GDPR Compliance

Last updated: June 1, 2026

Our Commitment to GDPR

buffer-bridge is fully committed to compliance with the General Data Protection Regulation (GDPR). We take our responsibilities seriously and have implemented appropriate measures to protect your personal data.

Data Controller

buffer-bridge acts as the data controller for personal information collected through our services. Our contact details:

buffer-bridge
47 Division Street
Sheffield, S1 4GE
United Kingdom
Email: [email protected]

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for administrative costs if your request is clearly unfounded or excessive.

Right to Rectification

You have the right to request correction of any information you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain conditions.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes.

Right to Data Portability

You have the right to request transfer of your data to another organization or directly to you under certain conditions.

Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] or write to us at our Sheffield address. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately.

Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes, such as marketing communications.
  • Contract: Processing is necessary for a contract we have with you, such as booking travel services.
  • Legal obligation: Processing is necessary for us to comply with the law.
  • Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, unless your interests and fundamental rights override those interests.

Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Staff training on data protection principles
  • Secure data backup and recovery procedures
  • Incident response and breach notification protocols

International Data Transfers

When we transfer your personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions confirming the receiving country provides adequate protection
  • Binding corporate rules for transfers within corporate groups

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also report qualifying breaches to the ICO within 72 hours of becoming aware.

Automated Decision Making

We do not use automated decision making or profiling in ways that produce legal effects or similarly significant effects on you.

Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Updates to This Notice

We may update this GDPR compliance notice to reflect changes in our practices or legal requirements. Significant changes will be communicated to you directly where appropriate.

Contact Information

For any questions or concerns about GDPR compliance or data protection:

Email: [email protected]
Post: GDPR Compliance Officer, buffer-bridge, 47 Division Street, Sheffield, S1 4GE, United Kingdom

Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113