1. Introduction
Noteracker Ltd. ("we", "us", or "our") is committed to protecting the privacy and security of your personal data. This policy outlines our compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Protection Principles
We process personal data in accordance with the following principles:

Lawfulness, Fairness, and Transparency: Data is processed legally and transparently.

Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.

Data Minimisation: We only collect data that is strictly necessary.

Accuracy: We keep data up to date and rectify inaccuracies immediately.

Storage Limitation: Data is kept only as long as necessary for the intended purpose.

Integrity and Confidentiality: We use appropriate technical and organisational security measures (as outlined in our Data Security Policy).

3. Legal Basis for Processing
Under GDPR, we rely on the following legal bases:

Contractual Necessity: To provide our web development and management services.

Legal Obligation: To comply with UK tax and company laws.

Consent: For marketing communications and non-essential cookies.

Legitimate Interests: For website optimization and security monitoring.

4. ePrivacy & Cookie Compliance (PECR)
In compliance with ePrivacy regulations (PECR):

Consent for Cookies: We do not drop non-essential cookies (analytics, marketing) on your device without your prior, explicit consent via our cookie banner.

Direct Marketing: We only send marketing emails to individuals who have opted in. You may "Unsubscribe" at any time.

Soft Opt-in: We may contact existing customers about similar services, providing a clear opportunity to opt-out in every communication.

5. International Data Transfers
As Noteracker operates globally, data may be transferred to Korea or the U.S. We ensure such transfers are protected by Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTA) approved by the UK ICO to ensure a level of protection equivalent to the UK GDPR.

6. Data Subject Rights
You have the right to:

Access your data and request a copy.

Rectify incorrect information.

Request erasure ("Right to be forgotten").

Restrict or object to processing.

Data Portability (receive your data in a structured, machine-readable format such as CSV or JSON).

7. Data Breach Notification
In the event of a high-risk data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected individuals without undue delay.

8. Contact & Redress
For any inquiries regarding your data, please contact our Data Protection Officer:

Email: support@noteracker.com

Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK

If you are not satisfied with our response, you have the right to lodge a complaint with the ICO (www.ico.org.uk).

Effective Date: 13 February 2026