Skip to main content

How can I make a GDPR request with Marshmallow?

This article is for Marshmallow customers who want to understand their GDPR rights and how to make a request.

Updated over 2 weeks ago

What GDPR rights do I have?

Under UK GDPR, you have several rights in relation to your personal data. The most common requests we receive are:

  • Right of access (DSAR – Data Subject Access Request): You can ask us to send you the personal information we hold about you.

  • Right to erasure: You can ask us to delete your personal information from our records.

Other rights include:

  • The right to be informed about how we use your data

  • The right to rectification (correcting inaccurate details)

  • The right to restrict processing

  • The right to data portability (moving your data to another provider)

  • The right to object to how we process your data

  • Rights around automated decision-making and profiling

How do I make a GDPR request?

The easiest way to make a request is through our Privacy Portal:

Submit a GDPR request here

This platform helps us verify your identity securely and process your request quickly.

What happens after I make a request?

  • We’ll acknowledge your request and start processing it.

  • You may need to confirm your identity before we can proceed.

  • We’ll aim to respond within 30 days of receiving your request.

FAQs about GDPR requests

Can I delete my card details after my policy ends?

Yes – if your policy has ended, we can delete your card details stored on Stripe. But if your policy is still active, we must keep a valid payment card on file.

Can I ask you to remove a credit check from my record?

No – GDPR does not cover removal of credit checks. If you have questions about a credit search, please see our Credit Check guide .

Where can I find more information?

You can read our full Privacy Policy here:
👉 Marshmallow Privacy Policy

Did this answer your question?