GDPR & Data Protection

1. Our Commitment

[Company Name] Ltd ("RemovalBroker") is committed to protecting and respecting the privacy of everyone who uses our service. We believe in transparency about how and why we process personal data, and we are committed to maintaining the highest standards of data protection.

We process personal data only where we have a lawful basis to do so, only for the purposes for which it was collected, and only for as long as is necessary. We never sell personal data, and we never share it with third parties beyond what is necessary to provide the matching service.

2. Applicable Legislation

Our data handling practices comply with:

• UK General Data Protection Regulation (UK GDPR) — the retained EU law version of the GDPR as it applies in the UK following Brexit
• Data Protection Act 2018 (DPA 2018) — the UK's domestic legislation supplementing the UK GDPR
• Privacy and Electronic Communications Regulations 2003 (PECR) — governing cookies and electronic marketing

3. Data Controller Details

For the purposes of the UK GDPR, the data controller is:

• Company: [Company Name] Ltd
• Company Number: [XXXXXXXX]
• Registered Address: [Registered Address]
• ICO Registration Number: [ZXXXXXXX]
• Data Protection Contact: privacy@removalbroker.co.uk

We have not appointed a formal Data Protection Officer (DPO) as we are not required to do so under Article 37 of the UK GDPR. However, all data protection enquiries are handled directly by our management team.

4. Data Protection Principles

We adhere to the seven data protection principles set out in Article 5 of the UK GDPR:

• Lawfulness, fairness, and transparency — we process data on a valid legal basis and are open about how we use it
• Purpose limitation — data is collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes
• Data minimisation — we only collect data that is adequate, relevant, and limited to what is necessary
• Accuracy — we take reasonable steps to keep data accurate and up to date
• Storage limitation — data is kept no longer than necessary for the stated purpose
• Integrity and confidentiality — data is processed securely using appropriate technical and organisational measures
• Accountability — we are responsible for and can demonstrate compliance with all of the above

5. Lawful Bases for Processing

We rely on the following lawful bases (Article 6 UK GDPR) depending on the type of processing:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the removal matching service you requested
• Legitimate interests (Art. 6(1)(f)): Fraud prevention, site security, and aggregated analytics — where these are not overridden by your interests or rights
• Legal obligation (Art. 6(1)(c)): Retaining financial records as required by law
• Consent (Art. 6(1)(a)): Non-essential cookies and optional communications — you can withdraw consent at any time

6. Your Rights Under UK GDPR

We do not make any solely automated decisions that produce legal or similarly significant effects.

7. Submitting a Data Subject Request

To exercise any of the rights listed above, submit your request in writing to privacy@removalbroker.co.uk. Include your full name and the email address associated with your account so we can verify your identity.

We will respond within 30 calendar days. Where a request is complex or we receive a high volume of requests, we may extend this by a further two months — we will notify you within the first 30 days if this applies. All requests are handled free of charge unless manifestly unfounded or excessive.

8. Data Breach Procedure

We maintain an internal data breach register and have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

• Notify the ICO within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
• Document the breach, its effects, and the remedial action taken

9. Data Processing Agreements

Where we engage third-party processors (such as hosting or email providers) who process personal data on our behalf, we ensure a written Data Processing Agreement (DPA) is in place that meets the requirements of Article 28 UK GDPR. All processors are required to:

• Process data only on our documented instructions
• Implement appropriate technical and organisational security measures
• Not engage sub-processors without our prior written consent
• Assist us in responding to data subject requests and fulfilling our legal obligations
• Delete or return all personal data upon termination of the agreement

10. ICO Registration & Complaints

[Company Name] Ltd is registered with the Information Commissioner's Office (ICO) under registration number [ZXXXXXXX].

If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with the ICO:

• Website: ico.org.uk/make-a-complaint
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We would, however, appreciate the opportunity to address your concern before you contact the ICO. Please reach out to us first at privacy@removalbroker.co.uk.