Your data protection rights under UK GDPR.
Last updated: January 2024
brisk-spark is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and outlines your rights as a data subject.
brisk-spark is the data controller for personal information collected through our website and travel booking services.
Contact details:
brisk-spark
142 Byres Road
Glasgow G12 8TB
United Kingdom
Email: [email protected]
As a data subject, you have the following rights:
You have the right to know how your personal data is being collected and used. Our Privacy Policy provides this information in detail.
You can request a copy of the personal data we hold about you. We will respond to your request within one month and provide the information free of charge in most cases.
If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will respond to rectification requests within one month.
Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, including when:
Note: We may need to retain certain data for legal or contractual reasons.
You can request that we limit how we use your data while we verify its accuracy, consider your objection, or determine whether our legitimate interests override your rights.
Where technically feasible, you can request your personal data in a structured, commonly used format to transfer to another service provider.
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making in our services.
To exercise any of these rights, please contact us:
We will respond to your request within one month. If your request is complex, we may extend this by a further two months, but we will inform you of this within the initial one-month period.
We process personal data under the following lawful bases:
Processing necessary to fulfil your travel booking, including sharing information with airlines, hotels, and other suppliers.
Processing required to comply with legal requirements, such as providing passenger data to immigration authorities or maintaining financial records.
Processing for purposes such as improving our services, fraud prevention, and security. We conduct legitimate interest assessments to ensure processing does not override your rights.
Processing based on your explicit consent, such as receiving marketing communications. You can withdraw consent at any time.
We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or processes that may pose high risks to individuals' rights and freedoms.
We have procedures in place to detect, report, and investigate personal data breaches. Where required, we will notify the Information Commissioner's Office within 72 hours and affected individuals without undue delay.
All staff receive regular training on data protection principles and procedures. Access to personal data is limited to those who require it for their role.
Where we use third-party processors, we ensure appropriate contracts are in place requiring them to protect your data and process it only according to our instructions.
When your data is transferred outside the UK (necessary for international travel bookings), we ensure appropriate safeguards such as:
If you are unhappy with how we have handled your data, you can complain to us first at [email protected]. You also have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
We review our GDPR compliance regularly and update this page as necessary. Please check back periodically for any changes.