GDPR Compliance

Understanding your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR Compliance

rare-cruise is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines how we comply with these regulations and explains your rights.

Data Controller Information

rare-cruise is the data controller responsible for your personal information. Our contact details:

Email: [email protected]
Address: 43 Thornfield Lane, Bristol BS8 2HN, United Kingdom

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

1. Right to Be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.

2. Right of Access

You have the right to request access to the personal data we hold about you. This is commonly known as a "subject access request" (SAR). We will provide you with a copy of your personal data free of charge within one month of your request.

3. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you. We will respond to your request within one month.

4. Right to Erasure ("Right to Be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

5. Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7. Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8. Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. Include the following information in your request:

  • Your full name and contact information
  • A clear description of the right you wish to exercise
  • Any relevant details to help us locate your information

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

Lawful Basis for Processing

We process your personal data on the following legal bases:

  • Consent: You have given explicit consent for processing for specific purposes (e.g., marketing communications)
  • Contract: Processing is necessary for the performance of a contract with you (e.g., delivering training services)
  • Legal Obligation: Processing is necessary to comply with legal obligations
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, improving services)

Data Protection Principles

We adhere to the following GDPR data protection principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimization: We collect only the data that is adequate, relevant, and necessary
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We process data securely with appropriate safeguards
  • Accountability: We are responsible for and can demonstrate compliance

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

International Data Transfers

If we transfer your personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Other legally approved transfer mechanisms

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risks to individuals' rights and freedoms.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority:

Information Commissioner's Office (ICO)
Website: rare-cruise.com
Helpline: 0303 123 1113

Updates to This Page

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. Please check this page periodically for updates.

Contact Us

If you have questions about GDPR compliance or how we handle your personal data, please contact us at [email protected].