GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Last updated: January 2024

Our Commitment to GDPR

flux-socket is fully committed to complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We take our responsibility to protect your personal data seriously and have implemented appropriate measures to ensure compliance.

Who We Are

flux-socket is the data controller for the personal data we collect. Our contact details are:

flux-socket Travel
47 Deansgate
Manchester, M3 2AY
United Kingdom
Email: [email protected]

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to your request within one month.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

Right to Erasure

Also known as the "right to be forgotten", you can request that we delete your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to the processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for this purpose immediately.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making in our services.

How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication measures
  • Regular security assessments
  • Staff training on data protection
  • Secure disposal of data when no longer needed

Data Processing Activities

We process personal data for the following purposes:

  • Fulfilling travel bookings and providing travel services
  • Customer service and support
  • Marketing (with consent)
  • Legal compliance
  • Website analytics and improvement

Third-Party Processors

We share your data with third parties who process it on our behalf, including:

  • Travel suppliers (airlines, hotels, tour operators)
  • Payment processors
  • IT service providers
  • Marketing platforms (with consent)

All our processors are contractually bound to process data only as instructed and to maintain appropriate security measures.

International Transfers

Some of the travel services we arrange involve transferring your data to countries outside the UK and EEA. When this is necessary, we ensure adequate protection through:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Other appropriate safeguards

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Our standard retention periods are:

  • Booking records: 7 years after travel completion
  • Marketing preferences: Until consent is withdrawn
  • Website analytics: 26 months
  • Enquiry records: 3 years

Data Breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected]
Post: Data Protection, flux-socket Travel, 47 Deansgate, Manchester, M3 2AY

We will respond to your request within one month. In complex cases, we may extend this by a further two months, but we will inform you if this is necessary.

Complaints

If you are not satisfied with how we handle your data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

We use cookies to enhance your browsing experience and analyse our traffic. By clicking "Accept", you consent to our use of cookies. Learn more