GDPR Rights for Customers of Businesses Using Our CRM Platform

Last Updated: December 14, 2025 | Effective Date: December 14, 2025
If your personal information is stored by a business that uses LTC Software Ltd's CRM platform, you have important rights under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. This page explains your rights and how to exercise them.
Jump to section:
1. Your GDPR Rights | 2. Right to Access Your Data | 3. Right to Deletion (Erasure) | 4. Other Important Rights | 5. How to Submit a Request | 6. Contact Information
Under GDPR and UK data protection law, you have comprehensive rights regarding your personal data. These rights empower you to control how your information is collected, used, and shared by businesses.
Request a copy of all personal data a business holds about you, including how it's being used and who it's shared with.
Learn MoreRequest deletion of your personal data when it's no longer necessary or if you withdraw consent.
Learn MoreRequest correction of inaccurate or incomplete personal information held about you.
Learn MoreReceive your personal data in a machine-readable format to transfer to another service provider.
Learn MoreObject to processing of your personal data for direct marketing or based on legitimate interests.
Learn MoreRequest that processing of your personal data be limited in certain circumstances.
Learn MoreFirst Contact: The business that collected your information (the Data Controller) is responsible for responding to your requests.
Contact them directly using their privacy contact details.
If Unresponsive: If the business does not respond within 30 days or refuses your request without valid reason,
you can contact LTC Software Ltd for assistance at data@ltcsoftware.co.uk.
You have the right to request a copy of all personal data a business holds about you. This is known as a Data Subject Access Request (DSAR) or Subject Access Request (SAR).
When you submit an access request, the business must provide you with:
The business must provide your data in a clear, structured, and commonly used format. Typically, this includes:
Contact the business with your access request via email or their privacy contact form
The business may ask you to verify your identity to protect your data security
The business has one month from verification to provide your data (may extend to 3 months for complex requests)
You'll receive your data via secure email, download link, or postal mail
No. Access requests are free of charge in most cases. The business can only charge a reasonable fee if:
If a fee is charged, the business must justify it and inform you before processing your request.
You have the right to request deletion of your personal data in certain circumstances. This is also known as the "Right to be Forgotten" or "Right to Erasure".
You can request deletion of your personal data when one of the following applies:
The business may refuse your deletion request if they need to keep your data for:
When your deletion request is approved, the business must delete:
Business confirms receipt of your deletion request
Business reviews request, verifies identity, and determines if deletion is appropriate
Personal data is permanently deleted from active systems and databases
Data is removed from encrypted backups (complete deletion)
In addition to access and deletion, you have several other important rights under GDPR that give you control over your personal data.
You have the right to request correction of inaccurate or incomplete personal data. The business must update your information without undue delay (typically within 30 days).
How to Request: Contact the business with the specific corrections needed and provide accurate information.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON) and to transmit that data to another service provider.
Common Use Case: Switching from one service provider to another and wanting to transfer your customer data.
How to Request: Ask the business for a data export in CSV, JSON, or Excel format.
You have the right to object to processing of your personal data in certain circumstances, particularly for direct marketing or processing based on legitimate interests.
How to Object: Click "Unsubscribe" in marketing emails or contact the business directly to object to other processing.
You have the right to request that the business limits how they use your data in certain circumstances. During restriction, they can store your data but not actively process it.
What Happens: The business can store your data but cannot use it for other purposes without your consent or for legal claims.
If the business processes your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
How to Withdraw: Click "Unsubscribe," update your preferences in account settings, or contact the business directly.
If you believe a business has violated your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority.
When to Complain: If the business refuses your request without valid reason, fails to respond within 30 days, or violates your data protection rights.
Follow these steps to exercise your GDPR rights effectively. Remember, you should contact the business that collected your data first.
Determine which business collected and stores your personal data. This is usually the company you interacted with (made a purchase, signed up for services, etc.).
Clearly state which right you wish to exercise and provide necessary details:
Contact the business using their designated privacy contact method:
The business may ask you to verify your identity to protect your data security:
The business must respond within one month (30 days) of receiving your request:
If the business does not respond or refuses your request without valid reason:
Subject: Data Subject Access Request - [Your Name]
Dear [Business Name] Data Protection Team,
I am writing to exercise my right to access under Article 15 of the GDPR. I would like to request a copy of all personal data you hold about me.
My Details:
Name: [Your Full Name]
Email: [Your Email Address]
Account Number (if applicable): [Account Number]
Please provide the data in CSV or PDF format and send it to this email address within 30 days as required by law.
If you require any additional information to verify my identity, please let me know.
Thank you for your assistance.
Sincerely,
[Your Name]
Subject: Data Deletion Request - [Your Name]
Dear [Business Name] Data Protection Team,
I am writing to exercise my right to erasure under Article 17 of the GDPR. I would like to request the deletion of all personal data you hold about me.
My Details:
Name: [Your Full Name]
Email: [Your Email Address]
Account Number (if applicable): [Account Number]
I no longer wish to use your services and request that you permanently delete all my personal information, including contact details, transaction history, and communication records.
Please confirm in writing once the deletion is complete, within 30 days as required by law.
Thank you for your assistance.
Sincerely,
[Your Name]
If you need assistance exercising your GDPR rights or if a business using our platform is unresponsive to your requests, we are here to help.
For all GDPR requests and data protection inquiries
data@ltcsoftware.co.ukResponse Time: We aim to respond to customer rights inquiries within 5 business days. We will investigate your concern and work with the business to ensure your rights are respected.
Remember: As a Data Processor, LTC Software Ltd can assist and facilitate your requests, but the business (Data Controller) is ultimately responsible for responding to your GDPR requests.
Our customer rights team is here to assist you with GDPR requests and data protection concerns.
© Copyright 2026 www.ltcsoftware.co.uk