⚖ UK GDPR · EU GDPR 2016/679

GDPR Statement

Last updated: 1 January 2026 · AURA OPERATIONS LTD
Contents
1. Our Commitment 2. Controller vs Processor 3. Processing Principles 4. Data Subject Rights 5. International Transfers 6. Data Protection Officer

1. Our Commitment to GDPR

AURA OPERATIONS LTD is committed to full compliance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), and the Data Protection Act 2018. We have implemented comprehensive data protection measures across our engineering, legal, and operational functions.

This statement summarises our GDPR posture for prospective customers, enterprise procurement teams, and data protection authorities.

2. Controller and Processor Roles

As a Controller: Shok-IS is the data controller for personal data collected directly from our users — including name, email, billing information, and account usage data. We process this data under the legal bases described in our Privacy Policy.

As a Processor: When customers submit personal data via the prediction API, Shok-IS acts as a data processor on behalf of the customer (controller). A Data Processing Agreement (DPA) is available and required for all customers processing personal data through the API.

3. Data Processing Principles

We adhere to the six UK GDPR processing principles:

  • Lawfulness, fairness, transparency — We have a documented legal basis for all processing activities
  • Purpose limitation — Data is collected for specified, explicit, and legitimate purposes only
  • Data minimisation — We collect only data that is adequate, relevant, and limited to what is necessary
  • Accuracy — We maintain processes to keep personal data accurate and up to date
  • Storage limitation — Data is retained only as long as necessary per published retention schedules
  • Integrity and confidentiality — Technical and organisational measures protect data against unauthorised processing

4. Data Subject Rights Handling

We have implemented processes to respond to all UK GDPR and EU GDPR data subject rights within the statutory 30-day period:

  • Subject Access Requests (SAR) — Submit to contact@shok-intelligence.com
  • Right to Erasure — Account deletion available via dashboard or email request
  • Data Portability — Export available in JSON format via API or dashboard
  • Consent Withdrawal — Marketing preferences manageable via account settings

5. International Data Transfers

Primary data processing occurs in the United Kingdom (AWS eu-west-2, London). Where cross-border transfers are necessary, they are governed by:

  • UK Adequacy Regulations for EEA transfers post-Brexit
  • Standard Contractual Clauses (SCCs) as approved by the UK ICO for US-based sub-processors
  • EU-US Data Privacy Framework where applicable

6. Data Protection Officer

AURA OPERATIONS LTD has appointed a Data Protection Officer responsible for overseeing our GDPR compliance programme.

Contact: contact@shok-intelligence.com
ICO Registration Number: ZB[XXXXXX]
Supervisory Authority: UK Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

EU customers may also contact the supervisory authority in their EU member state.