GDPR Policy | UVA


(Last Updated March 15, 2020) 




We created this GDPR section on our website and mobile apps to go over what GDPR means for you and the steps we’ve taken to ensure the protection of your privacy

The EU General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, and places new obligations on organizations based in the EEA or which hold or process personally identifiable information (PII) about EU residents.

Our Commitment 

For the processing of data, the UVA Limited may engage data processors or, at its sole discretion, hire other persons to perform certain functions on behalf of UVA Limited. In such cases, UVA Limited shall take necessary measures to ensure that the personal data processors process such data following instructions of UVA Limited and applicable legislation. UVA Limited shall also require the individual data processors to implement appropriate measures for the security of personal data. In such cases, UVA Limited shall ensure that such persons will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.

GDPR Data Protection

The General Data Protection Regulation (GDPR) was enacted by the European Union to deepen and harmonize personal data protection regulations. Now in effect as of May 25, 2018, it is a comprehensive and clear set of guidelines that acknowledges that different “flavors” of personal data require different levels of protection. 

GDPR applies to all businesses irrespective of the region or jurisdiction, no matter where they are based, who collect and process personal data on EU residents. Non-EU companies have to appoint a GDPR representative and will be liable for all fines and sanctions

Some of the critical requirements of the GDPR are:

•    Consent: Organizations must get permission to collect personal data, with the level of approval varying according to the type of personal data collected.
•    Data minimization: Responding to years of gratuitous collection of personal data by apps, with no apparent purpose in mind, the GDPR stipulates that organizations can only collect personal data that is related to a well-defined business objective. If an organization gathers personal data for one purpose but then decides it wants to use it for other purposes (such as consumer profiling), that could be considered non-compliance.
•    Individual rights: Another feature of the GDPR is the self-evident rights that it offers data subjects to understand why their data is collected and how it is processed. They have the right to object, to correct—and they have the right to be erased/forgotten. 

UVA Limited has complied to applicable legislation, regulation, statute or order relating to the collection, storage and use of Personal Information including (without limitation) 
the Privacy Act 1988(Cth), the Data Protection Act 1998, the European Union General Data Protection Regulation May 25, 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Data Protection (Processing of Sensitive Personal Data) Order 2000 and comparable laws, as the case may be in the applicable jurisdiction, or any amendments and re-enactments thereof. 

GDPR Scope

The new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.

We support the GDPR and will ensure all UVA Limited services comply with the GDPR provisions. Not only is the GDPR an essential step in protecting the fundamental right of privacy for European citizens, but it also raises the bar for data protection, security, and compliance in the industry so, therefore, UVA Limited is committed to abiding by all Data protection regulation


A current list of the companies UVA Limited partners with to process data is available. You can contact us for that information

Service Updates

Our website and mobile apps pass through regular updates to help customers comply with the GDPR obligations relating to obtaining and recording consent. Consent check-boxes will be available upon request. Other technology designed for automated data access requests received from guests will be released. 

Privacy Policy 

We have updated our privacy policy to ensure it complies with our obligations under the EU GDPR Regulation. You can learn more regarding our collection and use of your personal information on our privacy policy page.

Data Security Policy 

UVA Limited has always been committed to ensuring we maintain our customers’ and their customers’ data as securely as possible. Details of our Data Security Policy consistent with our obligations under the GDPR is available on our website and mobile apps terms and condition page.

Communications in Electronic Form

By accepting our website and mobile apps  terms and policy, you consent to receive communication in electronic form, and you agree that all Terms and condition, disclosures, and other notifications to you satisfy every legal requirement

The preceding does not affect your non-waivable rights.
You may opt-out of such email by unsubscribing or sending an email to


In the meantime, if you wish to submit a data request under the GDPR, or have any additional queries, please contact our UVA Limited privacy officer at

© 2020 UVA-UK Limited. All Rights Reserved.