GDPR Compliance

Last updated: June 2026

Our Commitment to GDPR

Moon Loft is committed to complying with the General Data Protection Regulation (GDPR) and UK data protection laws. We take your privacy seriously and have implemented measures to ensure your personal data is processed lawfully, fairly, and transparently.

Data Controller Information

Data Controller: Moon Loft
Address: 47 Westbourne Grove, London W2 4UA, United Kingdom
Email: [email protected]

Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal data:

Right to be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy and this GDPR page.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will update your information within one month.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format and have it transferred to another organization.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis for processing.

Rights Related to Automated Decision Making

We do not use automated decision making or profiling. All service decisions involve human review and consideration.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with the subject line "GDPR Request."

Please include:

  • Your full name and contact details
  • Details of your request
  • Any relevant reference numbers or dates

We will respond to your request within one month. In complex cases, we may extend this by up to two additional months and will notify you of any delay.

Data Processing Principles

We process personal data in accordance with GDPR principles:

  • Lawfulness, fairness, and transparency: We process data legally and inform you how we use it
  • Purpose limitation: We collect data for specific, explicit purposes
  • Data minimization: We only collect data necessary for our purposes
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We protect data with appropriate security measures
  • Accountability: We demonstrate compliance with these principles

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay, and in any case within 72 hours of becoming aware of the breach. We will also notify the Information Commissioner's Office (ICO) as required.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Complaints

If you believe we have not complied with GDPR or UK data protection laws, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

Updates to This Page

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Please check this page periodically for updates.

Contact Us

For any questions about GDPR compliance or data protection, please contact us at [email protected].