GDPR Compliance

Last Updated: June 7, 2026

Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations operating within the European Union and those processing personal data of EU residents. This page outlines our commitment to GDPR compliance and explains your rights as a data subject.

Data Controller Information

Organization: aurora-egret
Address: 42 Ashford Lane, Bristol, BS8 2PQ, United Kingdom
Contact Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

  • Consent: You have given explicit consent for processing your personal data for specific purposes
  • Contractual Necessity: Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract
  • Legal Obligation: Processing is necessary for compliance with legal obligations to which we are subject
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your rights and freedoms

Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request confirmation of whether we are processing your personal data and, if so, to obtain a copy of that data along with information about how it is being processed.

2. Right to Rectification

You have the right to request correction of inaccurate personal data and to have incomplete personal data completed.

3. Right to Erasure (Right to be Forgotten)

Under certain circumstances, you have the right to request deletion of your personal data. This right applies when:

  • The personal data is no longer necessary for the purposes for which it was collected
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The personal data has been unlawfully processed
  • The personal data must be erased for compliance with a legal obligation

4. Right to Restriction of Processing

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data or object to processing.

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6. Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis for processing.

7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in automated decision-making or profiling.

How to Exercise Your Rights

To exercise any of your data subject rights, please submit a request to:

Email: [email protected]
Subject Line: GDPR Data Subject Request

We will respond to your request within one month of receipt. In complex cases, this period may be extended by two additional months, and we will inform you of such extension.

Data Protection Principles

We process personal data in accordance with the following GDPR principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only data that is adequate, relevant, and limited to what is necessary
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date
  • Storage Limitation: We retain personal data only for as long as necessary
  • Integrity and Confidentiality: We process data securely using appropriate technical and organizational measures
  • Accountability: We are responsible for and can demonstrate compliance with these principles

Data Security Measures

We implement appropriate technical and organizational security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Staff training on data protection practices
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by law.

International Data Transfers

We primarily process and store personal data within the United Kingdom and European Economic Area. If we transfer personal data outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority:

UK Supervisory Authority: Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113

Updates to This Policy

We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page indicates when the most recent changes were made.

Contact Us

For questions or concerns about our GDPR compliance or to exercise your data subject rights, please contact:

Email: [email protected]
Address: 42 Ashford Lane, Bristol, BS8 2PQ, United Kingdom