GDPR Compliance

Your data protection rights under UK GDPR.

Last updated: 1 January 2026

Our Commitment to GDPR

Orbit Reef is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and your rights as a data subject.

Data Controller

Orbit Reef is the data controller responsible for your personal data. Our contact details are:

Orbit Reef
Unit 14, Velocity Business Park
Trafford Way
Manchester M17 1QD
Email: [email protected]

Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract: Processing necessary to perform our vehicle hire services
  • Legitimate Interests: Processing necessary for our business operations, including marketing to existing customers
  • Legal Obligation: Processing required to comply with legal requirements
  • Consent: Where you have given specific consent for processing

Your Rights Under UK GDPR

Right to Access

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month of receipt.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you. We will respond within one month.

Right to Erasure

You have the right to request deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and applies only in certain circumstances.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests, including profiling and direct marketing.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. We do not currently engage in such automated decision-making.

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for exercising your rights, although we may charge a reasonable fee for repetitive, manifestly unfounded, or excessive requests.

Data Protection Officer

Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer. However, you may direct any data protection queries to [email protected].

Data Transfers

Your personal data is stored and processed within the United Kingdom. We do not transfer personal data outside the UK except where necessary for specific services (such as payment processing) and only where adequate safeguards are in place.

Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you are not satisfied with how we handle your personal data or your data protection request, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR information from time to time. The "Last updated" date at the top of this page indicates when changes were last made.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing, you consent to our use of cookies. Learn more