Your Right to Be Forgotten â and What the Law Says We Must Keep
At SellMobile, we take your privacy seriously. When you ask us to delete your data, we will always do so wherever the law allows. But as a regulated UK business that processes financial transactions, we are legally required to retain certain records â and we want to be completely transparent about what that means for you.
Why We Can't Always Delete Everything Immediately
Under UK GDPR, you have the right to request erasure of your personal data â often called the "right to be forgotten". However, GDPR Article 17(3) sets out specific exemptions where businesses are permitted â and in some cases obliged â to retain data. For a secondhand goods dealer like SellMobile, three key exemptions apply:
- Legal obligation â we are required to retain financial and transaction records under UK tax and accounting law, including under the Proceeds of Crime Act 2002 (anti-handling compliance for secondhand goods dealers)
- Fraud prevention â transaction records help us detect and investigate fraudulent activity
- Legal claims â records may be needed to establish or defend legal proceedings
This is standard practice for any business that buys and sells goods â it is not unique to SellMobile.
What Happens When You Request Deletion
Here is how we handle your request, depending on your history with us:
- No completed orders â your account and all data is deleted immediately and in full
- Unpaid or cancelled orders â those records are anonymised straight away
- Completed orders less than 2 years old â we are legally obliged to retain the transaction record (name and address) under the Proceeds of Crime Act. We will delete your account, anonymise everything else (reviews, preferences, contact history), and explain clearly what we are keeping and why
- Completed orders 2â6 years old â we anonymise your personal details on the order but retain the financial figures as required by HMRC
- Completed orders over 6 years old â full anonymisation; nothing is traceable back to you
What "Anonymisation" Actually Means
When we anonymise a record, your name, email address, phone number, and physical address are permanently removed or replaced with meaningless placeholders. What remains is a financial record â an amount paid, a date, a device type â with no way to link it back to you as an individual. Under GDPR, anonymised data is no longer considered personal data.
Your Account Is Always Deleted
Regardless of your order history, your login account and profile are always deleted when you request it. You can delete your account yourself at any time directly from your profile page under "Delete Account". The only exception is the underlying transaction record for recent completed orders â and even then, your personal details are stripped from everything we are not legally required to retain.
How to Request Deletion
The quickest way is to go to your profile page and click "Request Data Deletion" â this submits your request instantly without needing to contact us. Alternatively, you can reach us through our contact page and we will handle it on your behalf. Either way, we will respond within 30 days, confirm what has been deleted, and explain clearly if anything must be retained and why.
We believe privacy is a right, not a privilege â and we are committed to being open about how we handle your data every step of the way.
