NeuroBreathEmbrace Your Unique Mind

Your Data Rights (UK GDPR)

How to access, delete, or manage your personal data

Last updated:

1. Introduction

Under the UK General Data Protection Regulation (UK GDPR), you have several rights regarding your personal data. This page explains your rights and how to exercise them.

For full details on how we process your data, see our Privacy Policy.

2. Your Rights Summary

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: We do not use automated decision-making

3. How to Exercise Your Rights

3.1 Via Email

Send a request to privacy@neurobreath.co.uk with:

  • Subject line: "Data Rights Request"
  • Your full name and email address (as registered on your account, if applicable)
  • Which right you wish to exercise (e.g., "Request data access" or "Request data deletion")
  • Any additional details to help us locate your data (device ID, approximate account creation date, etc.)

3.2 Via Account Settings (If Logged In)

If you have a NeuroBreath account, you can manage some data directly:

  • Delete account: Go to Account Settings → Delete Account
  • Update email: Go to Account Settings → Email
  • Export data: Request a data export via email (we will provide JSON or CSV)

3.3 Verification

To protect your privacy, we may ask you to verify your identity before fulfilling your request. This may include:

  • Confirming your email address (we'll send a verification link)
  • Providing additional information to match our records

4. Right of Access (Subject Access Request)

You have the right to request a copy of all personal data we hold about you.

What we will provide:

  • All personal data we hold (account details, progress data, session history, etc.)
  • The purposes of processing
  • Categories of data
  • Recipients (who we share data with, if applicable)
  • Retention period
  • Your rights (including right to complain to the ICO)

Format: We will provide data in JSON or CSV format (machine-readable).

Timeline: We will respond within one month. If your request is complex, we may extend this by two additional months and notify you.

Cost: Free. We may charge a reasonable fee for excessive or repetitive requests.

5. Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

How to request: Email us at privacy@neurobreath.co.ukwith details of the data you want corrected.

Timeline: We will make corrections within one month.

6. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.

What will be deleted:

  • Your account (email, password hash)
  • Your progress data (sessions, badges, challenges)
  • Your preferences and device profiles

What may be retained:

  • Anonymized aggregated data for statistical purposes
  • Data required for legal compliance or ongoing legal claims

Timeline: Deletion will occur within 30 days of verification.

Note: If your data is stored locally in your browser's localStorage (guest progress), you can delete it yourself by clearing browser data or using our in-app "Clear data" option (if available).

7. Right to Restrict Processing

You can ask us to limit how we use your data in the following situations:

  • You contest the accuracy of the data (while we verify accuracy)
  • Processing is unlawful, but you don't want deletion
  • We no longer need the data, but you need it for legal claims
  • You have objected to processing (pending verification of our legitimate grounds)

How to request: Email privacy@neurobreath.co.ukwith your reason for restriction.

8. Right to Data Portability

You can request your data in a structured, machine-readable format (e.g., JSON) and transfer it to another service.

What you'll receive: A downloadable file containing all your personal data.

How to request: Email privacy@neurobreath.co.ukwith "Data Portability Request" in the subject line.

Timeline: We will provide the file within one month.

9. Right to Object

You can object to processing based on legitimate interests. If you object, we will stop processing unless we have compelling legitimate grounds that override your rights.

Direct marketing: We do not send marketing emails, so this right is less applicable. However, you can object to any future marketing if we introduce it.

How to object: Email privacy@neurobreath.co.uk.

10. Automated Decision-Making and Profiling

NeuroBreath does not use automated decision-making or profiling that produces legal or similarly significant effects.

All personalization (e.g., suggesting breathing techniques) is based on your explicit choices, not automated profiling.

11. Right to Complain

If you are unhappy with how we handle your data or your rights request, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first so we can resolve your concern.

12. Response Timeline

  • Standard requests: One month from receipt of your request
  • Complex requests: Up to three months total (we will notify you if an extension is needed)
  • Urgent requests: If you believe your data is at risk, contact us immediately and we will prioritize your request

13. Contact Us

To exercise any of your data rights, contact us at:

Email: privacy@neurobreath.co.uk
Subject line: "Data Rights Request"
Location: Southwark, London, United Kingdom

We aim to respond to all privacy inquiries within 5 business days.

Your Data Rights | NeuroBreath UK | NeuroBreath