not disclosed to unauthorised parties.
Data Processing Principles
We process personal data in accordance with the following GDPR principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Legal Bases for Processing
We process personal data only when we have a valid legal basis, including:
- Contract performance: necessary to provide the services you have requested
- Legal obligation: required to comply with laws and regulations
- Legitimate interests: necessary for our legitimate business purposes
- Consent: you have given clear consent for specific purposes
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary depending on the type of data and legal requirements.
International Data Transfers
We primarily process data within the United Kingdom and European Economic Area. If personal data is transferred outside these regions, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.
Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures are regularly reviewed and updated as necessary.
Updates to Our Practices
We may update our data protection practices and this information from time to time. Significant changes will be communicated through our website and, where appropriate, directly to you.
Contact Information
For any questions about our GDPR compliance, data protection practices, or to exercise your rights, please contact us at [email protected].