Last updated: 19 March 2026
Zyxmora is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations as a data controller and outlines the rights available to you as a data subject.
1. Data Controller
Zyxmora is the data controller responsible for your personal data. Our contact details are:
- Business name: Zyxmora
- Address: Széchenyi tér 12, 7621 Pécs
- Email: support@zyxmora.com
- Phone: 0121 647 0195
2. Lawful Bases for Processing
We process personal data only where we have a lawful basis to do so under Article 6 of the UK GDPR:
| Lawful Basis | When We Use It |
|---|---|
| Consent (Art. 6(1)(a)) | Marketing emails and promotional communications. You can withdraw consent at any time. |
| Contract (Art. 6(1)(b)) | Processing bookings, delivering cleaning services, sending invoices and service-related communications. |
| Legal Obligation (Art. 6(1)(c)) | Maintaining financial records as required by HMRC, responding to lawful requests from authorities. |
| Legitimate Interest (Art. 6(1)(f)) | Improving our services, website analytics, responding to customer enquiries, fraud prevention. |
3. Data We Collect
We collect the minimum amount of personal data necessary to provide our services:
- Identity data: name
- Contact data: email address, telephone number, postal address
- Service data: property details, cleaning requirements, booking dates
- Technical data: IP address, browser type (collected automatically via our website)
- Communication data: records of correspondence with us
We do not collect special category data (e.g., health data, religious beliefs, biometric data).
4. Your Rights Under UK GDPR
You have the following rights. We will respond to all valid requests within 30 days.
Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information free of charge within 30 days.
Right to Rectification (Article 16)
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.
Right to Erasure (Article 17)
You have the right to request deletion of your personal data where there is no compelling reason for its continued processing. This right does not apply where we are required to retain data for legal or contractual obligations.
Right to Restrict Processing (Article 18)
You may request that we limit the processing of your personal data in certain circumstances, for example if you contest the accuracy of the data or object to our processing.
Right to Data Portability (Article 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format.
Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.
Right to Withdraw Consent
Where we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
5. How to Exercise Your Rights
To exercise any of the above rights, please contact us using one of the following methods:
- Email: support@zyxmora.com (subject line: "GDPR Request")
- Post: Zyxmora, Széchenyi tér 12, 7621 Pécs
- Phone: 0121 647 0195
We may ask you to verify your identity before processing your request. We will not charge a fee for processing a standard request, but we may charge a reasonable fee for requests that are manifestly unfounded or excessive.
6. Data Security Measures
We implement appropriate technical and organisational measures to ensure the security of your personal data:
- SSL/TLS encryption on all website communications
- Role-based access controls limiting staff access to personal data on a need-to-know basis
- Regular staff training on data protection and information security
- Secure disposal of paper records containing personal data
- Data processing agreements with all third-party service providers
- Regular review and testing of our security measures
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected:
- Service and booking records: 6 years from the date of the last service (in line with HMRC requirements)
- Enquiry data (no booking): 12 months from the date of the enquiry
- Marketing consent records: until consent is withdrawn, plus 12 months
- Website analytics: 26 months (anonymised)
After the retention period, data is securely deleted or anonymised.
8. Data Breach Procedures
In the event of a personal data breach that poses a risk to your rights and freedoms:
- We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by Article 33 of the UK GDPR.
- Where the breach is likely to result in a high risk to your rights, we will notify you directly without undue delay, as required by Article 34.
- We maintain a breach register documenting all data breaches, their effects and the remedial actions taken.
9. International Transfers
We store and process all personal data within the United Kingdom. We do not transfer personal data to countries outside the UK unless adequate safeguards are in place (such as Standard Contractual Clauses or an adequacy decision).
10. Third-Party Processors
Where we use third-party service providers that process personal data on our behalf, we ensure:
- A written data processing agreement is in place (Article 28)
- The processor provides sufficient guarantees regarding technical and organisational security measures
- The processor acts only on our documented instructions
- Regular review of processor compliance
11. Cookies and Online Tracking
Our website uses cookies in compliance with the Privacy and Electronic Communications Regulations 2003 (PECR). We obtain your consent before placing non-essential cookies. For full details, see our Privacy Policy.
12. Supervisory Authority
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the UK's supervisory authority:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would appreciate the opportunity to address your concerns directly before you contact the ICO. Please reach out to us first at support@zyxmora.com.
13. Updates to This Page
We may update this GDPR compliance information from time to time. The "Last updated" date at the top indicates the most recent revision. We encourage you to check this page periodically.
Back to Home