Privacy Policy
Last updated: 17 June 2026
This Privacy Policy explains how Motionback.ddd ("we", "us", "our") collects, uses, stores, shares, and protects your personal data when you visit motionback.world or contact us. It is provided in accordance with Articles 13 and 14 of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
UK Data Protection Framework
Following the United Kingdom's departure from the European Union, data protection in Great Britain is governed by the UK GDPR, as retained and amended in UK law through the European Union (Withdrawal) Act 2018 and subsequent regulations (including the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019).
We also comply with:
- the Data Protection Act 2018 (DPA 2018), which supplements the UK GDPR;
- the Privacy and Electronic Communications Regulations 2003 (PECR), as amended, regarding cookies, similar technologies, and electronic marketing;
- ICO guidance on transparency, consent, and accountability.
Where this policy refers to "GDPR", we mean the UK GDPR. The supervisory authority for the UK is the Information Commissioner's Office (ICO). Our Cookie Policy provides additional detail on cookies and similar technologies.
1. Data Controller
The data controller responsible for your personal data is:
Business name: Motionback.ddd
Address: Business Centre, Tong Hall, Tong Ln, Tong, Bradford BD4 0RR, United Kingdom
Email: correspondence@motionback.world
Phone: +44 7738 004632
We have not appointed a Data Protection Officer (DPO) as we are not required to do so under Article 37 UK GDPR. For all data protection enquiries, please contact us using the details above.
2. Personal Data We Collect
We collect personal data in the following ways:
2.1 Data you provide directly
- Identity and contact data: your name and email address when you submit our contact form.
- Communication data: the content of your message and any information you choose to include.
- Consent records: your GDPR consent checkbox confirmation and timestamp when submitting the contact form.
- Cookie preferences: your choices regarding analytics and marketing cookies (stored locally in your browser).
2.2 Data collected automatically
- Technical data: IP address, browser type and version, operating system, device type, referring URL, and pages viewed.
- Usage data: interaction with the website (only where analytics cookies are accepted).
- Server logs: standard web server records generated for security and troubleshooting.
We do not intentionally collect special category data (e.g. health, racial or ethnic origin, biometric data) or criminal offence data. Please do not include sensitive personal information in contact messages. If you do, we will delete it unless we have a lawful basis and it is necessary to respond to your enquiry.
We do not use automated decision-making or profiling that produces legal or similarly significant effects concerning you.
3. Purposes, Legal Bases, and Legitimate Interests
Under UK GDPR Article 6, we process personal data only where we have a lawful basis. The table below sets out our main processing activities:
- Responding to contact enquiries — Legal basis: consent (Art. 6(1)(a)) when you tick the GDPR checkbox; and/or legitimate interests (Art. 6(1)(f)) in responding to correspondence and managing our business. Legitimate interest: handling genuine enquiries efficiently; you may object (see Section 7).
- Operating and securing the website — Legal basis: legitimate interests (Art. 6(1)(f)) in ensuring network security, preventing abuse, and maintaining service availability.
- Storing cookie consent choices — Legal basis: legitimate interests (Art. 6(1)(f)) and compliance with PECR; strictly necessary storage.
- Website analytics — Legal basis: consent (Art. 6(1)(a)) via our cookie banner. Analytics cookies are not placed without your consent.
- Marketing measurement — Legal basis: consent (Art. 6(1)(a)) via our cookie banner. We do not send unsolicited marketing emails without your explicit consent (PECR).
- Legal and regulatory compliance — Legal basis: compliance with a legal obligation (Art. 6(1)(c)) where applicable.
You are not required by law or contract to provide personal data to browse this website. However, if you do not provide your name, email, and consent when using the contact form, we cannot process your enquiry.
4. How We Use Your Data
We use personal data only for purposes that are compatible with those for which it was collected, including:
- replying to your messages and managing workshop or event registrations;
- maintaining records of correspondence;
- improving website content and usability (with consent for analytics);
- detecting and preventing fraud, abuse, or security incidents;
- complying with applicable UK law and responding to lawful requests from authorities.
We apply the principles of data minimisation and purpose limitation: we collect only what is reasonably necessary and retain it only for as long as needed (see Section 5).
5. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy:
- Contact form submissions: up to 24 months from the date of last correspondence, then securely deleted or anonymised.
- Server and security logs: up to 90 days, unless a longer period is required for an investigation or legal obligation.
- Cookie consent records: up to 12 months in your browser (localStorage), after which you will be asked to confirm your preferences again.
- Analytics data: according to our analytics provider's settings (typically 14–26 months), only where you have given consent. Data is deleted or anonymised when retention periods expire.
When data is no longer required, we securely delete or anonymise it using appropriate technical measures.
6. Recipients and Data Processors
We do not sell your personal data. We may share data with the following categories of recipients:
- Hosting and infrastructure providers — to store and deliver the website.
- Email and communication providers — to receive and respond to contact form messages.
- Analytics providers — only if you consent to analytics cookies.
- Professional advisers — such as lawyers or accountants, where necessary and subject to confidentiality.
- Law enforcement or regulators — when required by UK law or a court order.
Third parties that process personal data on our behalf act as data processors under Article 28 UK GDPR. We ensure written contracts are in place requiring them to process data only on our instructions, implement appropriate security measures, and assist with your rights.
Embedded third-party content (e.g. Google Maps on our Contacts page) may collect data independently when you interact with it. Please review the relevant third party's privacy notice.
7. International Data Transfers
Your data is primarily processed within the United Kingdom. If we transfer personal data outside the UK — for example, to a hosting or analytics provider in another country — we ensure a valid transfer mechanism is in place, such as:
- an adequacy regulation issued by the UK Secretary of State;
- the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses;
- another mechanism approved under UK GDPR Chapter V.
You may request information about safeguards for international transfers by contacting us.
8. Security Measures
We implement appropriate technical and organisational measures under Article 32 UK GDPR, including:
- HTTPS/TLS encryption for data in transit;
- access controls limiting who can view personal data;
- secure hosting environments;
- procedures for handling data breaches in line with ICO guidance (notification to the ICO within 72 hours where required, and to affected individuals where there is a high risk).
No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Your Rights Under UK GDPR
Under the UK GDPR and DPA 2018, you have the following rights in relation to your personal data:
- Right of access (Art. 15) — request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17) — request deletion in certain circumstances ("right to be forgotten").
- Right to restrict processing (Art. 18) — request that we limit how we use your data.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means.
- Right to object (Art. 21) — object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Rights related to automated decision-making (Art. 22) — not applicable as we do not use such processing.
How to exercise your rights: email correspondence@motionback.world with your request. We will respond within one month, as required by UK GDPR. We may extend this by a further two months for complex requests, and we will inform you if so. We may request proof of identity before disclosing data.
There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.
10. Right to Complain to the ICO
If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Website: ico.org.uk
Helpline: 0303 123 1113
Make a complaint: ico.org.uk/make-a-complaint
11. ICO Registration
Organisations that process personal data in the UK are generally required to pay a data protection fee to the ICO under the Data Protection (Charges and Information) Regulations 2018, unless a limited exemption applies (see ICO guidance on fee tiers).
Motionback.ddd is registered with the ICO as a data controller. We process contact enquiries, website usage data (where consented), and operational logs in the course of operating this website.
You can verify our registration on the ICO public register: ico.org.uk/esdwebpages/search (search for our organisation name). To request our ICO registration reference, email correspondence@motionback.world.
12. Children's Privacy
Our website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data through our contact form, please contact us and we will delete it promptly.
13. Electronic Marketing (PECR)
We do not send marketing emails, SMS, or similar electronic communications unless you have given us specific prior consent, or another PECR exemption applies. You may unsubscribe from any marketing communication at any time using the method provided in that communication or by contacting us.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. The "Last updated" date at the top indicates when this policy was last revised. Material changes will be communicated on this page. We encourage you to review this policy periodically.
15. Online Advertising
If you reach this website through online advertising (including Google Ads), the landing page content reflects our actual educational offering. We do not use advertising to promote unlicensed medicines, food supplements for sale, or health outcome guarantees. Advertising data may be processed only with your cookie consent — see our Cookie Policy.