Privacy Policy

Quick Summary

Look, we get it—privacy policies aren't exactly bedtime reading. So here's what matters: we collect data about how you use Basket (what you save, what you search for, how you interact with our AI features) so we can actually provide the service and make it better. We also need some basic info like your email and name to create your account, and if you're buying gift cards or redeeming cashback, we'll need payment and tax information.

Here's what we'll never do: sell your personal information or share your email and phone number with retailers. Full stop. We might share anonymised, aggregated data (like "people who save trainers also like sports equipment") but that never identifies you personally. When we use service providers like payment processors or analytics tools, they're bound by strict data protection agreements.

You're in control. Want to see what data we have? Email privacy@trybasket.com. Want to delete your account? There's a button in your settings. Want to stop marketing emails? Click unsubscribe. Have questions? We're here to help — just reach out. The detailed policy below covers everything legally, but those are the essentials.

1. Introduction

1.1 About This Privacy Policy

Welcome to Intent Technologies Ltd's Privacy Policy. At Intent Technologies Ltd ("we", "us", or "our") we are committed to protecting your privacy and personal data in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Data (Use and Access) Act 2025 (DUAA) - Royal Assent: 19 June 2025, Privacy and Electronic Communications Regulations 2003 (PECR), and all other mandatory laws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, use, and protect your data when you use our website (www.trybasket.com or our "Site"), our mobile applications (iOS and Android), web applications, our browser extensions (Chrome, Firefox, Safari, Edge) and our platform services (collectively our "Service").

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, and Generative AI Prohibited Use Policy, which govern your use of features within the Service.

The Privacy Policy will tell you about your privacy rights with respect to our Site and Services, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.

The individuals from which we may gather and use data can include Customers, Employees/Staff Members, and any other people that we have a relationship with or may need to contact. This Privacy Policy applies to all our employees and staff members and all Personal Data processed at any time by us.

1.2 Data Controller Information

Intent Technologies Ltd is your Data Controller and responsible for your Personal Data.

Company Details:

• Registered in England and Wales: 11670580
• Registered Office: 20-22 Wenlock Road, London, N1 7GU
• Data Protection Contact: privacy@trybasket.com

We have not appointed a Data Protection Officer as we are not legally required to do so. All data protection queries should be sent to privacy@trybasket.com.

1.3 Your Right to Complain

You have the right to complain to the Information Commissioner's Office (ICO), the UK data protection authority:

• Website: www.ico.org.uk
• Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns directly first. Please contact us at privacy@trybasket.com.

1.4 Processor Responsibilities

When we use service providers to process personal data on our behalf, they are legally required to:

• Process personal data only on our documented instructions
• Ensure persons processing data are subject to confidentiality obligations
• Implement appropriate technical and organizational security measures
• Only engage sub-processors with our prior authorization
• Assist us in responding to data subject rights requests
• Delete or return all personal data at the end of services
• Maintain records of processing activities
• Cooperate with supervisory authorities
• Notify us without undue delay of any personal data breach
• Not transfer data internationally without appropriate safeguards

All our processors have signed data processing agreements incorporating these obligations.

2. What Personal Data We Collect

2.1 Categories of Personal Data

We collect different types of personal data depending on how you interact with our Service:

Account Information

• Identity Data: First name, last name, username, date of birth
• Contact Data: Email address, phone number, delivery addresses
• Verification Data: Email and phone verification status
• Profile Data: Profile image, display name, preferences
• Parental Consent Data (for users under 18 with Full Service): Parent/guardian name, email address, consent confirmation

Financial Information

• Transaction Data: Gift card purchases, points earned/redeemed, order history
• Payment Data: Tokenized payment identifiers (we never see full card details)
• Tax Information: For users meeting HMRC reporting thresholds:
  • National Insurance Number (NIN)
  • Unique Taxpayer Reference (UTR)
  • Registered address

Usage Information

• Behavioural Data: How you use our Service, features accessed, interaction patterns
• Technical Data: IP address, device type, operating system, browser type
• Shopping Data: Products viewed, saved items, price alerts set
• Location Data (when you use location features):
  • Precise GPS coordinates (latitude and longitude)
  • Location accuracy level (metres)
  • Location permission status
  • Time and date of location access
  • Important: Location is ONLY accessed when you actively use "find nearby retailers" or similar features
  • No background tracking: We never track your location when the app is closed or in background

AI Interaction Data

When you use AI-powered features within the Service (such as product recommendations, visual simulations, content summarisation, or enhanced search):

• Prompts and Queries: Text, imagery, video, documents, voice, or other inputs you submit to AI features
• AI-Generated Outputs: Recommendations, suggestions, simulations, and content generated by AI
• Interaction Patterns: How you use AI features, frequency of use, feature preferences
• Feedback Data: Ratings, corrections, or other feedback on AI-generated content
• Visual Simulation Preferences: Settings and preferences for Try On or product visualisation features
• Context Data: Shopping history, product interests, and behavioral data used to personalise AI outputs

Platform-Specific Data

Website (www.trybasket.com)

• Cookie data (see our Cookie Policy)
• Analytics data (page views, clicks, session duration)
• Marketing preferences

Mobile App (iOS and Android)

• Device identifiers
• App version and crash data
• Push notification tokens
• In-app behaviour and interactions
• Location data

Web App (app.trybasket.com)

• Device identifiers
• App version and crash data
• Push notification tokens
• In-app behaviour and interactions
• Location data

Browser Extension

• Device identifiers
• App version and crash data
• In-app behaviour and interactions

Privacy Notice:

Our browser extension collects detailed browsing data ONLY on our whitelist of retailer websites. View full retailer whitelist

What We Collect (on whitelisted sites):

• URLs of specific retailer pages you visit
• Product details (names, prices, images, availability, variants)
• Shopping cart contents and modifications
• Coupon codes tested and applied
• Time spent on product pages
• Click patterns and scroll depth
• Local storage data (extension preferences, cached products)

What We Collect (on any web page): ONLY if product metadata based on schema.org/Product specification is detected

• Product data such as title, images, availability, price, description, reviews, and ratings
• Product page url
• Time and date when viewed

How The Extension Works:

• Extension UI automatically appears on all webpages so you can save any page when needed
• Detailed journey tracking (URLs, clicks, scrolling, cart activity) ONLY occurs on whitelisted retailer sites
• Automated product data collection happens on ANY page when product metadata (schema.org/Product) is detected
• Extension icon (desktop only) shows active (coloured) on whitelisted sites or inactive (greyed) elsewhere
• Important: Extension appearing on a page does NOT mean we're tracking your browsing journey on that page
• NO journey tracking on non-whitelisted sites (banking, email, social media, etc.)
• Blacklist available: Request specific domains to hide the extension UI by emailing support@trybasket.com
• Blacklist only affects UI visibility, not data collection rules

Data Uses:

• Automatic product saving to your baskets
• Real-time price drop alerts
• Coupon discovery and testing
• Cashback activation tracking
• Personalized shopping recommendations

Special Considerations

What We DON'T Collect:

• Special category data (race, religion, health, sexual orientation, political opinions)
• Criminal conviction data
• Biometric data for identification or profiling purposes
• Data from non-whitelisted websites (browser extension)

Important Note on Biometric Processing: While our Virtual Try On feature performs temporary on-device pose and face feature detection to check image quality during the Try On experience, we do not extract, store, or retain any biometric identifiers. This temporary processing:

• Occurs only on your device during the Try On experience
• Is used solely for image quality assessment (lighting, positioning, etc.)
• Is never stored, profiled, or reused for any purpose
• Does not create biometric templates or identifiers

Aggregated Data: We create anonymised, aggregated data from your personal data for analytics and business insights. This cannot identify you and is not personal data.

2.2 How We Collect Your Data

Directly from you:

• Account registration
• Profile updates
• Customer support interactions
• Survey responses

Automatically:

• Cookies and similar technologies
• Basket app, website and extension usage
• Browsing behaviour (on whitelisted retailer sites only)
• Product impressions (on web pages with product schema metadata only)

From third parties:

• Authentication providers (Google, Apple)
• Payment processors (Stripe)
• Analytics providers (PostHog, Adjust, Braze)
• Customer service providers (Intercom)
• Rewards and loyalty providers (TalonOne)

3. How We Use Your Personal Data

3.1 Legal Basis for Processing

There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:

• “Consent”: Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.
• "Contractual Obligations”: We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
• “Legal Compliance”: We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
• “Legitimate Interest”: We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards.

We only use your personal data when we have a valid legal reason:

Processing Examples

Here are practical examples of how we apply these legal bases:

Example 1: Account Creation

• What we collect: Name, email, phone number, date of birth
• Legal basis: Contract (you need an account to use our service)
• Can you refuse?: Yes, but you won't be able to use Basket

Example 2: Price Drop Alerts

• What we collect: Products you save, price thresholds
• Legal basis: Contract (core feature of our service)
• Can you refuse?: You can disable alerts but it's a key service feature

Example 3: Marketing Emails

• What we collect: Email address, engagement data
• Legal basis: Consent (you opted in) or Legitimate Interest (existing customer)
• Can you refuse?: Yes, unsubscribe anytime via email footer

Example 4: Session Recording

• What we collect: Screen interactions, feature usage
• Legal basis: Legitimate Interest (improving user experience)
• Can you refuse?: Yes, email data@trybasket.com to opt out

3.2 Specific Processing Activities

Service Provision

We use your data to:

• Create and manage your account
• Process gift card purchases
• Calculate and deliver cashback rewards
• Enable price tracking
• Send price alerts and notifications
• Provide customer support
• Track purchases you make via affiliate links

Platform Features

• Creator Program: Track affiliate link performance (internally only - creators see only anonymised metrics)
• Referral Program: Track referrals and calculate rewards
• Collaborative Baskets: Enable sharing and collaboration features

Marketing and Communications

With your consent or based on legitimate interests:

• Send promotional emails about new features
• Provide personalized product recommendations
• Show relevant offers based on your shopping patterns
• Send push notifications (with your permission)

Opt-out anytime: Unsubscribe links in emails or adjust settings in your account

Analytics and Improvements

Session Recording Notice

We may use PostHog to record ALL interactions within our platform (website and mobile app) to improve user experience and fix bugs. This includes:

• Screen interactions (taps, swipes, navigation)
• Feature usage patterns
• Error messages and crashes
• Time spent on screens

Your data is protected: Sensitive information (passwords, payment details) is automatically masked

Opt-out: Email data@trybasket.com with subject "Opt out of session recording"

Recordings are retained for 90 days.

3.3 Automated Decision-Making and AI

We use automated systems and AI to enhance your experience:

Personalization Algorithms

• Product recommendations based on your interests
• Price drop predictions
• Optimal deal timing notifications
• Search result ranking

Generative AI Features

When you use generative AI features within the Service (such as visual product simulations, content summarisation, or AI-assisted recommendations):

What We Process:

• Your prompts, queries, and inputs to AI features, including any imagery, video, documents, audio or other content a you upload
• AI-generated outputs, recommendations, and visual simulations
• Your interactions with and feedback on AI content
• Context data (shopping history, preferences) to personalise outputs

How AI Features Work:

• AI models analyse your inputs and context to generate personalised recommendations
• Visual simulation features (e.g., virtual Try On) create approximate product representations using your inputs
• Content summarisation processes product information to provide concise overviews
• AI-enhanced search interprets your queries to find relevant products

Important Safeguards:

• No high-risk automated decisions (employment, finance, legal, healthcare) are made without qualified human review
• AI features are designed to assist, not replace, your own judgment
• You can opt out of AI features by not using them (they are optional)
• All AI processing complies with our Generative AI Prohibited Use Policy
• AI Model Safety: AI models are configured with the highest safety settings where available to block inappropriate requests
• Pre-Upload Protection: On-device processing detects and prevents upload of problematic images including:
  • Poor image quality or inadequate lighting
  • Nudity or not safe for work (NSFW) content
  • Other issues that may reduce the likelihood of successful AI generation
• These safety measures operate before any data leaves your device

Age Restrictions:

• Users under 18 without parental consent cannot access certain AI features (e.g., virtual Try On)
• AI-generated content for known minors is restricted to appropriate use cases
• We do not use AI outputs to build marketing profiles of users under 18

Data Retention for AI:

• User-uploaded images: Retained for up to 3 years for AI model training, quality assurance, personalization of future features, and service improvement
• AI prompts and interactions: Retained for up to 3 years for model training, quality assurance, and service improvement
• AI-generated outputs: Retained for up to 3 years for quality assurance and personalization; outputs you explicitly save are retained as part of your account data
• Aggregated AI usage analytics: Retained indefinitely in anonymised form

Your Control Over AI Data:

• You can request deletion of your AI interaction data at any time by contacting privacy@trybasket.com
• Deletion requests are processed within 30 days, subject to legitimate ongoing processing needs
• Data used for training may be retained in aggregated/anonymised form that cannot identify you
• You can opt out of future AI data collection by not using AI features

Fraud Prevention

• Transaction monitoring
• Account security checks
• Unusual activity detection

Your Rights

• Request human review of automated decisions
• Understand the logic involved in AI recommendations
• Object to profiling for marketing purposes
• Opt out of AI features by choosing not to use them
• Request deletion of AI interaction data (subject to legitimate processing needs)

3.4 Tax Reporting Obligations

From January 2025, we must report to HMRC if you:

• Earn more than £1,700 annually from points redemptions
• Complete more than 30 redemption transactions annually
• Participate in the Creator Program (regardless of earnings)

What we report: Name, address, tax ID, earnings, transaction count

Your responsibility: Declare all earnings on your tax return

3.5 Cookies and Similar Technologies

We use cookies to provide and improve our Service. For detailed information, see our Cookie Policy.

Key points:

• Essential cookies: Required for service functionality
• Analytics cookies: Help us improve (legitimate interest under DUAA 2025)
• Marketing cookies: Only with your consent

4. Your Privacy Rights

4.1 Your Rights Under UK Data Protection Law

You have the following rights:

Response time: Within 30 days (may extend to 60 days for complex requests)

Cost: Free (first request per year). We may charge a reasonable fee or refuse clearly unfounded or excessive requests.

Note: We handle data requests manually. Please be patient with our small team.

4.2 How to Object to Processing

Easy controls in your account:

• Marketing emails: Unsubscribe link in any email
• Push notifications: Device settings
• Marketing cookies: Cookie banner on website

Contact us for:

• Objecting to legitimate interests processing
• Session recording opt-out
• Other processing objections

Important: Some objections may require account closure as we cannot provide our Service without certain data processing.

4.3 Account Deletion

In your account settings:

1. Navigate to Settings in your Account page
2. Select "Account and Security"
3. Select "Close account"
4. Confirm with password/authentication
5. Account closed immediately

What happens:

• Profile deleted immediately
• Marketing data removed immediately
• Shopping data removed within 7 days
• Transactional records kept for 6 years (legal requirement)
• Anonymised analytics may be retained

4.4 California Privacy Rights

California residents may request details of personal data shared with third parties for marketing. Email privacy@trybasket.com.

5. Who We Share Data With

5.1 Our Data Sharing Principles

• We NEVER sell your personal data
• We NEVER share emails/phone numbers with retailers
• We only share data when necessary for our Service
• All processors sign data protection agreements

5.2 Categories of Recipients

Service Providers (Data Processors)

We share data with trusted providers who help deliver our Service. All processors are bound by data protection agreements ensuring GDPR compliance.

Payment & Commerce

Communications & Support

Analytics & Attribution

Platform Infrastructure

AI and Machine Learning

Important Notes on AI Data Processing:

• We only share images you upload for AI visual features (e.g., Try On)
• No automatic sharing of photos from your device without your consent
• Images are processed for the specific AI feature you're using and are not retained long-term by the AI provider
• You control what images are uploaded - AI features only work when you choose to use them
• Media Storage: All uploaded photos (Virtual Try On, profile photos, basket covers, profile covers) are stored in Google Cloud with full encryption:
  • Encryption at rest: AES-256
  • Encryption in transit: TLS
  • Access controls: Protected behind authenticated security rules and role-based permissions
  • Data location: Primary data storage and processing configured to run in European data centres

Website Services

Other Recipients

• Legal authorities: When required by law or court order
• Business transfers: If we sell or merge (with equivalent data protection)
• Professional advisors: Lawyers, accountants (under confidentiality)
• Aggregated data partners: Anonymised insights only (cannot identify you)

5.3 International Data Transfers

Your data may be transferred outside the UK. We ensure appropriate protection through:

For US transfers:

• UK-US Data Bridge Framework (established 12 October 2023)
• All US processors are certified under the Data Privacy Framework
• Standard Contractual Clauses as additional safeguard
• Enhanced security measures including encryption in transit
• Regular adequacy reviews

For EU/EEA transfers:

• UK adequacy decision (valid until 27 December 2025)
• EU processors covered by GDPR equivalence
• Standard Contractual Clauses where required
• No onward transfers without equivalent protection

Transfer safeguard hierarchy:

1. Adequacy decisions (preferred)
2. UK-US Data Bridge certification
3. Standard Contractual Clauses with supplementary measures
4. Your explicit consent (only where other safeguards unavailable)

Your rights regarding international transfers:

• Request copy of transfer safeguards
• Object to transfers based on legitimate interests
• Withdraw consent for consent-based transfers
• Receive notification of new transfer countries

Contact privacy@trybasket.com for transfer safeguard documentation.

6. How We Protect Your Data

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: SSL/TLS encryption on ALL data transfers without exception
• Media Storage Security:
  • All uploaded photos (Virtual Try On, profile photos, basket covers, profile covers) stored in Google Cloud
  • AES-256 encryption at rest for all stored media
  • TLS encryption in transit for all data transfers
  • Protected behind authenticated security rules and role-based permissions
  • Primary data storage and processing configured to run in European data centres
• Access controls:
  • Limited employee access on strict need-to-know basis
  • All employees bound by confidentiality obligations
  • Multi-factor authentication for system access
• Subcontractor security:
  • We do not relinquish control of your personal data
  • All subcontractors subject to equivalent security standards
  • No exposure to security risks beyond those in our direct control
• Regular testing:
  • Security assessments
  • Vulnerability scanning
  • Code security reviews
• Employee measures:
  • Data protection training for all staff
  • Background checks where appropriate
  • Immediate access revocation on departure
• Infrastructure security:
  • Secure data centres with physical access controls
  • Regular security patches and updates
  • Firewall and intrusion detection systems
• Incident response:
  • 24/7 monitoring for security events
  • Documented breach response procedures
  • Forensic investigation capabilities

6.2 Data Breach Procedures

If a breach occurs:

1. Internal response: Immediate investigation and containment
2. ICO notification: Within 72 hours if required
3. User notification: If high risk to your rights and freedoms
4. Support: Assistance to minimize impact

6.3 Data Retention

We keep your data only as long as necessary:

6.4 Privacy by Design

We build privacy into everything we do:

• Data minimization: Only collect what we need
• Purpose limitation: Only use data for stated purposes
• Privacy assessments: For new features and changes
• Default settings: Privacy-friendly defaults
• Transparency: Clear information about data use

7. Additional Information

7.1 Children's Privacy (Ages 13-17)

Our Approach to Teen Users:

We offer Basic Service to users aged 13-17 without parental consent, and Full Service with parental consent. While we collect similar data to adult users, we apply stricter legal safeguards:

Implementation Limitations:

• New Users: Enhanced protections apply to users who declare they are under 18 during registration
• Existing Users: We do not have date of birth data for many existing users, who are treated as adults until they voluntarily update their profiles
• Self-Declaration: We rely on user-declared age and do not conduct independent age verification
• Good Faith Compliance: Enhanced protections apply where we have actual knowledge of a user's minor status

Parental Consent Requirements:

• Basic Service (13+): No parental consent required
• Full Service (under 18): Parental consent required through our self-reporting system
• Parents provide name, email, and consent confirmation
• This is a self-reporting system - we do not independently verify parent identity
• Parents/guardians may withdraw consent at any time by contacting support@trybasket.com
• We will verify the parent's identity and relationship to the child account before processing the withdrawal
• Verified parents can access, modify, or delete their child's account
• Verified parents can receive copies of privacy notices and policy updates

Enhanced Data Protections (When Applied):

• Retention: Data deleted within 12 months of account closure (vs. standard retention)
• Marketing: No email marketing or promotional communications
• Profiling: No automated decision-making for commercial purposes
• Sharing: Teen user data never included in anonymised insights shared with retailers

Technical Data Collection: We collect the same technical data (usage analytics, crash reports, performance metrics) but use it solely for:

• Service improvement and bug fixes
• Security and fraud prevention
• Essential functionality delivery

What We DON'T Do for Known Teen Users:

• Build marketing profiles or personas
• Target with personalised advertising
• Include in commercial data insights
• Share any data with affiliate partners

AI Feature Restrictions for Minors:

• Age-Gated Features: Users under 18 without parental consent cannot access certain AI features, including virtual Try On features and other AI capabilities that may be inappropriate for minors
• No Commercial Profiling: AI outputs are never used to build marketing profiles of users under 18 or target minors for commercial purposes
• Limited AI Data Use: AI interaction data from known minors is used only for essential service delivery and improvement, never for commercial insights or third-party sharing
• Enhanced Review: AI-generated content for teens undergoes additional safety review where practical
• Parental Control: Parents/guardians who have provided consent for Full Service features can request restrictions on specific AI features by contacting privacy@trybasket.com
• Compliance: All AI processing for minors complies with our Generative AI Prohibited Use Policy Section 2.5 (Privacy, Data Protection, and Teen Protections)

Discovery of Misrepresentation: If we discover a user has misrepresented their age:

• Enhanced protections are applied retrospectively where possible
• Account may be restricted to Basic Service features
• Data processing is reviewed and limited going forward
• Additional verification may be required to maintain account access

Your Rights (Enhanced for Minors):

• Request immediate account deletion (no waiting period)
• Object to any processing beyond essential service delivery
• Receive all communications in plain, age-appropriate language
• Have a parent/guardian exercise rights on your behalf until age 18

7.2 Creator Program Privacy

Participants in our Creator Program should know:

• Enhanced tracking: We track affiliate link performance in detail
• Creator visibility: Creators see ONLY anonymised aggregate metrics (age ranges, interests)
• No personal data: Creators cannot see who clicks their links
• Public information: Profile image, username, display name (same as all users)
• Tax reporting: All Creator earnings reported to HMRC regardless of amount

7.3 Browser Extension Privacy

Our browser extension has specific privacy considerations:

• UI visibility: Extension now appears on all pages for your convenience to save any page when needed
• Journey tracking whitelist only: Detailed browsing behavior (URLs, clicks, scrolling, cart activity) ONLY collected on supported retailer sites (View full list)
• Product impressions: Product data collected from any web page with product metadata based on schema.org/Product specification
• Important distinction: Extension appearing on a page does NOT mean journey tracking on that page
• Presentational blacklist: Users can request specific domains to hide the extension UI by emailing support@trybasket.com (does not affect data collection rules)
• Clear indicator: Icon shows when active (coloured on whitelisted sites, greyed elsewhere)
• No third-party sharing: Currently no data shared with retailers
• Future plans: May share anonymised aggregate insights with retailers

7.4 Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in law or regulations
• New features or services
• Improved privacy practices

Notification: Email and in-app notice for material changes

Review regularly: Check the version number and date

7.5 Links to Other Websites

Our Service contains links to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing personal data.

8. Contact Us

8.1 How to Reach Us

For privacy questions or to exercise your rights:

Email: privacy@trybasket.com
Post: Privacy Team, Intent Technologies Ltd, 20-22 Wenlock Road, London, N1 7GU

For general inquiries:

• Email: hello@trybasket.com
• Website: www.trybasket.com/contact
• In-app: Chat support

8.2 Complaint Process

1. Contact us first: privacy@trybasket.com with "Complaint" in subject
2. We acknowledge: Within 48 hours
3. Investigation: Full response within 30 days
4. Not satisfied?: Escalate to the ICO

8.3 Data Protection Resources

• Our policies: www.trybasket.com/policies
• ICO guidance: www.ico.org.uk
• Your rights: www.ico.org.uk/your-data-matters

8.4 Legal Interpretation

• Email limitations: Email addresses in this policy may only be used for stated purposes
• Response discretion: We reserve the right not to respond to unreasonable requests
• Staff authority: Our staff cannot waive rights or make unauthorised representations
• Policy precedence: This Privacy Policy takes precedence over informal communications
• Legal correspondence: Only our legal department can make binding commitments

Glossary

Aggregated Data: Statistical data that cannot identify individuals

Data Controller: Organization that determines how personal data is processed (Intent Technologies Ltd)

Data Processor: Organization that processes data on our behalf

DUAA: Data (Use and Access) Act 2025 - UK legislation modernizing data protection

Legal Basis: Legal justification for processing personal data

Legitimate Interests: Processing necessary for our or others' interests, balanced against your rights

Personal Data: Any information that can identify you

Platform: Basket app and services across all devices

Special Category Data: Sensitive data requiring extra protection (we don't collect this)

UK GDPR: UK General Data Protection Regulation

Marketing Consent: See Section 8.3 of our Terms of Service for full details on marketing communications consent and your rights