Your right to be forgotten â and what the law says we must keep
At SellMobile, when you ask us to delete your data, we will always do so wherever the law allows. But as a UK business that processes financial transactions, we are legally required to retain certain records. Here is what that means in practice.
Why we cannot always delete everything immediately
Under UK GDPR, you have the right to request erasure of your personal data. However, GDPR Article 17(3) sets out specific exemptions where businesses are permitted â and in some cases obliged â to retain data. For a secondhand goods dealer like SellMobile, three exemptions apply:
- Legal obligation â we are required to retain financial and transaction records under UK tax and accounting law, including under the Proceeds of Crime Act 2002 (anti-handling compliance for secondhand goods dealers)
- Fraud prevention â transaction records help us detect and investigate fraudulent activity
- Legal claims â records may be needed to establish or defend legal proceedings
This is standard practice for any business that buys and sells goods.
What happens when you request deletion
Here is how we handle your request, depending on your history with us:
- No completed orders â your account and all data is deleted immediately and in full
- Unpaid or cancelled orders â those records are anonymised straight away
- Completed orders less than 2 years old â we are legally obliged to retain the transaction record (name and address) under the Proceeds of Crime Act. We will delete your account, anonymise everything else (reviews, preferences, contact history), and tell you clearly what we are keeping and why
- Completed orders 2 to 6 years old â we anonymise your personal details on the order but retain the financial figures as required by HMRC
- Completed orders over 6 years old â full anonymisation; nothing is traceable back to you
What anonymisation actually means
When we anonymise a record, your name, email address, phone number, and physical address are permanently removed or replaced with meaningless placeholders. What remains is a financial record â an amount paid, a date, a device type â with no way to link it back to you. Under GDPR, anonymised data is no longer considered personal data.
Your account is always deleted
Regardless of your order history, your login account and profile are deleted when you request it. You can do this yourself at any time from your profile page under Delete Account. The only exception is the underlying transaction record for recent completed orders, and even then your personal details are stripped from everything we are not legally required to keep.
How to request deletion
The quickest way is to go to your profile page and click Request Data Deletion â this submits your request without needing to contact us. You can also reach us through our contact page and we will handle it on your behalf. Either way, we will respond within 30 days, confirm what has been deleted, and explain clearly if anything must be retained and why.
