Your Data Rights

Under the UK General Data Protection Regulation (UK GDPR) you have several rights over the personal data RestoreTrade holds about you. This page lists each right, the law it comes from, and the fastest way to exercise it. For background see our privacy policy.

1. Right of access (Article 15)

Get a complete copy of your personal data in a machine-readable format.

Email alternative: privacy@restoretrade.co.uk — we respond within one month per UK GDPR.

2. Right to rectification (Article 16)

Correct inaccurate or incomplete personal data.

For listing data, sign in and use the dashboard at /dashboard/ (Phase 0c.5). Your edits go through a moderation queue before publication. For account-level data (email address, name), email privacy@restoretrade.co.uk.

3. Right to erasure (Article 17 — "right to be forgotten")

Delete your account and personal data.

What gets deleted vs preserved:

• Deleted: your auth.users record, claim records, session cookies
• Anonymised (FK nulled, displayed name → "Anonymous (deletion request)"): reviews, business submissions, reports
• Preserved with FK nulled: businesses you owned (listing remains; ownership link severed), audit-log entries

We anonymise rather than cascade-delete reviews because a review is a public statement about a business, not personal data about you. After anonymisation no one can link the review back to your identity through our system.

Email alternative: remove@restoretrade.co.uk from the address registered on your account.

4. Right to restriction (Article 18)

Pause processing while you contest accuracy or object to processing.

Email privacy@restoretrade.co.uk with the listing or account in question and the reason for restriction. We will mark the data restricted within 5 working days and confirm by reply.

5. Right to data portability (Article 20)

Receive your data in a structured, commonly-used, machine-readable format and have it transmitted to another controller.

Use the access endpoint above — the JSON archive format is portable, openly documented, and suitable for direct import into another directory service. We are happy to coordinate a controller-to-controller transfer where the receiving party can accept JSON over HTTPS.

6. Right to object (Article 21)

Object to processing carried out on the legitimate-interest basis (see privacy policy §4).

Email privacy@restoretrade.co.uk. We will pause the relevant processing while we assess whether our legitimate interests are overridden by your particular circumstances, and either confirm restriction or explain our reasoning within one month.

7. Right to withdraw consent (Article 7(3))

Where processing is based on consent (e.g. listing submission), you may withdraw it at any time. Use the erasure endpoint above to remove the data, or email privacy@restoretrade.co.uk.

8. Right to lodge a complaint with the ICO

If you believe we have failed in our data-protection obligations, you may complain to the UK Information Commissioner's Office:

• Web: ico.org.uk/make-a-complaint
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

9. Identity verification

For requests made by email rather than via authenticated endpoints, we may ask for additional information to verify your identity. We do this to protect your data from unauthorised disclosure. We do not retain identity-verification material beyond the life of the request.

10. Response times and fees

We respond to data-subject requests within one month per UK GDPR Article 12(3), extendable by two further months for complex or numerous requests with explanation. Requests are free, except where they are manifestly unfounded or excessive — in which case we may either charge a reasonable fee or refuse the request, per Article 12(5).