GDPR Compliance

Our Commitment to GDPR

Delta Osprey is committed to complying with the UK General Data Protection Regulation (UK GDPR) and maintaining the highest standards of data protection for all individuals whose personal data we process.

Data Controller

For the purposes of UK GDPR, Delta Osprey is the data controller responsible for your personal data. Our contact details are:

Email: [email protected]
Address: 42 Thornbury Lane, Bristol BS8 2QE, United Kingdom

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you voluntarily provide your information through our booking forms or email communications
• Contract: To fulfill our contractual obligations when you book our services
• Legitimate Interests: To improve our services and communicate relevant information about our culinary offerings
• Legal Obligation: When required by law

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to our processing of your personal data in certain circumstances.

Rights Related to Automated Decision Making

We do not use automated decision making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month of receipt.

Please provide sufficient information to identify yourself and specify which right you wish to exercise. We may request additional information to verify your identity before processing your request.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

International Data Transfers

Your personal data is processed within the United Kingdom. If we need to transfer your data outside the UK, we will ensure appropriate safeguards are in place as required by UK GDPR.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our typical retention periods are:

• Booking and service records: 7 years for tax and accounting purposes
• Email correspondence: 3 years from last contact
• Website analytics data: 26 months

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact us at [email protected].