Privacy Policy
1. General Provisions
This Privacy Policy outlines how RefundLaw (hereinafter referred to as the “Controller”) processes and protects personal data in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It explains the legal basis, scope, and purposes of processing, as well as your rights as a data subject.
1.1. The Controller considers the protection of individuals’ rights and freedoms when processing personal data — including the right to privacy and family life — to be of utmost importance in its operations.
1.2. This Privacy Policy applies to all information that the Controller may collect about visitors to the website https://refundlaw.co.uk.
2. Key Definitions
2.1. Automated processing — processing of personal data by means of automated systems or software.
2.2. Data blocking — a temporary suspension of data processing, except where processing is required to clarify or verify data.
2.3. Website — the collection of digital content and associated infrastructure available at https://refundlaw.co.uk.
2.4. Personal data information system — a structured set of personal data stored in databases and processed using information technologies.
2.5. Anonymisation — processing personal data in a way that the individual can no longer be identified without additional information.
2.6. Processing — any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction, whether or not by automated means.
2.7. Controller — an individual or legal entity, public authority, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
2.8. Personal data — any information relating to an identified or identifiable natural person (“data subject”), including visitors to the website.
2.9. Data made public by the data subject — personal data that the data subject has explicitly made available to the public.
2.10. User — any visitor to the website https://refundlaw.co.uk.
2.11. Disclosure — making personal data available to a specific person or group.
2.12. Dissemination — making personal data available to the public or an unspecified group, including via media or online platforms.
2.13. International transfer — transferring personal data to a third country or international organisation.
2.14. Erasure — permanent destruction of personal data such that it cannot be recovered.
3. Rights and Obligations of the Controller
3.1. The Controller has the right to:
– request accurate and up-to-date personal data from data subjects;
– continue processing personal data if the data subject withdraws consent, provided there is a lawful basis for doing so under the UK GDPR;
– independently determine and implement appropriate technical and organisational measures to ensure data protection compliance, unless otherwise required by law.
3.2. The Controller is obligated to:
– provide data subjects with information on how their personal data is processed, upon request;
– process personal data lawfully, fairly, and transparently in accordance with the UK GDPR;
– respond to data subject requests in accordance with legal timeframes;
– cooperate with the UK Information Commissioner’s Office (ICO) upon request and provide required information within 10 working days;
– publish and maintain public access to this Privacy Policy;
– implement appropriate legal, organisational, and technical safeguards to protect personal data against unauthorised access, alteration, loss, or destruction;
– cease dissemination and processing of personal data when legally required and ensure proper erasure or anonymisation;
– comply with all other obligations outlined in applicable data protection legislation.
4. Rights and Obligations of Data Subjects
4.1. Data subjects have the right to:
– obtain information about the processing of their personal data, except in cases where such disclosure is restricted by law. The information is provided in a clear and accessible format, and shall not include data relating to other individuals unless legally justified;
– request the rectification, restriction, or erasure of their personal data where it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the purpose for which it was collected;
– object to the processing of their personal data for direct marketing purposes;
– withdraw their consent to the processing of personal data at any time;
– lodge a complaint with the Information Commissioner’s Office (ICO) or take legal action if they believe their data rights have been infringed;
– exercise any other rights provided under UK data protection laws.
4.2. Data subjects are responsible for:
– providing accurate and up-to-date personal data;
– informing the Controller of any changes to their personal data.
4.3. Individuals who submit false information or data relating to third parties without valid consent may be held liable under applicable laws.
5. Principles of Data Processing
5.1. Personal data must be processed lawfully, fairly, and transparently.
5.2. Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
5.3. Combining databases for incompatible processing purposes is not permitted.
5.4. Only personal data relevant and necessary for the stated purposes shall be processed.
5.5. The scope and content of personal data processed must be proportionate to the processing purpose.
5.6. Personal data must be accurate, complete, and kept up to date where necessary. Measures will be taken to rectify or erase inaccurate or incomplete data.
5.7. Data shall not be retained longer than necessary for the purposes for which it was collected, unless required by law or contractual obligation. Upon completion of processing purposes, data will be securely deleted or anonymised.
6. Purpose of Data Processing
– Purpose: To provide updates and information to the User via email.
– Type of processing: Transmission of personal data.
7. Legal Basis for Processing
7.1. Data is processed with the explicit consent of the data subject.
7.2. Processing is necessary for compliance with legal obligations under UK law.
7.3. Processing may be required to comply with a court order or legal obligation.
7.4. Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at their request prior to entering into a contract.
7.5. Processing may be necessary for the legitimate interests of the Controller or a third party, provided such interests are not overridden by the data subject’s rights.
7.6. Processing may apply to data made publicly available by the data subject.
7.7. Processing may be required by legal obligations to disclose or publish specific categories of data.
8. Collection, Storage, Transmission and Other Types of Processing
The Controller ensures the security of personal data through the use of legal, technical, and organisational safeguards in accordance with UK data protection legislation.
8.1. The Controller undertakes all reasonable measures to prevent unauthorised access to personal data.
8.2. Personal data will not be disclosed to third parties without the data subject’s consent, unless required by law or necessary for the fulfilment of a contractual obligation.
8.3. If a data subject identifies inaccuracies in their personal data, they may contact the Controller at iretexer@gmail.com with the subject “Personal Data Update”.
8.4. The duration of data processing depends on the purpose for which it was collected or the terms of a contract or legal requirement. Consent may be withdrawn at any time by emailing iretexer@gmail.com with the subject “Withdrawal of Consent”.
8.5. Information collected by third-party services (e.g., payment systems, communication providers) is processed in accordance with those third parties’ privacy policies. The Controller accepts no responsibility for third-party data practices.
8.6. Any restrictions imposed by the data subject regarding disclosure or processing of public data shall not apply where processing is necessary in the public interest or as required by law.
8.7. The Controller maintains the confidentiality of personal data.
8.8. Personal data is stored in an identifiable format no longer than is necessary for the purpose of processing, unless otherwise required by law or contract.
8.9. Processing may be terminated upon completion of the processing purpose, expiration or withdrawal of consent, or discovery of unlawful processing.
9. Data Processing Activities
9.1. The Controller may carry out the following operations: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, anonymisation, restriction, erasure, and destruction of personal data.
9.2. Automated processing may include transmitting data over electronic networks or processing it internally.
10. International Data Transfers
10.1. If personal data is transferred outside the UK, such transfers will comply with UK GDPR requirements and may be subject to additional safeguards such as adequacy regulations or standard contractual clauses.
10.2. Prior to transferring data to third countries, the Controller shall assess the legal framework of the recipient jurisdiction and ensure appropriate data protection measures are in place.
11. Confidentiality
The Controller and any third parties with access to personal data are obligated not to disclose it without the data subject’s consent, unless required by law.
12. Final Provisions
12.1. For any queries or requests concerning the processing of personal data, Users may contact the Controller at iretexer@gmail.com.
12.2. Any changes to this Privacy Policy will be reflected in this document. The current version remains in effect until replaced.
12.3. The latest version of this Privacy Policy is always available at: https://refundlaw.co.uk/privacy-policy
This Privacy Policy outlines how RefundLaw (hereinafter referred to as the “Controller”) processes and protects personal data in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It explains the legal basis, scope, and purposes of processing, as well as your rights as a data subject.
1.1. The Controller considers the protection of individuals’ rights and freedoms when processing personal data — including the right to privacy and family life — to be of utmost importance in its operations.
1.2. This Privacy Policy applies to all information that the Controller may collect about visitors to the website https://refundlaw.co.uk.
2. Key Definitions
2.1. Automated processing — processing of personal data by means of automated systems or software.
2.2. Data blocking — a temporary suspension of data processing, except where processing is required to clarify or verify data.
2.3. Website — the collection of digital content and associated infrastructure available at https://refundlaw.co.uk.
2.4. Personal data information system — a structured set of personal data stored in databases and processed using information technologies.
2.5. Anonymisation — processing personal data in a way that the individual can no longer be identified without additional information.
2.6. Processing — any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction, whether or not by automated means.
2.7. Controller — an individual or legal entity, public authority, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
2.8. Personal data — any information relating to an identified or identifiable natural person (“data subject”), including visitors to the website.
2.9. Data made public by the data subject — personal data that the data subject has explicitly made available to the public.
2.10. User — any visitor to the website https://refundlaw.co.uk.
2.11. Disclosure — making personal data available to a specific person or group.
2.12. Dissemination — making personal data available to the public or an unspecified group, including via media or online platforms.
2.13. International transfer — transferring personal data to a third country or international organisation.
2.14. Erasure — permanent destruction of personal data such that it cannot be recovered.
3. Rights and Obligations of the Controller
3.1. The Controller has the right to:
– request accurate and up-to-date personal data from data subjects;
– continue processing personal data if the data subject withdraws consent, provided there is a lawful basis for doing so under the UK GDPR;
– independently determine and implement appropriate technical and organisational measures to ensure data protection compliance, unless otherwise required by law.
3.2. The Controller is obligated to:
– provide data subjects with information on how their personal data is processed, upon request;
– process personal data lawfully, fairly, and transparently in accordance with the UK GDPR;
– respond to data subject requests in accordance with legal timeframes;
– cooperate with the UK Information Commissioner’s Office (ICO) upon request and provide required information within 10 working days;
– publish and maintain public access to this Privacy Policy;
– implement appropriate legal, organisational, and technical safeguards to protect personal data against unauthorised access, alteration, loss, or destruction;
– cease dissemination and processing of personal data when legally required and ensure proper erasure or anonymisation;
– comply with all other obligations outlined in applicable data protection legislation.
4. Rights and Obligations of Data Subjects
4.1. Data subjects have the right to:
– obtain information about the processing of their personal data, except in cases where such disclosure is restricted by law. The information is provided in a clear and accessible format, and shall not include data relating to other individuals unless legally justified;
– request the rectification, restriction, or erasure of their personal data where it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the purpose for which it was collected;
– object to the processing of their personal data for direct marketing purposes;
– withdraw their consent to the processing of personal data at any time;
– lodge a complaint with the Information Commissioner’s Office (ICO) or take legal action if they believe their data rights have been infringed;
– exercise any other rights provided under UK data protection laws.
4.2. Data subjects are responsible for:
– providing accurate and up-to-date personal data;
– informing the Controller of any changes to their personal data.
4.3. Individuals who submit false information or data relating to third parties without valid consent may be held liable under applicable laws.
5. Principles of Data Processing
5.1. Personal data must be processed lawfully, fairly, and transparently.
5.2. Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
5.3. Combining databases for incompatible processing purposes is not permitted.
5.4. Only personal data relevant and necessary for the stated purposes shall be processed.
5.5. The scope and content of personal data processed must be proportionate to the processing purpose.
5.6. Personal data must be accurate, complete, and kept up to date where necessary. Measures will be taken to rectify or erase inaccurate or incomplete data.
5.7. Data shall not be retained longer than necessary for the purposes for which it was collected, unless required by law or contractual obligation. Upon completion of processing purposes, data will be securely deleted or anonymised.
6. Purpose of Data Processing
– Purpose: To provide updates and information to the User via email.
– Type of processing: Transmission of personal data.
7. Legal Basis for Processing
7.1. Data is processed with the explicit consent of the data subject.
7.2. Processing is necessary for compliance with legal obligations under UK law.
7.3. Processing may be required to comply with a court order or legal obligation.
7.4. Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at their request prior to entering into a contract.
7.5. Processing may be necessary for the legitimate interests of the Controller or a third party, provided such interests are not overridden by the data subject’s rights.
7.6. Processing may apply to data made publicly available by the data subject.
7.7. Processing may be required by legal obligations to disclose or publish specific categories of data.
8. Collection, Storage, Transmission and Other Types of Processing
The Controller ensures the security of personal data through the use of legal, technical, and organisational safeguards in accordance with UK data protection legislation.
8.1. The Controller undertakes all reasonable measures to prevent unauthorised access to personal data.
8.2. Personal data will not be disclosed to third parties without the data subject’s consent, unless required by law or necessary for the fulfilment of a contractual obligation.
8.3. If a data subject identifies inaccuracies in their personal data, they may contact the Controller at iretexer@gmail.com with the subject “Personal Data Update”.
8.4. The duration of data processing depends on the purpose for which it was collected or the terms of a contract or legal requirement. Consent may be withdrawn at any time by emailing iretexer@gmail.com with the subject “Withdrawal of Consent”.
8.5. Information collected by third-party services (e.g., payment systems, communication providers) is processed in accordance with those third parties’ privacy policies. The Controller accepts no responsibility for third-party data practices.
8.6. Any restrictions imposed by the data subject regarding disclosure or processing of public data shall not apply where processing is necessary in the public interest or as required by law.
8.7. The Controller maintains the confidentiality of personal data.
8.8. Personal data is stored in an identifiable format no longer than is necessary for the purpose of processing, unless otherwise required by law or contract.
8.9. Processing may be terminated upon completion of the processing purpose, expiration or withdrawal of consent, or discovery of unlawful processing.
9. Data Processing Activities
9.1. The Controller may carry out the following operations: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, anonymisation, restriction, erasure, and destruction of personal data.
9.2. Automated processing may include transmitting data over electronic networks or processing it internally.
10. International Data Transfers
10.1. If personal data is transferred outside the UK, such transfers will comply with UK GDPR requirements and may be subject to additional safeguards such as adequacy regulations or standard contractual clauses.
10.2. Prior to transferring data to third countries, the Controller shall assess the legal framework of the recipient jurisdiction and ensure appropriate data protection measures are in place.
11. Confidentiality
The Controller and any third parties with access to personal data are obligated not to disclose it without the data subject’s consent, unless required by law.
12. Final Provisions
12.1. For any queries or requests concerning the processing of personal data, Users may contact the Controller at iretexer@gmail.com.
12.2. Any changes to this Privacy Policy will be reflected in this document. The current version remains in effect until replaced.
12.3. The latest version of this Privacy Policy is always available at: https://refundlaw.co.uk/privacy-policy
