Privacy Policy

1. Introduction

Mover Helper ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our moving services platform.

This policy applies to all users of our website, mobile application, and services. By using Mover Helper, you consent to the data practices described in this policy.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy should be read in conjunction with our Terms and Conditions.

2. Data Controller

Mover Helper is the data controller responsible for your personal data. Our contact details are provided in Section 14 of this policy.

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer using the contact information provided below.

3. Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide to Us

• Account Information: Name, email address, phone number, password (encrypted)
• Booking Information: Moving dates, pickup and delivery addresses, property details, inventory of items
• Payment Information: Processed securely through Stripe (we do not store complete card details)
• Communication Data: Your messages, inquiries, feedback, and support requests
• Marketing Preferences: Your communication preferences and consent for marketing communications

3.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent on pages, search queries
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: Approximate location based on IP address and precise location data when you provide addresses
• Cookies and Tracking Technologies: See Section 9 for detailed information

3.3 Information from Third Parties

• Google Maps: Address validation, geocoding, and distance calculations
• Stripe: Payment processing and transaction information
• Email Service Provider (Resend): Email delivery status and engagement metrics

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 Service Delivery

• Processing and managing your moving bookings
• Coordinating logistics and scheduling
• Calculating accurate pricing and estimates
• Providing customer support and responding to inquiries
• Sending booking confirmations and service updates

4.2 Payment Processing

• Processing payments and refunds
• Preventing fraud and unauthorized transactions
• Managing subscriptions (for business accounts)
• Issuing invoices and receipts

4.3 Communication

• Sending transactional emails (booking confirmations, updates, receipts)
• Providing customer support via email, phone, or chat
• Sending service announcements and important notices
• Marketing communications (only with your consent, which can be withdrawn at any time)

4.4 Platform Improvement

• Analyzing usage patterns to improve our services
• Developing new features and functionality
• Conducting research and testing
• Troubleshooting technical issues

4.5 Legal and Security

• Complying with legal obligations and regulations
• Protecting against fraud, abuse, and security threats
• Enforcing our Terms and Conditions
• Resolving disputes and legal claims

5. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfil our contract with you (e.g., providing moving services)
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, platform improvement)
• Legal Obligation: Processing required to comply with legal requirements (e.g., tax records, regulatory compliance)
• Consent: When you have given explicit consent (e.g., marketing communications, optional cookies)

6. Data Storage and Security

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest
• Secure password storage using industry-standard hashing (bcrypt)
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure hosting infrastructure with PostgreSQL database
• Regular backups with encryption

6.2 Data Storage Location

Your data is stored on secure servers located within the European Economic Area (EEA) or in jurisdictions with adequate data protection standards recognized by the UK Information Commissioner's Office (ICO).

6.3 Access Controls

Access to your personal data is restricted to authorized personnel who require access to perform their job functions. All staff with access to personal data receive data protection training.

7. Third-Party Services

We use the following third-party services to provide and improve our platform. These services may process your personal data on our behalf:

7.1 Stripe (Payment Processing)

• Purpose: Processing payments, managing subscriptions, and preventing fraud
• Data Shared: Name, email, payment card information, transaction details
• Privacy Policy: stripe.com/privacy
• Location: United States (covered by adequate safeguards)

7.2 Google Maps Platform

• Purpose: Address autocomplete, geocoding, distance calculations, and route planning
• Data Shared: Addresses, location coordinates, search queries
• Privacy Policy: policies.google.com/privacy
• Location: United States (covered by adequate safeguards)

7.3 Resend (Email Service Provider)

• Purpose: Sending transactional and marketing emails
• Data Shared: Name, email address, booking details (for transactional emails)
• Privacy Policy: resend.com/legal/privacy
• Location: United States (covered by adequate safeguards)

7.4 Data Processing Agreements

We have Data Processing Agreements (DPAs) in place with all third-party processors to ensure they handle your data in compliance with UK GDPR requirements.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you. You can download your data directly from your privacy dashboard or contact us to request a data export.

8.2 Right to Rectification

You can update your personal information at any time through your account settings. If you believe any information we hold is inaccurate or incomplete, please contact us.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. You can delete your account directly from your privacy dashboard or contact us. Please note that we may retain certain information where legally required (e.g., for tax and accounting purposes).

8.4 Right to Restrict Processing

You can request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of disputed data.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON or PDF). You can download your data from your privacy dashboard.

8.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. You can opt out of marketing communications at any time using the unsubscribe link in emails or through your account settings.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing before consent was withdrawn.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data properly:

8.9 Exercising Your Rights

To exercise any of these rights, please visit your privacy dashboard or contact us using the details in Section 14. We will respond to your request within one month as required by UK GDPR.

9. Cookies Policy

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide and improve our services.

9.2 Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

• Authentication: Keeps you logged in and maintains your session
• Security: Protects against CSRF attacks and unauthorized access
• Booking Process: Maintains your booking information across steps

Functional Cookies (Optional)

These cookies enhance functionality and personalization:

• Preferences: Remembers your settings and preferences
• Language: Stores your language preference
• Theme: Remembers your theme selection (if white-label enabled)

Analytics Cookies (Optional)

These cookies help us understand how visitors use our website:

• Usage patterns and popular features
• Error tracking and performance monitoring
• Aggregate statistics (no personally identifiable information)

9.3 Managing Cookies

You can control and manage cookies through our cookie banner (displayed on your first visit) or through your browser settings. Note that disabling essential cookies may affect website functionality.

Most browsers allow you to refuse or accept cookies. Here are links to cookie settings for popular browsers:

• Chrome
• Firefox
• Safari
• Edge

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account Data: Retained while your account is active and for 6 years after account closure (for legal and tax purposes)
• Booking Records: Retained for 7 years after service completion (as required by UK tax and accounting regulations)
• Payment Records: Retained for 7 years (as required by HMRC and financial regulations)
• Marketing Communications: Retained until you withdraw consent or unsubscribe
• Support Communications: Retained for 3 years after resolution
• Website Logs: Retained for 90 days

After the retention period expires, we securely delete or anonymize your data. You can request earlier deletion by exercising your right to erasure (subject to legal retention requirements).

11. International Data Transfers

Some of our third-party service providers are based outside the UK and EEA. When we transfer your personal data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Adequacy decisions recognizing certain countries as providing adequate data protection
• Data Processing Agreements with all processors
• Regular reviews of transfer mechanisms and safeguards

Our primary data storage remains within the UK/EEA. International transfers are limited to essential service providers (Stripe, Google, Resend) who have implemented appropriate safeguards.

12. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you are under 18, please do not use our services or provide any personal information.

If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

Parents or guardians who believe we have collected information from a child should contact us immediately using the contact information in Section 14.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (for material changes)
• Display a prominent notice on our website
• Request your consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

Previous versions of this policy are available upon request by contacting us.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Data Subject Rights Requests

For requests to exercise your rights under UK GDPR (access, deletion, portability, etc.):

• Visit your privacy dashboard (recommended)
• Email: privacy@moverhelper.co.uk
• Include "Data Subject Request" in the subject line and provide sufficient information to verify your identity

Response Time

We aim to respond to all privacy inquiries and data subject requests within one month of receipt, as required by UK GDPR. For complex requests, we may extend this period by two additional months and will inform you of any such extension.