GVMS Platform

Privacy Policy

Last Updated: February 28, 2026

1. Introduction

Welcome to gmrify. We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our services.

gmrify is operated by Movega Removals LTD, a company registered in Bulgaria with Tax ID: BG206050485.

Data Controller: Movega Removals LTD
Address: str. "Studentska" № 1а, ent. B, fl. 8, ap. 26, 9000 Varna, Bulgaria
Contact: Pavel Vasilev
Email: help@movega.co.uk

2. Who We Are

gmrify provides customs declaration services for GVMS and ICS2/ENS declarations. We are the data controller of your personal information and process data in accordance with UK GDPR, the Data Protection Act 2018, and Bulgarian Personal Data Protection Act.

3. What Information We Collect

We may collect and process the following data:

3.1 Identity Data

  • Name, company name, and contact details
  • EORI number and business registration information
  • Email address and phone number

3.2 Transaction Data

  • GMR and ENS submissions
  • Customs declaration details (goods descriptions, values, consignment information)
  • Payment details and related records (processed securely via PayPal)
  • HMRC submission outcomes and reference numbers

3.3 Technical Data

  • IP address, browser type, and device information
  • Usage data and log files
  • Session cookies and authentication tokens

3.4 HMRC Integration Data

  • OAuth tokens for HMRC API authentication
  • Submission correlation IDs and timestamps
  • HMRC responses and notification data

4. How We Use Your Information

We use your data to:

  • Process and submit customs declarations to HMRC and ICS2
  • Manage user accounts and authenticate access
  • Process payments for service fees
  • Improve our website and services
  • Comply with legal and regulatory obligations
  • Provide customer support and technical assistance
  • Detect and prevent fraud, abuse, and security incidents

4.1 Legal Basis for Processing

We process your data based on:

  • Contract Performance: To provide the customs declaration services you requested
  • Legal Obligation: To comply with UK customs laws and HMRC requirements
  • Legitimate Interest: To improve our services, ensure security, and prevent fraud
  • Consent: Where you have explicitly agreed to specific data processing activities

5. Data Sharing

We may share your data with:

5.1 HMRC and ICS2

We share customs declaration data with HMRC and ICS2 systems for processing your submissions. This is essential for providing our core service.

5.2 Payment Providers

We use PayPal to process payments. Payment data is handled securely according to PayPal's privacy policy. We do not store credit card details on our servers.

5.3 Service Providers

We may share data with trusted service providers for:

  • Cloud hosting and database management
  • Email delivery services
  • Website maintenance and technical support
  • Security monitoring and backup services

All service providers are contractually bound to protect your data and use it only for specified purposes.

6. Data Retention

We retain your data only as long as necessary for legal, business, or regulatory purposes:

  • Customs Declaration Data: Minimum 6 years as required by HMRC regulations
  • Financial Records: 7 years for tax compliance
  • Account Data: Duration of account plus retention period
  • System Logs: 90 days for security and troubleshooting

7. Your Rights

Under UK GDPR and Data Protection Act 2018, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restriction: Limit processing under certain circumstances
  • Data Portability: Receive your data in machine-readable format
  • Object: Object to data processing under certain circumstances
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at help@movega.co.uk

We will respond within 30 days. We may require identity verification before processing requests.

8. Security Measures

We implement appropriate security measures to protect your data from unauthorized access, loss, or misuse:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure password hashing (bcrypt)
  • Two-factor authentication support
  • Regular security audits and monitoring
  • Access controls and authentication systems
  • Secure hosting infrastructure

Important: No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Cookies

We use cookies for:

  • Session management and authentication
  • User preferences and settings
  • Security and fraud prevention

You can control cookies through your browser settings. Disabling cookies may affect site functionality.

10. International Data Transfers

Your data is primarily processed in the United Kingdom and European Union. If data is transferred outside these regions, we ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses
  • Adequacy decisions recognized by UK/EU authorities
  • Your explicit consent

11. Children's Privacy

Our service is not intended for individuals under 18. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be communicated via email or website notifications. Continued use of gmrify after updates constitutes acceptance of the revised policy.

13. Complaints

If you have concerns about our data handling practices, you can lodge a complaint with:

UK - Information Commissioner's Office (ICO)

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Bulgaria - Commission for Personal Data Protection (CPDP)

  • Website: cpdp.bg
  • Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria

14. Contact Us

For any questions about this Privacy Policy, contact us at:

Back to Home