This Data Deletion Policy explains how The Sidedoor (“we”, “us”, “our”) processes requests for the deletion of personal data in accordance with the UK GDPR and the Data Protection Act 2018.
If you would like us to delete your personal data, this page sets out your rights, how to make a request, what we will remove, what we may need to retain, and how long the process takes.
- 1. Right to Erasure
- 2. How to Request Deletion
- 3. Scope of Deletion
- 4. Data We May Retain
- 5. Third-Party Data Sharing
- 6. Backups & Residual Data
- 7. Timeframe for Processing
- 8. Refusal of Requests
- 9. Your Other Rights
- 10. Contact
1. Right to Erasure
You have the right to request the deletion of your personal data (the “right to be forgotten”) where:
- The data is no longer necessary for the original purpose for which it was collected.
- You withdraw consent, where processing is based on consent.
- You object to processing and there are no overriding legitimate grounds.
- The data has been processed unlawfully.
- Deletion is required to comply with a legal obligation.
2. How to Request Deletion
You may request deletion of your data at any time by:
- Using the in-app account deletion tools, where available; or
- Contacting us at legal@thesidedoor.co.
We may need to verify your identity before processing your request, to ensure that we only delete data belonging to the genuine account holder.
3. Scope of Deletion
On receipt of a valid request, we will delete or anonymise personal data including:
- Account details (name, email address, phone number).
- Profile information and preferences.
- Social media handles and any associated metadata.
- Guest list activity and usage history, where technically feasible.
4. Data We May Retain
We may retain certain personal data where processing is necessary to:
- Comply with legal obligations (for example, financial or tax records).
- Establish, exercise, or defend legal claims.
- Prevent fraud, abuse, or misuse of the platform.
- Enforce our terms and policies.
Where data is retained under one of these grounds, it will be restricted and used only for those purposes.
5. Third-Party Data Sharing
Where your data has been shared with venues, promoters, or partners through the platform:
- Those parties may act as independent data controllers in their own right.
- You may need to contact them directly to exercise your deletion rights against them.
Where appropriate, we will also inform such parties of your deletion request.
6. Backups & Residual Data
Your data may remain in secure backups for a limited period following deletion. While in backup, such data:
- Is not actively processed.
- Will be securely deleted or overwritten in accordance with our standard retention policies.
7. Timeframe for Processing
We aim to respond to and complete deletion requests within one month of receipt, as required under UK GDPR. Where a request is complex or we have received a high volume of requests, this period may be extended by up to a further two months; we will let you know if we need to extend and why.
8. Refusal of Requests
We may refuse or only partially fulfil a deletion request where:
- Retention of the data is required by law.
- The request is manifestly unfounded or excessive.
If we refuse or limit a request, we will inform you of the reasons and of your right to lodge a complaint with the Information Commissioner’s Office (ICO).
9. Your Other Rights
In addition to the right to erasure, you also have the right to:
- Access your personal data.
- Rectify inaccurate data.
- Restrict or object to processing.
- Data portability.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
10. Contact
For all data deletion requests and privacy enquiries, please contact us at legal@thesidedoor.co.