Phone: 03301 333 013 Mobile: 07798 693 285 Email: info@ltcsoftware.co.uk

Your Data Protection Rights

GDPR Rights for Customers of Businesses Using Our CRM Platform

Overview

Last Updated: December 14, 2025 | Effective Date: December 14, 2025

If your personal information is stored by a business that uses LTC Software Ltd's CRM platform, you have important rights under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. This page explains your rights and how to exercise them.

Important: LTC Software Ltd acts as a Data Processor on behalf of the business that collected your information. The business is the Data Controller responsible for your data. You should direct your requests to the business first. If they are unresponsive, we can assist you.

Quick Navigation

Jump to section:

1. Your GDPR Rights | 2. Right to Access Your Data | 3. Right to Deletion (Erasure) | 4. Other Important Rights | 5. How to Submit a Request | 6. Contact Information

1. Your GDPR Rights

Under GDPR and UK data protection law, you have comprehensive rights regarding your personal data. These rights empower you to control how your information is collected, used, and shared by businesses.

Right to Access

Request a copy of all personal data a business holds about you, including how it's being used and who it's shared with.

Learn More

Right to Erasure

Request deletion of your personal data when it's no longer necessary or if you withdraw consent.

Learn More

Right to Rectification

Request correction of inaccurate or incomplete personal information held about you.

Learn More

Right to Portability

Receive your personal data in a machine-readable format to transfer to another service provider.

Learn More

Right to Object

Object to processing of your personal data for direct marketing or based on legitimate interests.

Learn More

Right to Restriction

Request that processing of your personal data be limited in certain circumstances.

Learn More

Who Should You Contact?

First Contact: The business that collected your information (the Data Controller) is responsible for responding to your requests. Contact them directly using their privacy contact details.

If Unresponsive: If the business does not respond within 30 days or refuses your request without valid reason, you can contact LTC Software Ltd for assistance at data@ltcsoftware.co.uk.

2. Right to Access Your Data (Subject Access Request)

You have the right to request a copy of all personal data a business holds about you. This is known as a Data Subject Access Request (DSAR) or Subject Access Request (SAR).

What Information Can You Request?

When you submit an access request, the business must provide you with:

  • Personal Data: All personal information they hold about you (name, email, phone, address, purchase history, etc.)
  • Processing Purposes: Why they are processing your data and the legal basis for doing so
  • Data Categories: The types of personal data they hold (contact details, transaction records, communication history, etc.)
  • Recipients: Who they have shared your data with (third-party services, marketing partners, etc.)
  • Retention Period: How long they plan to keep your data
  • Data Source: Where they obtained your data (if not directly from you)
  • Your Rights: Information about your rights to rectification, erasure, restriction, objection, and portability
  • Complaint Rights: Your right to lodge a complaint with the Information Commissioner's Office (ICO)

What Format Will You Receive?

The business must provide your data in a clear, structured, and commonly used format. Typically, this includes:

  • CSV or Excel Files: Spreadsheets containing your customer records and transaction history
  • PDF Documents: Formatted reports with your personal information and processing details
  • Email Copies: Copies of emails and communications sent to or about you
  • JSON Files: Machine-readable data for technical users or data portability

Response Timeline

1

Submit Request

Contact the business with your access request via email or their privacy contact form

2

Identity Verification (1-3 days)

The business may ask you to verify your identity to protect your data security

3

Data Compilation (Up to 30 days)

The business has one month from verification to provide your data (may extend to 3 months for complex requests)

4

Receive Your Data

You'll receive your data via secure email, download link, or postal mail

Is There a Fee?

No. Access requests are free of charge in most cases. The business can only charge a reasonable fee if:

  • Your request is manifestly unfounded or excessive (e.g., repeated identical requests)
  • You request additional copies of data already provided

If a fee is charged, the business must justify it and inform you before processing your request.

3. Right to Deletion (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances. This is also known as the "Right to be Forgotten" or "Right to Erasure".

When Can You Request Deletion?

You can request deletion of your personal data when one of the following applies:

  • No Longer Necessary: The data is no longer needed for the purpose it was collected (e.g., you're no longer a customer)
  • Consent Withdrawn: You withdraw consent and there's no other legal basis for processing
  • Objection to Processing: You object to processing and there are no overriding legitimate grounds
  • Unlawful Processing: Your data has been processed unlawfully or without proper legal basis
  • Legal Obligation: Deletion is required to comply with a legal obligation
  • Child's Data: Data was collected from a child without proper parental consent

When Can Deletion Be Refused?

The business may refuse your deletion request if they need to keep your data for:

  • Legal Compliance: To comply with legal obligations (e.g., tax records, financial reporting)
  • Contract Fulfillment: To fulfill contractual obligations or enforce terms of service
  • Legal Claims: To establish, exercise, or defend legal claims
  • Public Interest: For public health, scientific research, or archiving purposes
  • Freedom of Expression: To exercise the right to freedom of expression and information
Important: Even if the business refuses deletion, they must explain their reasons in writing. If you believe the refusal is unjustified, you can lodge a complaint with the Information Commissioner's Office (ICO).

What Gets Deleted?

When your deletion request is approved, the business must delete:

  • Customer Records: Your name, email, phone number, address, and other contact details
  • Transaction History: Purchase records, order details, and payment information (unless required for tax/legal compliance)
  • Communication Logs: Emails, messages, notes, and interaction history
  • Marketing Preferences: Consent records, subscription preferences, and marketing lists
  • Uploaded Files: Documents, images, or files you provided
  • Account Credentials: Login details and authentication information (if applicable)

Deletion Timeline

Immediate

Request Acknowledged

Business confirms receipt of your deletion request

1-30 Days

Request Processed

Business reviews request, verifies identity, and determines if deletion is appropriate

30-60 Days

Data Deleted

Personal data is permanently deleted from active systems and databases

60-90 Days

Backup Purge

Data is removed from encrypted backups (complete deletion)

What Happens After Deletion?

  • You'll receive written confirmation that your data has been deleted
  • The business can no longer contact you for marketing purposes
  • Your account (if applicable) will be permanently closed
  • You may need to create a new account if you wish to use their services again

4. Other Important Rights

In addition to access and deletion, you have several other important rights under GDPR that give you control over your personal data.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. The business must update your information without undue delay (typically within 30 days).

When to Use This Right:

  • Your contact details (email, phone, address) are incorrect or outdated
  • Your name is misspelled or recorded incorrectly
  • Your purchase history or transaction records contain errors
  • Any other personal information is inaccurate or incomplete

How to Request: Contact the business with the specific corrections needed and provide accurate information.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON) and to transmit that data to another service provider.

What Data Can Be Ported:

  • Data you provided to the business (contact details, preferences, purchase history)
  • Data processed based on consent or contract
  • Data processed by automated means (not manual records)

Common Use Case: Switching from one service provider to another and wanting to transfer your customer data.

How to Request: Ask the business for a data export in CSV, JSON, or Excel format.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, particularly for direct marketing or processing based on legitimate interests.

When You Can Object:

  • Direct Marketing: You can object to receiving marketing emails, SMS, or phone calls at any time (absolute right)
  • Legitimate Interests: You can object to processing based on the business's legitimate interests (they must stop unless they have compelling grounds)
  • Profiling: You can object to automated decision-making or profiling that affects you
  • Research/Statistics: You can object to processing for research or statistical purposes

How to Object: Click "Unsubscribe" in marketing emails or contact the business directly to object to other processing.

Right to Restriction of Processing

You have the right to request that the business limits how they use your data in certain circumstances. During restriction, they can store your data but not actively process it.

When You Can Request Restriction:

  • Accuracy Dispute: You contest the accuracy of your data (restriction applies while accuracy is verified)
  • Unlawful Processing: Processing is unlawful but you don't want deletion (prefer restriction instead)
  • No Longer Needed: Business no longer needs the data but you need it for legal claims
  • Objection Pending: You've objected to processing and are waiting for verification of legitimate grounds

What Happens: The business can store your data but cannot use it for other purposes without your consent or for legal claims.

Right to Withdraw Consent

If the business processes your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Examples of Consent-Based Processing:

  • Marketing emails and newsletters (you can unsubscribe anytime)
  • Optional data collection (surveys, feedback forms, loyalty programs)
  • Third-party data sharing for marketing purposes
  • Cookies and tracking technologies (you can change cookie preferences)

How to Withdraw: Click "Unsubscribe," update your preferences in account settings, or contact the business directly.

Right to Lodge a Complaint

If you believe a business has violated your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority.

Information Commissioner's Office (ICO)

  • Website: www.ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Online Reporting: You can report concerns online through the ICO website

When to Complain: If the business refuses your request without valid reason, fails to respond within 30 days, or violates your data protection rights.

5. How to Submit a GDPR Request

Follow these steps to exercise your GDPR rights effectively. Remember, you should contact the business that collected your data first.

Step-by-Step Process

1

Identify the Business (Data Controller)

Determine which business collected and stores your personal data. This is usually the company you interacted with (made a purchase, signed up for services, etc.).

  • Check their website for privacy policy or data protection contact details
  • Look for "Privacy," "Data Protection," or "Contact Us" pages
  • Review emails or communications for privacy contact information
2

Prepare Your Request

Clearly state which right you wish to exercise and provide necessary details:

  • Your Identity: Full name, email address, account number (if applicable)
  • Request Type: Specify which right (access, deletion, rectification, etc.)
  • Details: Provide specific information (e.g., "Delete all my personal data" or "Provide copy of all data you hold about me")
  • Preferred Format: For access requests, specify format (CSV, PDF, email)
3

Submit Your Request

Contact the business using their designated privacy contact method:

  • Email: Send to their data protection or privacy email address (e.g., privacy@business.com, dpo@business.com)
  • Contact Form: Use their website's privacy request form or contact page
  • Postal Mail: Send a written request to their registered business address
  • Phone: Call their customer service and ask to speak with data protection team
4

Verify Your Identity

The business may ask you to verify your identity to protect your data security:

  • Provide proof of identity (copy of ID, passport, driver's license)
  • Confirm account details (email, phone number, order numbers)
  • Answer security questions
  • Verify via email link or SMS code
5

Wait for Response

The business must respond within one month (30 days) of receiving your request:

  • They should acknowledge receipt within a few days
  • For complex requests, they may extend to 3 months (must inform you)
  • They must explain any refusal in writing with valid reasons
  • You can escalate to ICO if they fail to respond or refuse without valid reason
6

Escalate if Necessary

If the business does not respond or refuses your request without valid reason:

  • Contact LTC Software Ltd: Email data@ltcsoftware.co.uk for assistance
  • Lodge ICO Complaint: File a complaint with the Information Commissioner's Office
  • Seek Legal Advice: Consult a solicitor specializing in data protection law

Sample Request Templates

Sample Access Request Email

Sample Deletion Request Email

6. Contact Information

If you need assistance exercising your GDPR rights or if a business using our platform is unresponsive to your requests, we are here to help.

Data Protection & GDPR Requests

For all GDPR requests and data protection inquiries

data@ltcsoftware.co.uk

When to Contact LTC Software Ltd

  • The business has not responded to your GDPR request within 30 days
  • The business refuses your request without providing valid legal reasons
  • You cannot identify or contact the business that holds your data
  • You need technical assistance understanding your data or rights
  • You believe the business is using our platform to violate data protection laws

Response Time: We aim to respond to customer rights inquiries within 5 business days. We will investigate your concern and work with the business to ensure your rights are respected.

Remember: As a Data Processor, LTC Software Ltd can assist and facilitate your requests, but the business (Data Controller) is ultimately responsible for responding to your GDPR requests.

Need Help Exercising Your Rights?

Our customer rights team is here to assist you with GDPR requests and data protection concerns.