GDPR Compliance Statement

Last Updated: May 27, 2026

1. Our Commitment to Data Protection

watt-outlook is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and ensure that all personal data is processed lawfully, fairly, and transparently.

2. Data Controller Information

Data Controller: watt-outlook
Address: 42 Wellington Street, Manchester, M1 4EQ, United Kingdom
Email: [email protected]

3. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Full name
  • Contact Data: Email address, physical address
  • Service Data: Appliance type, repair history, service requests
  • Technical Data: IP address, browser type, device information
  • Usage Data: How you interact with our website

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

4.1 Performance of Contract (Article 6(1)(b))

We process your data to fulfill our contractual obligations when you book a repair service, including:

  • Scheduling and performing repair services
  • Communicating about appointments
  • Processing payments
  • Providing customer support

4.2 Consent (Article 6(1)(a))

For certain processing activities, we rely on your explicit consent:

  • Marketing communications
  • Non-essential cookies
  • Newsletter subscriptions

4.3 Legitimate Interests (Article 6(1)(f))

We may process your data based on our legitimate business interests:

  • Improving our services and website
  • Fraud prevention and security
  • Business analytics and reporting
  • Responding to legal requests

4.4 Legal Obligation (Article 6(1)(c))

We process certain data to comply with legal and regulatory requirements, including tax and accounting obligations.

5. Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

5.1 Right of Access (Article 15)

You have the right to request a copy of all personal data we hold about you. We will provide this information free of charge in a commonly used electronic format.

5.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data we hold about you.

5.3 Right to Erasure / Right to be Forgotten (Article 17)

You can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

5.4 Right to Restriction of Processing (Article 18)

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data.

5.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

5.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

5.7 Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.

6. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

7. Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection
  • Secure backup procedures
  • Incident response procedures

8. Data Retention

We retain personal data only for as long as necessary:

  • Service Records: 7 years (for legal and tax compliance)
  • Marketing Data: Until consent is withdrawn or 2 years of inactivity
  • Website Analytics: 26 months
  • Cookie Data: As specified in our Cookies Policy

9. Data Sharing and Third Parties

We only share your data with third parties when necessary:

  • Service Providers: Payment processors, email services (under data processing agreements)
  • Legal Authorities: When required by law
  • Professional Advisors: Lawyers, accountants (under confidentiality obligations)

All third-party processors are carefully selected and contractually bound to comply with UK GDPR requirements.

10. International Data Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place:

  • Transfer to countries with adequacy decisions
  • Standard Contractual Clauses approved by UK authorities
  • Binding Corporate Rules

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • We will notify affected individuals without undue delay if the breach poses a high risk
  • Notifications will include the nature of the breach, likely consequences, and measures taken

12. Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process data from children. If you believe we have collected data from a child, please contact us immediately.

13. Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. The "Last Updated" date at the top indicates when changes were last made.

14. Supervisory Authority

You have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
Online Reporting: ico.org.uk/make-a-complaint/

15. Contact Our Data Protection Officer

For any questions about our GDPR compliance or data protection practices:

Email: [email protected]
Subject: "Data Protection Inquiry"