Your Data Rights

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the HACCP plan generation service you signed up for.
• Legitimate interest (Art. 6(1)(f)): Analytics on platform usage to improve service quality (never on the content you create).
• Consent (Art. 6(1)(a)): Marketing emails and non-essential cookies — you can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Retaining payment records as required by tax and accounting regulations.

You can request a complete copy of all personal data we hold about you, including your account details, generated plans, drafts, and payment history. We will provide this in a structured, commonly used format (JSON or CSV) within 30 days of your request.

If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly from your account settings, or contact us for changes that require manual processing.

You can request the permanent deletion of your account and all associated data — the “right to be forgotten.” Upon receiving your request:

• Your account and profile data are immediately logically deleted.
• Your generated plans, drafts, and builder responses are permanently purged.
• Backup copies are fully removed within 30 days.
• Payment records may be retained where required by law (e.g. tax obligations), but are anonymised.

You can request your personal data in a structured, machine-readable format (JSON or CSV). This includes your account information and all generated HACCP plans. You can also request that we transmit this data directly to another service provider where technically feasible.

You can request that we temporarily stop processing your data while we resolve a dispute about data accuracy, or if you have objected to processing and we are evaluating your request. During restriction, your data is stored but not actively processed.

You can object to the processing of your personal data based on our legitimate interests. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds. You can object to marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.

For any data rights requests or questions about how we handle your data, contact our Data Protection Officer:

• Email: support@ilovehaccp.com
• Subject line: “GDPR Request”

We respond to all valid requests within 30 days. If your request is complex, we may extend this by a further 60 days, but we will notify you of any extension within the initial 30-day period.

If you believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or the relevant supervisory authority in your EU member state.