Your rights

Your data, your call.

Under GDPR (and similar laws like CCPA), you have nine clear rights over your personal data. Here's what each one means and how to use them.

Nine rights you have

Each right comes from EU Regulation 2016/679. We honor all of them, free of charge, for every user — EU resident or not.

01

Right of access

Request a copy of all personal data we hold about you, in a readable format. We deliver it within 30 days, usually within 48 hours.

GDPR Art. 15
02

Right to rectification

If we've got something wrong about you (typo, old address, outdated info), we fix it — fast, no questions.

GDPR Art. 16
03

Right to erasure

Also known as 'the right to be forgotten'. We delete your data on request, except where law requires us to keep it (e.g. tax records).

GDPR Art. 17
04

Right to restrict processing

Pause us from using your data — for example, while you contest its accuracy. We freeze it; we don't process or share it.

GDPR Art. 18
05

Right to data portability

Get your data in a machine-readable format (JSON or CSV) so you can move it to another service. Yes, even to a competitor.

GDPR Art. 20
06

Right to object

Object to processing for marketing, analytics, or anything based on legitimate interest. We stop, immediately.

GDPR Art. 21
07

Right to withdraw consent

Where we process based on consent (e.g. marketing emails, analytics cookies), you can withdraw it any time — same effort as giving it.

GDPR Art. 7(3)
08

Right not to be profiled

Object to automated decision-making that has legal effect on you. We don't run automated profiling, but if we ever did, this right covers it.

GDPR Art. 22
09

Right to lodge a complaint

If you think we've mishandled your data, escalate to your national data protection authority. They can investigate and order us to act.

GDPR Art. 77

How to exercise a right

  1. Email privacy@uonfly.com from the address used at checkout (helps us verify identity).
  2. State which right you're exercising and why.
  3. We confirm receipt within 24 hours.
  4. We respond in full within 30 days (usually within 48 hours).

Need it faster, or having trouble? Just write — we'll work it out.

What it costs

Nothing. All GDPR requests are free. We don't charge "administrative fees" or require subscriptions.

The only exception under GDPR Art. 12(5): if a request is clearly excessive or repetitive, we may charge a reasonable fee or refuse — but that's a theoretical edge case, not a default.

Ready to use a right?

One email to our privacy team. We respond personally — no ticket numbers, no AI bots, no runaround.

Email privacy@uonfly.com