frost-hawk | GDPR Compliance

Last updated: January 2024

Our Commitment to GDPR

frost-hawk is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and are dedicated to protecting your personal data.

Data Controller

frost-hawk acts as the data controller for personal information collected through this website and in the course of providing our vehicle hire services.

Contact details:
Email: [email protected]
Address: Unit 14, Victoria Business Park, Trafford Road, Manchester M17 1PG

Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to valid requests within one month.

Right to Rectification (Article 16)

You have the right to request that we correct any personal data that is inaccurate or incomplete. We will make corrections promptly upon receiving verified requests.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.

Right to Restrict Processing (Article 18)

You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller where technically feasible.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests, including profiling. You also have the right to object to processing for direct marketing purposes.

Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects. We do not currently use automated decision-making that meets this threshold.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Contract: Processing necessary to perform our rental agreement with you
Legal Obligation: Processing required to comply with applicable laws
Legitimate Interests: Processing for business purposes where not overridden by your rights
Consent: Where you have explicitly agreed to specific processing

Data We Collect

Categories of personal data we process include:

Identity data (name, driving licence details)
Contact data (address, email)
Financial data (payment card details)
Transaction data (booking history, payments)
Technical data (IP address, browser type)
Usage data (website interaction information)

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Retention periods are determined by:

Legal requirements (financial records: 7 years)
Contractual obligations
Business necessity
Your instructions regarding deletion

Data Security Measures

We implement appropriate technical and organisational measures to ensure security of personal data, including:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Staff training on data protection
Incident response procedures

International Transfers

We primarily process data within the United Kingdom. If data transfer outside the UK is necessary, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breach Notification

In the event of a personal data breach likely to result in risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and affected individuals without undue delay where required.

Exercising Your Rights

To exercise any of your data protection rights, please contact us using the details below. We may need to verify your identity before processing your request.

We will respond to all legitimate requests within one month. If your request is complex or we receive multiple requests, we may extend this period by a further two months, in which case we will notify you.

Complaints

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

Contact Us

For any questions regarding GDPR compliance or to exercise your rights:

Email: [email protected]
Address: Unit 14, Victoria Business Park, Trafford Road, Manchester M17 1PG

This page provides an overview of your rights under the UK GDPR. For complete information about how we process your personal data, please refer to our Privacy Policy. We are committed to transparent and lawful data processing in all our operations.