Last updated: 16 September 2025
1) Who we are (Controller)
The controller is ONE MARKETING CONSULTING LTD (company number 16785611), registered office 53 Coronation Close, Bodelwyddan, Y Rhyl, United Kingdom, LL18 5SY (“we”, “us”, “our”).
2) Scope
This Policy explains how we collect, use, disclose and protect personal data when you use englandloves.online and related features and communications (the “Service”). It applies to users aged 18+ only.
• Account & profile: name/username, date of birth or age (18+), gender, photos/videos, bio, interests and preferences, city/approximate location, communication settings.
• Special category data (only if you choose to share): information that may reveal sexual orientation, sex life, health, religion/philosophy, racial/ethnic origin; possible biometric data if used for age/ID checks.
• Device & usage: IP address, device identifiers, language, time zone, events and logs, cookies/SDK data, diagnostics/crash data.
• Communications & UGC: messages, likes, reports, uploaded media, metadata, moderation flags and outcomes.
• Payments (if paid features are offered): purchase/subscription history, plan/term, tokenised billing details via payment service providers (PSPs), invoices, tax region.
• Support & compliance: support tickets, age/ID verification artefacts, anti-fraud signals, legal requests, consent/opt-out logs, marketing preferences.
We obtain data from you; from your device/browser (including cookies/SDKs); and from necessary third parties (for example, PSPs, analytics, anti-fraud, age/ID verification, email/SMS delivery), limited to what is required to provide and protect the Service.
• Provide and operate the Service (create/maintain account, features, matching, messaging). Lawful basis: contract (Art. 6(1)(b) UK GDPR).
• Safety, moderation, and fraud prevention (detect spam/scams, enforce 18+ and Acceptable Use, preserve evidence). Lawful bases: legitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) where applicable.
• Service communications (account, security, legal notices, support replies). Lawful basis: contract and/or legitimate interests.
• Marketing (emails, push). Lawful basis: consent (Art. 6(1)(a)). “Soft opt-in” under PECR may apply for our similar services; you can opt out at any time.
• Analytics and product improvement. Lawful basis: legitimate interests; for non-essential cookies/SDKs, we rely on consent under PECR.
• Payments and accounting (if applicable). Lawful bases: contract and legal obligation (records retention).
• Special category data (if you voluntarily disclose orientation/health etc. or use biometric checks): processed only with your explicit consent (Art. 9(2)(a)). You can delete this data or withdraw consent at any time.
You may withdraw consent at any time; this does not affect prior lawful processing.
We use cookies/SDKs for strictly necessary functions (login, security, load balancing) and, with consent, for analytics and personalisation/marketing. Non-essential cookies/SDKs run only after your opt-in via a banner with Accept / Reject / Customise choices. You can change choices at any time. Details are provided in our Cookie Policy.
We may request proof of age (Service is 18+) or identity where necessary for safety, abuse prevention or legal compliance. If you do not complete verification when reasonably required, we may limit features or suspend access.
We use automated systems for moderation (including spam/abuse detection), risk scoring/anti-fraud, and matchmaking/recommendations. These systems can impact content visibility, feature access or result in restriction where there is high risk of abuse. Where an automated decision produces legal or similarly significant effects, you may request human review, express your point of view and contest the decision.
We share data only as needed and with safeguards:
• Service providers (processors): hosting/cloud, email/SMS delivery, analytics, anti-fraud/moderation, age/ID verification, payment processing (if enabled), customer support tools.
• Authorities: when required by law, court/authority requests, or to protect users and enforce our Terms.
• Corporate transactions: in a merger, acquisition or asset sale, data may transfer to a successor under UK GDPR safeguards.
• We do not sell personal data.
If personal data is transferred outside the UK (or from the EEA to third countries), we use appropriate safeguards: adequacy decisions, the UK International Data Transfer Agreement (IDTA) or SCCs with supplementary measures, or another mechanism permitted by UK GDPR. You may request a copy of key safeguards via our privacy contact (commercially sensitive parts may be redacted).
We keep data only as long as needed for the purposes described:
• Account/profile data – for the life of your account; on deletion we delete or anonymise within reasonable timeframes, with backups removed by rotation.
• Security/moderation logs – typically up to 24 months (longer where reasonably needed for investigations or disputes).
• Payment/accounting records – at least 6 years to meet legal obligations.
• Support correspondence – typically up to 24 months.
• Legal holds – retained for the duration of a dispute or authority request.
• Actual periods can vary due to technical cycles, legal duties and legitimate interests.
You have the rights of access, rectification, erasure, restriction, portability, and to object to processing based on legitimate interests and to object to direct marketing. Where processing is based on consent, you may withdraw consent at any time.
To exercise rights, contact us via the DSAR email above; we may ask you to verify your identity. You may also complain to the Information Commissioner’s Office (ICO).
The Service is for adults (18+) only. We do not knowingly collect children’s data. If we learn we hold such data, we will delete it and may block access.
We apply administrative, technical and organisational measures appropriate to risk (access controls, encryption in transit/at rest where applicable, segmentation, logging and monitoring). No system is completely secure; where a personal data breach occurs, we act in line with UK GDPR notification requirements.
Service messages (account, security, policy updates) are sent regardless of marketing settings. Marketing is sent only with consent or under PECR “soft opt-in” for our similar services. You can unsubscribe at any time via the link in the message or in your settings.
We may update this Policy. The new version will be posted with an updated “Last updated” date. If changes are material, we will provide reasonable notice on the Website or by email (if available).
For privacy questions, DSARs and complaints:
Email: support@englandloves.online
Postal: ONE MARKETING CONSULTING LTD. Registered in the UK. 53 Coronation Close, Bodelwyddan, Y Rhyl, United Kingdom, LL18 5SY.