Internal Content Takedown Policy

Purpose

• This internal procedure sets out how WhichPad UK Ltd identifies, investigates, and resolves all content-related issues on the Whichpad.com (“the Site”). It provides a clear and consistent framework for responding to content takedown requests, review disputes, complaints about accuracy or fairness, and any concerns raised by users, letting agents, landlords or third parties.
• The purpose of this procedure is to ensure that all content on the Site is managed in a fair, transparent and legally compliant It is designed to support the integrity of the review

system, protect users’ rights, uphold our moderation standards, and minimise legal and reputational risk to WhichPad UK Ltd. This includes ensuring that all decisions taken are consistent with the Website Terms of Service, the Consumer Reviews and Moderation Policy, the Privacy Policy, and any applicable legal obligations, including defamation law, consumer protection law, and UK data protection law.

• This procedure ensures that all takedown and dispute-handling processes are documented, managed promptly, and applied consistently across the Site. It also provides clear internal guidance for staff on when to escalate matters, how to assess risk, and how decisions should be recorded and

Scope

• This procedure applies to all content published, submitted or displayed on the Site, and to every request, complaint, or dispute relating to that content. It governs how WhichPad UK Ltd handles reported reviews, takedown requests, disputes over accuracy, allegations of harmful or misleading content, and any issues concerning the conduct of users or agents on the platform.
• The scope of this procedure extends to all reviews, ratings, uploaded photos, replies from letting agents, and any other user-generated material hosted on the website. It also covers all reports submitted through the reporting tools on the Site, all enquiries or complaints sent to WhichPad UK Ltd directly by email, and any notices or correspondence received from solicitors, regulators, law enforcement or other third parties.
• This procedure applies to all internal staff members involved in content moderation, dispute handling, legal review, user support, or any decision-making related to user-generated content. It also applies to all stages of the lifecycle of a review, from initial submission and automated checks through to final publication, moderation, removal, or reinstatement.
• This procedure does not govern internal employment matters, commercial negotiations unrelated to the Site content, or disputes between staff members. It is limited to content and conduct occurring on, or directly related to, the Site.

Key principles

• WhichPad UK Ltd applies the following principles to all decisions relating to content moderation, takedown requests, and dispute These principles ensure that the platform remains fair, trustworthy and legally compliant, and that decisions are consistent across all cases.

3.2   Fairness and neutrality

All decisions are made impartially. WhichPad UK Ltd does not take sides between a reviewer and a letting agent or landlord. Evidence is assessed objectively.

3.3   Integrity of the review system

Reviews must reflect genuine user experiences. All moderation and dispute-handling steps are designed to protect the accuracy, reliability, and credibility of the platform.

3.4   Verification where required

If the authenticity or accuracy of a review is challenged, the reviewer may be asked to provide verification evidence. Failure to provide verification may lead to removal of the review. Evidence may also be requested by the challenger.

3.5   Protection of Personal Data

Reviewer identity and verification information are not disclosed unless legally required, such as on receipt of a valid court order. All processing follows the Privacy Policy contained on the Site and UK GDPR.

3.6   Minimum necessary intervention

Where possible, issues are resolved with the least intrusive action, such as redacting Personal Data or adjusting content, rather than full removal. Complete removal is reserved for content that is unlawful or in breach of policy.

3.7   Compliance with legal obligations

Decisions consider relevant laws including defamation, data protection legislation including UK GDPR, consumer protection, harassment, intellectual property rights, and platform regulation.

3.8   Transparency with users and agents

Communication with all parties must be clear, factual and neutral. Moderation decisions must be explained without disclosing confidential or private evidence.

3.9   Consistency and documentation

All decisions, actions taken, correspondence and evidence must be recorded in the internal moderation log to ensure traceability and consistency across cases.

3.10          Early escalation where risk is identified

Matters involving threats of legal action, allegations of criminal conduct, risks to safety or mental health, or requests for Personal Data must be escalated promptly to the senior team or legal counsel.

Types of requests covered by this procedure

• This procedure applies to all categories of content-related issues encountered on the Site. The following types of requests, reports, and disputes are managed under this internal

1.2        User-generated review disputes

These include disputes arising directly from reviewers about their own content, such as:

• Challenges to the removal or non-publication of a review;

• Requests to amend, update or clarify a review;

• Complaints regarding moderation decisions;

• Disputes over compliance with the Review Moderation

1.3   Reported reviews submitted through the reporting tools

These include reports made by users, letting agents, landlords or third parties alleging that a review:

• Is inaccurate, misleading or untrue;

• Breaches the Review Moderation Policy;

• Contains defamatory or harmful content;

• Includes Personal Data of a third party;

• Contains confidential or sensitive information;

• Breaches privacy, harassment or other legal standards;

• Has been posted by someone with a conflict of

1.4   Formal takedown requests

These include structured or legally framed requests, including those from:

• Letting agents or landlords seeking removal of negative reviews;

• Businesses claiming reputational harm;

• Solicitors acting for clients alleging defamation or privacy breaches and’

• Individuals claiming impersonation, identity misuse or

Takedown requests may be informal (email complaints) or formal (letters before action).

1.5   Legal, regulatory or law-enforcement notices

These include any notices requiring specific procedural handling, such as:

• Pre-action letters or threats of litigation;

• Data protection rights requests, including subject access requests;

• Requests for reviewer identity or verification information;

• Take-down notices based on privacy, harassment, defamation or intellectual property rights;

• Reports of suspected criminal activity;

• Court orders requiring content removal or data disclosure Legal notices must be escalated immediately under Section 10.

1.6   Platform misuse and integrity issues

These involve threats to the integrity and trustworthiness of the review system, including:

• Fake reviews;

• Coordinated manipulation of ratings;

• Reviews submitted by non-genuine users;

• Incentive-based reviews that are not disclosed;

• Spam, advertising or self-promotion disguised as reviews and;

• Account sharing or multiple accounts created to influence

1.7   Safety-related reports

These are treated with urgency and include:

• Threats, harassment or abusive conduct;

• Discriminatory, hate-based or harmful language;

• Safety risks to users or staff and;

• Doxxing or disclosure of sensitive

1.8   Requests relating to agent or business replies

Where a letting agent or landlord posts a reply that is:

• Factually incorrect;

• Defamatory towards the reviewer;

• In breach of the Terms of Service;

• Containing Personal Data of the reviewer without consent;

• Written in aggressive or unprofessional

These disputes must be handled with the same rigour as user reviews.

Intake and Acknowledgement

• This section sets out how WhichPad UK Ltd receives, records and acknowledges all content- related reports, complaints, and takedown It ensures that every request is tracked from the moment it arrives and that no report is overlooked or left unaddressed.

1.10                    Channels for receiving reports

WhichPad UK Ltd may receive reports or takedown requests through the following channels:

• The in-platform “Report this review” function

• Direct emails sent to hello@whichpad.com

• Website contact forms

• Messages submitted by letting agents through their business accounts

• Correspondence from solicitors, regulators or law-enforcement bodies

All staff handling incoming reports must monitor these channels regularly and ensure that any report is captured in the internal case management system.

1.11                    Creation of an internal case file

Every report must result in the creation of an internal case file within the moderation log. The case file must include:

• The date and time the report was received

• The source of the report (for example user, agent, solicitor, regulator, anonymous)

• The URL of the review or content in question

• The profile ID of the reviewer and the reporting party

• A summary of the issue raised

• Whether the report appears urgent or high-risk

• The name of the staff member responsible for handling the case

If a report is incomplete or unclear, WhichPad UK Ltd must record what additional information is required.

1.12                    Acknowledgement of receipt

Where the reporting party has provided contact information, WhichPad UK Ltd must acknowledge receipt of the report within 48 hours. The acknowledgement must:

• Confirm that the report has been received

• Explain that an internal assessment is underway

• Provide a general timeframe for next steps

• Avoid giving legal opinions, making commitments or commenting on the strength of the

Anonymous reports cannot be acknowledged but must still be logged.

1.13                    Initial triage and urgency assessment

Upon receipt, the responsible staff member must carry out an initial triage to determine whether the reported content requires immediate action. The review is considered urgent if it contains:

• Explicit threats or harassment

• Discriminatory, hate-based or abusive language

• Sensitive Personal Data or doxxing

• Unfounded allegations of criminality

• Clear defamation risk

• Confidential business information

• Safety risks to the reviewer, staff or public

Where urgency criteria are met, the content must be temporarily hidden pending investigation, and the urgency recorded in the case file.

1.14                    Preservation of evidence

Before any content is altered, removed or edited, staff must:

• Save a copy of the original review or response

• Capture screenshots showing timestamps

• Record any associated metadata available internally

This ensures that evidence is preserved for audit, compliance, and potential legal purposes.

Internal Investigation Process

• This section sets out the steps WhichPad UK Ltd must take after a report or takedown request has been The purpose of the investigation process is to ensure that every case is handled fairly, consistently and with proper documentation while protecting users’ rights and reducing legal and reputational risk.

1.16                    Stage 1 – Initial assessment (within 7 working days)

• The responsible WhichPad UK Ltd staff member must review:

• The content of the review or agent reply

• The report submitted

• Any contextual information in the case file

• The Review Moderation Policy and Website Terms

• Whether the issue appears to present legal, safety or reputational risk

• At this stage, the WhichPad UK Ltd staff member must identify whether:

• The content clearly breaches platform policy

• The issue requires a verification request

• The issue requires additional evidence gathering

• The content should be temporarily hidden

• The matter should be escalated immediately

• If the breach is obvious or the risk is high, temporary removal is appropriate pending full

1.17                    Stage 2 – Verification request to reviewer

• Where the authenticity, accuracy or fairness of a review is in doubt, the WhichPad UK Ltd staff must request verification evidence from the reviewer. The request should:
  • Be sent to the verified email address associated with the reviewer’s account

• Specify which part of the review requires clarification or evidence

• Give the reviewer seven days to respond

• Explain that failure to provide evidence may result in removal

• Remind the reviewer that evidence will not be shared with third parties unless required by law.

• Examples of acceptable evidence may include tenancy confirmation, screenshots of communications, proof of viewing or legitimate interaction with the property or agent.
• If the reviewer responds, the WhichPad UK Ltd staff must:

• Record all evidence in the internal case file

• Ensure all Personal Data is handled in accordance with the Privacy Policy

• Ensure that no evidence is shared outside the company without a proper legal basis

1.18                    Stage 3 – Evaluation of evidence

• Once evidence has been provided, or the reviewer has failed to respond, the WhichPad UK Ltd staff must assess:
  • Whether the reviewer had a genuine experience

• Whether the review remains fair, honest and not misleading

• Whether the issue relates to factual accuracy, opinion or tone

• Whether any elements of the review require redaction or amendment

• Whether the content breaches the Review Moderation Policy

• Whether there is any legal risk (for example defamation, harassment, privacy breach)

• Whether the review should be upheld, edited, reinstated or removed

• All assessments must be objective, documented and based on the principles in Section

1.19                    Stage 4 – Legal and senior escalation

• The matter must be escalated immediately to the WhichPad UK Ltd’s senior moderation lead or legal counsel (“the Senior Reviewer”) where:

• Solicitors’ letters or pre-action correspondence are received

• The complaint alleges defamation, harassment or criminal conduct

• A requester seeks the identity of a reviewer

• The content includes sensitive Personal Data

• A court order is received

• The case may impact platform integrity or business reputation

• The reviewer or agent makes threats of legal action

• A senior review must include consideration of:

• Relevant clauses of the Website Terms

• The Review Moderation Policy

• The Privacy Policy’s restrictions on disclosure

• Applicable law, including defamation, data protection and consumer protection

• The Senior Reviewer may request additional evidence, advise on legal exposure, or direct emergency removal where necessary.

1.20                    Stage 5 – Final internal decision

• After all evidence and risks have been evaluated, a final decision must be reached regarding whether to:
  • Retain the content

• Reinstate the content

• Reinstate with edits or redactions

• Remove the content entirely

• Restrict visibility (temporary or permanent)

• Place account warnings, suspensions or permanent bans

• The decision must be:

• Clearly documented in the case file

• Supported by reasoning tied to policy

• Structured so that it can be explained neutrally to both parties

• A summary of the decision must then be prepared for communication under Section

Outcomes

• After completing the investigation described in Section 6, WhichPad UK Ltd must determine the appropriate outcome for the content and the users All outcomes must be proportionate, consistent with platform policies, and recorded fully in the moderation log.

1.22                    Retain the content

Content must be retained where:

• The review is genuine, fair and policy-compliant

• Verification evidence supports the reviewer’s experience (where requested)

• The content poses no legal, safety or reputational risk

• The report is unfounded or appears to be an attempt to silence legitimate criticism

• The reviewer and reporting party will be informed of the decision in accordance with Section 8.

1.23                    Reinstate previously removed or hidden content

Content that was temporarily hidden during investigation should be reinstated where:

• The reviewer provides sufficient verification

• Concerns raised are resolved or disproven

• No breach of the Review Moderation Policy is identified

• Reinstatement may include redactions where

1.24                    Reinstate with edits or redactions

Edits or redactions may be applied to content that is largely acceptable but contains:

• Personal Data that must be removed

• Confidential or sensitive information

• Wording that could expose the reviewer or platform to legal risk

• Statements presented as fact that require softening into opinion

• Unnecessary naming of private individuals

• Edits must be minimal and must not alter the substantive meaning of the

1.25                    Remove the content

Removal is required where:

• The review clearly breaches the Review Moderation Policy

• The reviewer cannot verify their experience when reasonably requested

• The review is fabricated, misleading or materially inaccurate

• The content contains defamatory or harmful statements

• The content includes sensitive Personal Data

• Safety concerns or legal obligations require removal

• The reviewer fails to respond to a verification request within seven days

• Removal decisions must be documented clearly with the reasons

1.26                    Restrict visibility

In certain cases, it may be appropriate to restrict visibility of content, such as:

• Temporary restriction during ongoing legal review

• Platform-decided restriction when content is borderline but not clearly unlawful

• Reduction of visibility for replies from agents that are unprofessional but not defamatory
• Visibility restrictions may be lifted following further

1.27                    Account warnings

A warning may be issued where a user:

• Posts content that is non-compliant but not malicious

• Breaches policies unintentionally

• Submits a review that requires removal due to lack of evidence, but not clear misconduct

• Warnings must be recorded

1.28                    Account suspension or removal

Suspension or account closure is appropriate where a user:

• Repeatedly violates moderation rules

• Posts fake or manipulated content

• Engages in harassment or abusive conduct

• Attempts to influence reviews improperly

• Operates multiple accounts to distort ratings

• Behaves in a way that risks platform integrity or legal exposure

• Permanent removal must be approved by senior

1.29                    Actions relating to agents and business users

Letting agents and business users may also be subject to moderation outcomes. These include:

• Instructions to amend or remove replies that breach WhichPad UK Ltd policies

• Warnings for unprofessional conduct

• Suspension of business features for repeated violations

• Revocation of agency account access in serious cases

• Any action against an agent must be proportionate and in line with the Terms of

1.30                    Internal flags and escalation

If content reveals broader concerns, WhichPad UK Ltd staff may raise internal flags relating to:

• Coordinated fake reviews

• Agency misconduct

• Systemic policy abuse

• Emerging legal or reputational risks

• Such cases must be escalated to the Senior Reviewer for further

Communication with parties

• Once a final decision has been reached in accordance with Section 6, WhichPad UK Ltd must communicate the outcome to the relevant parties. Communications must be neutral, factual and consistent with legal obligations and internal policies.
• All communications must be logged in the case file, including copies of emails sent and all correspondence received.

1.33                    Communication with the reviewer

Where a review has been challenged, amended, restricted or removed, the reviewer must be notified unless:

• The reviewer is anonymous and cannot be contacted, or

• The reviewer has deactivated their

The notification must:

• Explain the outcome in clear and neutral terms

• Reference the relevant section of the Review Moderation Policy or Terms of Service

• Inform the reviewer of any required edits or next steps

• Explain where evidence was required but not provided

• Avoid disclosing any information provided by the reporting party

• Avoid offering legal advice

• If the review remains published, the reviewer should be reminded of the importance of complying with platform policies. If the review is removed, the reviewer should be informed that repeated violations may lead to account restrictions.

1.34                    Communication with the reporting party

The reporting party (user, agent, landlord or third party) must receive a neutral summary of the decision. The communication must:

• Confirm that the review has been fully investigated

• State the outcome (retained, edited, reinstated, removed, restricted)

• Refer to the relevant internal policies

• Avoid sharing any verification evidence or Personal Data relating to the reviewer

• Avoid describing the reviewer’s explanation or circumstances

• Avoid giving the impression that WhichPad UK Ltd “endorses” reviewer statements

• All communications must maintain strict neutrality and avoid any commentary on the merits of either side.

1.35                    Communication with letting agents and business users

If the dispute involves a letting agent or business user, communications must be especially careful. The communication must:

• Remain professional and non-confrontational

• Avoid detailed justifications beyond policy reasons

• Avoid providing internal reasoning that could be used as leverage in legal disputes

• Remind agents of their responsibilities under the Terms of Service

• Clarify that reviewer identity cannot be disclosed without a valid court order

If an agent reply has been edited, restricted or removed, the agent must be informed of:

• The specific policy breach

• Any future expectations for compliance

• the consequences of repeated breaches

1.36                    Communication with solicitors or other legal representatives

Where a complaint or takedown request is issued by a solicitor or legal representative:

• WhichPad UK Ltd must reply using factual, neutral and policy-based language

• Internal or reviewer evidence must not be disclosed

• Reviewer identity must only be disclosed upon receipt of a valid court order

• legal correspondence must be escalated under Section 10 before a final response is sent

Communications must avoid:

• Acknowledging liability

• Offering concessions beyond policy

• Making any comment on the legal merits of the underlying dispute

1.37                    Communication with regulators or law enforcement

If a regulator or law enforcement agency contacts WhichPad UK Ltd:

• The matter must be escalated immediately under Section 10

• Responses must be issued only by the authorised senior team member

• Requests for data must be handled in accordance with the Privacy Policy and legal requirements
• Disclosure of reviewer identity or verification information must only occur where legally

1.38                    Documentation of communications

Every communication sent or received must be stored in the case file, including:

• Emails

• Internal notes

• Screenshots

• Formal letters

• Updates from reviewers, agents or solicitors

• This is essential for audit purposes, legal compliance and ensuring consistency across future cases.

Record-keeping

• Accurate and comprehensive record-keeping is essential to ensure consistency, accountability and legal compliance in all content moderation and dispute-handling operations. Every case handled under this procedure must be fully documented from intake through to final

1.40                    Creation and maintenance of the case file

For every report, complaint, or takedown request, an internal case file must be created. The case file must include:

• The date and time the report was received

• The name or identifier of the staff member assigned to the case

• The identities or profile IDs of all relevant users (reviewer, reporting party, agent)

• The URL of the review, reply or content in question

• A summary of the issue raised

• The initial risk assessment carried out at intake

• Copies of all evidence submitted by any party

• Copies of all correspondence sent and received

• A log of every action taken

• The final decision and the reasoning for it

• Any follow-up actions required

• The case file must remain up-to-date throughout the

1.41                    Preservation of content and evidence

Before modifying or removing any content, WhichPad UK Ltd staff must ensure that the following are preserved:

• The full text of the original review or agent reply

• Screenshots showing how the review appeared on the platform

• Any metadata available (for example timestamps, internal IDs)

• Any evidence submitted by reviewers or reporting parties

• Evidence must be stored securely and handled in accordance with the Privacy Policy and UK GDPR.

1.42                    Storage and security

All case files must be stored in WhichPad UK Ltd’s secure internal moderation system. Access must be limited to:

• Authorised moderation staff

• The Senior Reviewer

• Legal counsel (internal or external) where necessary

• Reviewer evidence and Personal Data must never be stored on personal devices or unapproved locations.

1.43                    Retention period

Case files, including removed reviews or correspondence relating to them, must be retained for as long as reasonably necessary for:

• Audit purposes

• legal defence

• Regulatory compliance

• Maintaining platform integrity

• Retention must follow the periods set out in the Privacy Policy for relevant data categories. Where content has been anonymised, it may be retained indefinitely for statistical or operational purposes.

1.44                    Audit and quality assurance

To ensure consistency and compliance:

• The Senior Reviewer must conduct periodic audits of closed case files

• At least one audit must take place each quarter

• Audits must assess the quality of reasoning, adherence to policy, and timeliness of responses
• Any patterns of errors, delays, or policy misapplications must be documented and addressed through training or updated guidance.

1.45                    Documentation of escalated cases

Where a case has been escalated internally or externally:

• The escalation pathway must be documented

• All legal advice received must be stored in the case file

• Any communications with regulators or law enforcement must be attached

• Any court orders must be copied verbatim and retained

• Cases involving legal threats, reputational risk or requests for reviewer identity must be flagged for long-term retention.

Escalation rules

• Certain cases carry heightened legal, safety or reputational risk and must be escalated promptly to senior staff or legal counsel. Escalation ensures that WhichPad UK Ltd handles complex or high-risk matters consistently, lawfully and with appropriate No member of staff should attempt to resolve an escalated matter alone.

1.47                    When escalation is required

• A case must be escalated immediately where any of the following

1.47.1     Legal risk indicators

Escalation must occur where the report or content involves:

• Threats of legal action

• Pre-action correspondence, letters before claim, or solicitor communications

• Allegations of defamation, fraud, or criminal conduct

• Requests for reviewer identity or verification evidence

• Potential breaches of confidentiality obligations

• Intellectual property or copyright complaints

• Court orders, injunctions, or requests for urgent relief

1.47.2     Safety and harm indicators

Escalation must occur where the content or report includes:

• Harassment, threats, discrimination or hate speech

• Disclosures relating to harm, self-harm or the safety of users

• Doxxing or exposure of sensitive information

• Content that may endanger the reviewer or a third party

1.47.3     Data protection and privacy indicators

Escalation must occur where:

• A data protection rights request is received (including subject access requests)

• A reviewer’s Personal Data may need to be disclosed

• There is a request to alter or delete Personal Data that affects platform integrity

• The case could create a risk of non-compliance with UK GDPR

1.47.4     Platform integrity concerns

Escalation must occur where:

• There are signs of coordinated fake reviews

• Multiple accounts appear to be linked to manipulation

• An agency or business user is engaging in systematic policy breaches

• The issue has reputational implications for WhichPad UK Ltd

• The case may set a precedent for future platform decisions

1.47.5     Business and commercial concerns

Escalation must occur where:

• The case could affect relationships with letting agencies or business users

• The dispute relates to a paying business customer (now or post-monetisation)

• There is a risk that moderation decisions may impact commercial partnerships

1.48                    Who to escalate to

• Escalation must follow the internal hierarchy:

1. Moderation Lead – First point of escalation for all

2. Head of Operations / Senior team member – Escalate where the Moderation Lead identifies legal, safety or reputational risk.
3. Internal or external legal counsel – Required for defamation risk, data disclosure requests, court orders or any case that may expose the company to legal liability.
4. Directors / Founders – Escalate only where:

• Litigation is threatened
• The case may attract media attention
• The case may affect commercial relationships

• The case concerns platform-wide integrity or safety

1.49                    Responsibilities during escalation

The WhichPad UK Ltd staff member escalating the matter must ensure:

• The case file is complete and up to date

• All correspondence is included

• A short summary of the issue and risks is prepared

• No commitments or assurances are given to external parties before escalation

• The content is temporarily hidden if continuing publication risks harm

• The Senior Reviewer or legal counsel will decide whether:

• Further evidence is required

• The review must be removed immediately

• A response must be delayed pending legal assessment

• The case requires external legal advice

• The requester should be informed of the escalation

1.50                    Temporary measures during escalation

While escalation is in progress, the WhichPad UK Ltd staff may:

• Temporarily hide or restrict the review

• Turn off replies for the property or agent in question

• Block further edits to the review

• Suspend any automated actions relating to the review

• Place the reviewer or reporting party on hold

• Restrict account functions where needed for safety

• These measures must be proportionate and recorded in the case

1.51                    Finalising escalated cases

After senior or legal review:

• A final decision must be documented

• The reasoning must be added to the case file

• All communications must follow Section 8

• Any long-term risks identified must be escalated for policy review

• Learning outcomes must be flagged for moderation training

• Escalated cases must not be closed until all risks, legal considerations, and communication requirements have been fully addressed.

Compliance with law enforcement and regulatory bodies

• WhichPad UK Ltd may occasionally receive correspondence, notices, or requests from law enforcement agencies, regulators, public authorities or other statutory bodies. This section sets out the internal process for handling such requests to ensure full legal compliance, proper escalation and the protection of user rights.

1.53                    Mandatory escalation

• All law enforcement or regulatory enquiries must be escalated immediately to the senior moderation lead and to legal No member of staff may respond independently or disclose any information without prior authorisation.

1.54                    Types of requests covered

This section applies to any communication from:

• Police forces in the UK or abroad

• The courts or judiciary

• The Information Commissioner’s Office

• Trading Standards or other consumer regulators

• Government departments

• Financial crime, fraud, or safeguarding bodies

• Any public authority authorised to request information

• These bodies may request:

• Disclosure of user data

• Preservation of data

• Removal or restriction of content

• Assistance in criminal or regulatory investigations

1.55                    Verification of the requesting authority

Before responding to any request, staff must confirm:

• The identity of the requesting organisation

• The official capacity of the individual contacting WhichPad UK Ltd

• That the request is genuine (for example, from an official domain)

• that the scope of the request is lawful and sufficiently specific

• If authenticity cannot be verified, no data must be

1.56                    Legal basis for disclosure

WhichPad UK Ltd may only disclose Personal Data where:

• Required by a court order

• Required by law or statutory instrument

• Permitted by UK GDPR (for example for the prevention or detection of crime)
• Required to comply with regulatory obligations

• Any uncertainty must trigger legal

• Reviewer identity or verification evidence must never be disclosed without a valid legal basis, and never voluntarily.

1.57                    Preservation of data

If a regulator or law enforcement body requests data preservation:

• WhichPad UK Ltd staff must immediately secure the relevant content and account data
• No modifications or deletions may take place

• All actions must be documented in the case file

• Preservation does not permit disclosure unless separately

1.58                    Disclosure process

Where disclosure is legally required:

• Legal counsel will specify the scope and type of data that may be disclosed

• Only the minimum necessary data will be provided

• No contextual commentary or editorial opinion must be included The disclosure must be logged in the case file, including:
  • Date and time
  • Authority requesting disclosure
  • The legal basis relied on
  • The data disclosed

1.59                    Content removal requests

If a regulator or court directs WhichPad UK Ltd to remove content:

• Removal must occur immediately

• The reviewer must be notified unless prohibited by law

• Evidence must be preserved before removal

• The moderation log must be updated accordingly

• If an authority merely requests removal, legal counsel must confirm whether the request has binding force.

1.60                    Confidentiality and non-disclosure obligations

Staff must not inform the reviewer or reporting party of a law-enforcement enquiry where:

• The authority prohibits notification, or

• Doing so would risk obstructing an investigation

• Legal counsel will determine when, and whether, a user may be

1.61                    Reporting obligations

If WhichPad UK Ltd is subject to regulatory reporting duties (for example under consumer protection or information security regulations):

• The senior leadership team must be informed

• Any required reports must be submitted by the appropriate authorised person
• Compliance actions must be documented and retained for audit purposes

1.62                    Training and awareness

All staff involved in moderation and legal processes must receive periodic training on:

• Recognising regulatory notices

• Lawful disclosure of data

• Handling of police or court correspondence

• Privacy and safeguarding obligations

• Training must be refreshed at least

Interaction with other internal policies

• This internal procedure forms part of WhichPad UK Ltd’s wider governance framework for user-generated content and must be applied alongside other internal and external-facing

1.64                    Relationship with the Website Terms of Service

The Terms of Service set out the rules for users and agents when interacting with the platform. This procedure provides the internal process for enforcing those rules. If there is any inconsistency between the Terms and internal procedures, the Terms take precedence.

1.65                    Relationship with the Review Moderation Policy

The Review Moderation Policy defines which content is permitted, restricted or prohibited. This procedure sets out how WhichPad UK Ltd internally investigates breaches of that policy. All decisions must reflect the standards described in the Moderation Policy.

1.66                    Relationship with the Privacy Policy

The Privacy Policy governs how WhichPad UK Ltd collects, stores and uses Personal Data. This procedure incorporates those principles and provides operational guidance on:

• Verification evidence

• Handling Personal Data during disputes

• Responding to data protection requests

• Restrictions on disclosure of reviewer identities

• In the event of any conflict, the Privacy Policy

1.67                    Relationship with the Cookie Policy

Content and dispute processes may require reference to technical logs or usage data (such as IP addresses, device data or session patterns). Access to such data must comply with the Cookie Policy and all applicable privacy standards.

1.68                    Relationship with safety and security procedures

Safety-related reports (harassment, threats, doxxing, discrimination) must be escalated in accordance with Section 10 and addressed consistently with any internal safeguarding or crisis- response procedures.

1.69                    Relationship with commercial and business policies

As WhichPad UK Ltd begins monetising platform services, disputes involving business accounts, paying customers or commercial relationships must be handled with heightened care. WhichPad UK Ltd staff must follow all additional commercial protocols adopted by the company as the platform evolves.

1.70                    Collective application

These policies should be read together. No single policy overrides the need for:

• Legal compliance

• Internal documentation

• Fairness and neutrality

• Protection of users’ rights

• Where uncertainty arises, WhichPad UK Ltd staff must seek guidance from senior leadership or legal counsel.

Periodic review and updates

• This internal procedure must be reviewed regularly to ensure it remains current, legally compliant and effective. It must reflect changes in legislation, regulatory guidance, platform functionality, and operational needs.

1.72                    Scheduled review cycle

A formal review must take place:

• Every 12 months as part of the company’s annual policy review cycle, or

• More frequently where required by changes in law, regulation, or business operations

1.73                    Trigger-based reviews

In addition to scheduled reviews, this procedure must be updated where:

• New legislation or case law affects platform obligations

• WhichPad UK Ltd introduces new features that change moderation workflows

• Significant disputes highlight gaps in existing processes

• Regulators, auditors or legal counsel recommend amendments

• Monetisation changes introduce new categories of risk

• Systemic abuse or safety issues reveal weaknesses in policy

1.74                    Responsibility for review

The following roles hold responsibility for review and approval:

• Moderation Lead: drafts amendments and identifies operational issues

• Legal Counsel: ensures compliance with UK law and platform liability obligations

• Senior Leadership / Directors: approve final policy versions

1.75                    Version control

Every update must be recorded in the policy’s version control log, including:

• Date of revision

• Summary of changes

• Roles responsible

• Reason for update

• Cross-references to any new procedures created

1.76                    Staff notification and training

Once updated, all moderation and support staff must be:

• Notified promptly of changes

• Provided with a summary of the amendments

• Trained, where necessary, on new processes or obligations

• Compliance with updated procedures must be

1.77                    Archiving

Previous versions must be retained securely for audit, legal and historical reference, in accordance with the retention rules in the Privacy Policy and Section 9 of this document.

Policy ownership and governance

• This procedure is a core governance document of WhichPad UK Ltd and forms part of the company’s internal compliance framework. It sets out the responsibilities for oversight, implementation and enforcement of all processes relating to content moderation, takedown requests and dispute handling.

1.79                    Policy owner

The primary owner of this policy is the Moderation Lead, who is responsible for:

• Day-to-day supervision of the policy

• Ensuring consistent application across all moderation activities

• Coordinating with staff involved in dispute-handling

• Identifying emerging operational challenges or risks

• Proposing updates or amendments during periodic reviews

1.80                    Executive oversight

Ultimate responsibility for this policy rests with the Directors of WhichPad UK Ltd, who are responsible for:

• Approving new versions of the policy

• Ensuring that necessary resources are allocated

• Reviewing escalated disputes and legal risks

• Ensuring that company-wide governance standards are met

• Overseeing compliance with regulatory and legal obligations

1.81                    Legal oversight

Legal counsel, whether internal or external, is responsible for:

• Reviewing proposed updates for legal compliance

• Advising on escalated disputes under Section 10

• Advising on disclosure processes under Section 11

• Ensuring that the policy aligns with obligations under defamation law, UK GDPR, consumer protection law and the online platform framework
• Supporting risk mitigation strategies

1.82                    Implementation responsibility

The following teams are responsible for implementing this policy:

• Moderation Team: operational handling of reports, investigations and outcomes

• User Support Team: responding to enquiries, assisting reviewers and agents

• Technical Team: supporting evidence preservation, log access and security

• Business Account Team: ensuring agents and landlords comply with platform rules, especially once monetisation begins
• Each team must ensure that their procedures and day-to-day activities align fully with this document.

1.83                    Reporting and accountability

The Moderation Lead must submit quarterly reports to the Directors summarising:

• Volume and types of disputes handled

• Outcomes and trends

• Escalated cases and resolution times

• Emerging risks or systemic issues

• Recommendations for training, platform safeguards or policy updates

• Directors may request additional reporting at any

1.84                    Training and competence

WhichPad UK Ltd Staff responsible for applying this policy must receive:

• Onboarding training

• Annual refresher training

• Training following any material updates

• Specialist training where appropriate, such as on defamation risk or data protection

• Training records must be maintained as part of internal compliance

1.85                    Non-compliance

Failure to comply with this policy may:

• Undermine platform integrity

• Increase legal or reputational risk

• Lead to internal disciplinary action where appropriate

• Any suspected non-compliance must be reported to the Moderation Lead or Directors

1.86                    Continuous improvement

This policy is a living document. Feedback from WhichPad UK Ltd staff, reviewers, agents, legal counsel and audits must inform:

• Iterative improvements

• Clarification of internal procedures

• Adjustments to reflect platform growth and monetisation
• • The Moderation Lead is responsible for ensuring that continuous improvement is embedded into the document’s lifecycle.Adaptations to new legal or regulatory develop
    

    Purpose

    • This internal procedure sets out how WhichPad UK Ltd identifies, investigates, and resolves all content-related issues on the Whichpad.com (“the Site”). It provides a clear and consistent framework for responding to content takedown requests, review disputes, complaints about accuracy or fairness, and any concerns raised by users, letting agents, landlords or third parties.
    • The purpose of this procedure is to ensure that all content on the Site is managed in a fair, transparent and legally compliant It is designed to support the integrity of the review

    system, protect users’ rights, uphold our moderation standards, and minimise legal and reputational risk to WhichPad UK Ltd. This includes ensuring that all decisions taken are consistent with the Website Terms of Service, the Consumer Reviews and Moderation Policy, the Privacy Policy, and any applicable legal obligations, including defamation law, consumer protection law, and UK data protection law.

    • This procedure ensures that all takedown and dispute-handling processes are documented, managed promptly, and applied consistently across the Site. It also provides clear internal guidance for staff on when to escalate matters, how to assess risk, and how decisions should be recorded and

    Scope

    • This procedure applies to all content published, submitted or displayed on the Site, and to every request, complaint, or dispute relating to that content. It governs how WhichPad UK Ltd handles reported reviews, takedown requests, disputes over accuracy, allegations of harmful or misleading content, and any issues concerning the conduct of users or agents on the platform.
    • The scope of this procedure extends to all reviews, ratings, uploaded photos, replies from letting agents, and any other user-generated material hosted on the website. It also covers all reports submitted through the reporting tools on the Site, all enquiries or complaints sent to WhichPad UK Ltd directly by email, and any notices or correspondence received from solicitors, regulators, law enforcement or other third parties.
    • This procedure applies to all internal staff members involved in content moderation, dispute handling, legal review, user support, or any decision-making related to user-generated content. It also applies to all stages of the lifecycle of a review, from initial submission and automated checks through to final publication, moderation, removal, or reinstatement.
    • This procedure does not govern internal employment matters, commercial negotiations unrelated to the Site content, or disputes between staff members. It is limited to content and conduct occurring on, or directly related to, the Site.

    Key principles

    • WhichPad UK Ltd applies the following principles to all decisions relating to content moderation, takedown requests, and dispute These principles ensure that the platform remains fair, trustworthy and legally compliant, and that decisions are consistent across all cases.

    3.2   Fairness and neutrality

    All decisions are made impartially. WhichPad UK Ltd does not take sides between a reviewer and a letting agent or landlord. Evidence is assessed objectively.

    3.3   Integrity of the review system

    Reviews must reflect genuine user experiences. All moderation and dispute-handling steps are designed to protect the accuracy, reliability, and credibility of the platform.

    3.4   Verification where required

    If the authenticity or accuracy of a review is challenged, the reviewer may be asked to provide verification evidence. Failure to provide verification may lead to removal of the review. Evidence may also be requested by the challenger.

    3.5   Protection of Personal Data

    Reviewer identity and verification information are not disclosed unless legally required, such as on receipt of a valid court order. All processing follows the Privacy Policy contained on the Site and UK GDPR.

    3.6   Minimum necessary intervention

    Where possible, issues are resolved with the least intrusive action, such as redacting Personal Data or adjusting content, rather than full removal. Complete removal is reserved for content that is unlawful or in breach of policy.

    3.7   Compliance with legal obligations

    Decisions consider relevant laws including defamation, data protection legislation including UK GDPR, consumer protection, harassment, intellectual property rights, and platform regulation.

    3.8   Transparency with users and agents

    Communication with all parties must be clear, factual and neutral. Moderation decisions must be explained without disclosing confidential or private evidence.

    3.9   Consistency and documentation

    All decisions, actions taken, correspondence and evidence must be recorded in the internal moderation log to ensure traceability and consistency across cases.

    3.10          Early escalation where risk is identified

    Matters involving threats of legal action, allegations of criminal conduct, risks to safety or mental health, or requests for Personal Data must be escalated promptly to the senior team or legal counsel.

    Types of requests covered by this procedure

    • This procedure applies to all categories of content-related issues encountered on the Site. The following types of requests, reports, and disputes are managed under this internal

    1.2        User-generated review disputes

    These include disputes arising directly from reviewers about their own content, such as:

    • Challenges to the removal or non-publication of a review;
    • Requests to amend, update or clarify a review;
    • Complaints regarding moderation decisions;
    • Disputes over compliance with the Review Moderation

    1.3   Reported reviews submitted through the reporting tools

    These include reports made by users, letting agents, landlords or third parties alleging that a review:

    • Is inaccurate, misleading or untrue;
    • Breaches the Review Moderation Policy;
    • Contains defamatory or harmful content;
    • Includes Personal Data of a third party;
    • Contains confidential or sensitive information;
    • Breaches privacy, harassment or other legal standards;
    • Has been posted by someone with a conflict of

    1.4   Formal takedown requests

    These include structured or legally framed requests, including those from:

    • Letting agents or landlords seeking removal of negative reviews;
    • Businesses claiming reputational harm;
    • Solicitors acting for clients alleging defamation or privacy breaches and’
    • Individuals claiming impersonation, identity misuse or

    Takedown requests may be informal (email complaints) or formal (letters before action).

    1.5   Legal, regulatory or law-enforcement notices

    These include any notices requiring specific procedural handling, such as:

    • Pre-action letters or threats of litigation;
    • Data protection rights requests, including subject access requests;
    • Requests for reviewer identity or verification information;
    • Take-down notices based on privacy, harassment, defamation or intellectual property rights;
    • Reports of suspected criminal activity;
    • Court orders requiring content removal or data disclosure Legal notices must be escalated immediately under Section 10.

    1.6   Platform misuse and integrity issues

    These involve threats to the integrity and trustworthiness of the review system, including:

    • Fake reviews;
    • Coordinated manipulation of ratings;
    • Reviews submitted by non-genuine users;
    • Incentive-based reviews that are not disclosed;
    • Spam, advertising or self-promotion disguised as reviews and;
    • Account sharing or multiple accounts created to influence

    1.7   Safety-related reports

    These are treated with urgency and include:

    • Threats, harassment or abusive conduct;
    • Discriminatory, hate-based or harmful language;
    • Safety risks to users or staff and;
    • Doxxing or disclosure of sensitive

    1.8   Requests relating to agent or business replies

    Where a letting agent or landlord posts a reply that is:

    • Factually incorrect;
    • Defamatory towards the reviewer;
    • In breach of the Terms of Service;
    • Containing Personal Data of the reviewer without consent;
    • Written in aggressive or unprofessional

    These disputes must be handled with the same rigour as user reviews.

    Intake and Acknowledgement

    • This section sets out how WhichPad UK Ltd receives, records and acknowledges all content- related reports, complaints, and takedown It ensures that every request is tracked from the moment it arrives and that no report is overlooked or left unaddressed.

    1.10                    Channels for receiving reports

    WhichPad UK Ltd may receive reports or takedown requests through the following channels:

    • The in-platform “Report this review” function
    • Direct emails sent to hello@whichpad.com

     

    • Website contact forms
    • Messages submitted by letting agents through their business accounts
    • Correspondence from solicitors, regulators or law-enforcement bodies

    All staff handling incoming reports must monitor these channels regularly and ensure that any report is captured in the internal case management system.

    1.11                    Creation of an internal case file

     

    Every report must result in the creation of an internal case file within the moderation log. The case file must include:

    • The date and time the report was received
    • The source of the report (for example user, agent, solicitor, regulator, anonymous)
    • The URL of the review or content in question
    • The profile ID of the reviewer and the reporting party
    • A summary of the issue raised
    • Whether the report appears urgent or high-risk
    • The name of the staff member responsible for handling the case

    If a report is incomplete or unclear, WhichPad UK Ltd must record what additional information is required.

    1.12                    Acknowledgement of receipt

     

    Where the reporting party has provided contact information, WhichPad UK Ltd must acknowledge receipt of the report within 48 hours. The acknowledgement must:

    • Confirm that the report has been received
    • Explain that an internal assessment is underway
    • Provide a general timeframe for next steps
    • Avoid giving legal opinions, making commitments or commenting on the strength of the

    Anonymous reports cannot be acknowledged but must still be logged.

    1.13                    Initial triage and urgency assessment

     

    Upon receipt, the responsible staff member must carry out an initial triage to determine whether the reported content requires immediate action. The review is considered urgent if it contains:

    • Explicit threats or harassment
    • Discriminatory, hate-based or abusive language
    • Sensitive Personal Data or doxxing
    • Unfounded allegations of criminality
    • Clear defamation risk
    • Confidential business information
    • Safety risks to the reviewer, staff or public

    Where urgency criteria are met, the content must be temporarily hidden pending investigation, and the urgency recorded in the case file.

    1.14                    Preservation of evidence

     

    Before any content is altered, removed or edited, staff must:

    • Save a copy of the original review or response
    • Capture screenshots showing timestamps
    • Record any associated metadata available internally

    This ensures that evidence is preserved for audit, compliance, and potential legal purposes.

    Internal Investigation Process

    • This section sets out the steps WhichPad UK Ltd must take after a report or takedown request has been The purpose of the investigation process is to ensure that every case is handled fairly, consistently and with proper documentation while protecting users’ rights and reducing legal and reputational risk.

    1.16                    Stage 1 – Initial assessment (within 7 working days)

    • The responsible WhichPad UK Ltd staff member must review:
    • The content of the review or agent reply
    • The report submitted
    • Any contextual information in the case file
    • The Review Moderation Policy and Website Terms
    • Whether the issue appears to present legal, safety or reputational risk
    • At this stage, the WhichPad UK Ltd staff member must identify whether:
    • The content clearly breaches platform policy
    • The issue requires a verification request
    • The issue requires additional evidence gathering
    • The content should be temporarily hidden
    • The matter should be escalated immediately
    • If the breach is obvious or the risk is high, temporary removal is appropriate pending full

    1.17                    Stage 2 – Verification request to reviewer

    • Where the authenticity, accuracy or fairness of a review is in doubt, the WhichPad UK Ltd staff must request verification evidence from the reviewer. The request should:
      • Be sent to the verified email address associated with the reviewer’s account
    • Specify which part of the review requires clarification or evidence
    • Give the reviewer seven days to respond
    • Explain that failure to provide evidence may result in removal
    • Remind the reviewer that evidence will not be shared with third parties unless required by law.
    • Examples of acceptable evidence may include tenancy confirmation, screenshots of communications, proof of viewing or legitimate interaction with the property or agent.
    • If the reviewer responds, the WhichPad UK Ltd staff must:
    • Record all evidence in the internal case file
    • Ensure all Personal Data is handled in accordance with the Privacy Policy
    • Ensure that no evidence is shared outside the company without a proper legal basis

    1.18                    Stage 3 – Evaluation of evidence

    • Once evidence has been provided, or the reviewer has failed to respond, the WhichPad UK Ltd staff must assess:
      • Whether the reviewer had a genuine experience
    • Whether the review remains fair, honest and not misleading
    • Whether the issue relates to factual accuracy, opinion or tone
    • Whether any elements of the review require redaction or amendment
    • Whether the content breaches the Review Moderation Policy
    • Whether there is any legal risk (for example defamation, harassment, privacy breach)
    • Whether the review should be upheld, edited, reinstated or removed
    • All assessments must be objective, documented and based on the principles in Section

    1.19                    Stage 4 – Legal and senior escalation

    • The matter must be escalated immediately to the WhichPad UK Ltd’s senior moderation lead or legal counsel (“the Senior Reviewer”) where:
    • Solicitors’ letters or pre-action correspondence are received
    • The complaint alleges defamation, harassment or criminal conduct
    • A requester seeks the identity of a reviewer
    • The content includes sensitive Personal Data
    • A court order is received
    • The case may impact platform integrity or business reputation
    • The reviewer or agent makes threats of legal action
    • A senior review must include consideration of:
    • Relevant clauses of the Website Terms
    • The Review Moderation Policy
    • The Privacy Policy’s restrictions on disclosure
    • Applicable law, including defamation, data protection and consumer protection
    • The Senior Reviewer may request additional evidence, advise on legal exposure, or direct emergency removal where necessary.

    1.20                    Stage 5 – Final internal decision

    • After all evidence and risks have been evaluated, a final decision must be reached regarding whether to:
      • Retain the content
    • Reinstate the content
    • Reinstate with edits or redactions
    • Remove the content entirely
    • Restrict visibility (temporary or permanent)
    • Place account warnings, suspensions or permanent bans
    • The decision must be:
    • Clearly documented in the case file
    • Supported by reasoning tied to policy
    • Structured so that it can be explained neutrally to both parties
    • A summary of the decision must then be prepared for communication under Section

    Outcomes

    • After completing the investigation described in Section 6, WhichPad UK Ltd must determine the appropriate outcome for the content and the users All outcomes must be proportionate, consistent with platform policies, and recorded fully in the moderation log.

    1.22                    Retain the content

    Content must be retained where:

    • The review is genuine, fair and policy-compliant
    • Verification evidence supports the reviewer’s experience (where requested)
    • The content poses no legal, safety or reputational risk
    • The report is unfounded or appears to be an attempt to silence legitimate criticism
    • The reviewer and reporting party will be informed of the decision in accordance with Section 8.

    1.23                    Reinstate previously removed or hidden content

    Content that was temporarily hidden during investigation should be reinstated where:

    • The reviewer provides sufficient verification
    • Concerns raised are resolved or disproven
    • No breach of the Review Moderation Policy is identified
    • Reinstatement may include redactions where

    1.24                    Reinstate with edits or redactions

    Edits or redactions may be applied to content that is largely acceptable but contains:

    • Personal Data that must be removed
    • Confidential or sensitive information
    • Wording that could expose the reviewer or platform to legal risk
    • Statements presented as fact that require softening into opinion
    • Unnecessary naming of private individuals
    • Edits must be minimal and must not alter the substantive meaning of the

    1.25                    Remove the content

    Removal is required where:

    • The review clearly breaches the Review Moderation Policy
    • The reviewer cannot verify their experience when reasonably requested
    • The review is fabricated, misleading or materially inaccurate
    • The content contains defamatory or harmful statements
    • The content includes sensitive Personal Data
    • Safety concerns or legal obligations require removal
    • The reviewer fails to respond to a verification request within seven days
    • Removal decisions must be documented clearly with the reasons

    1.26                    Restrict visibility

    In certain cases, it may be appropriate to restrict visibility of content, such as:

    • Temporary restriction during ongoing legal review
    • Platform-decided restriction when content is borderline but not clearly unlawful
    • Reduction of visibility for replies from agents that are unprofessional but not defamatory
    • Visibility restrictions may be lifted following further

    1.27                    Account warnings 

    A warning may be issued where a user:

    • Posts content that is non-compliant but not malicious
    • Breaches policies unintentionally
    • Submits a review that requires removal due to lack of evidence, but not clear misconduct
    • Warnings must be recorded

    1.28                    Account suspension or removal

    Suspension or account closure is appropriate where a user:

    • Repeatedly violates moderation rules
    • Posts fake or manipulated content
    • Engages in harassment or abusive conduct
    • Attempts to influence reviews improperly
    • Operates multiple accounts to distort ratings
    • Behaves in a way that risks platform integrity or legal exposure
    • Permanent removal must be approved by senior

    1.29                    Actions relating to agents and business users

    Letting agents and business users may also be subject to moderation outcomes. These include:

    • Instructions to amend or remove replies that breach WhichPad UK Ltd policies
    • Warnings for unprofessional conduct
    • Suspension of business features for repeated violations
    • Revocation of agency account access in serious cases
    • Any action against an agent must be proportionate and in line with the Terms of

    1.30                    Internal flags and escalation

    If content reveals broader concerns, WhichPad UK Ltd staff may raise internal flags relating to:

    • Coordinated fake reviews
    • Agency misconduct
    • Systemic policy abuse
    • Emerging legal or reputational risks
    • Such cases must be escalated to the Senior Reviewer for further

    Communication with parties

    • Once a final decision has been reached in accordance with Section 6, WhichPad UK Ltd must communicate the outcome to the relevant parties. Communications must be neutral, factual and consistent with legal obligations and internal policies.
    • All communications must be logged in the case file, including copies of emails sent and all correspondence received.

    1.33                    Communication with the reviewer

    Where a review has been challenged, amended, restricted or removed, the reviewer must be notified unless:

    • The reviewer is anonymous and cannot be contacted, or
    • The reviewer has deactivated their

    The notification must:

    • Explain the outcome in clear and neutral terms
    • Reference the relevant section of the Review Moderation Policy or Terms of Service
    • Inform the reviewer of any required edits or next steps
    • Explain where evidence was required but not provided
    • Avoid disclosing any information provided by the reporting party
    • Avoid offering legal advice
    • If the review remains published, the reviewer should be reminded of the importance of complying with platform policies. If the review is removed, the reviewer should be informed that repeated violations may lead to account restrictions.

    1.34                    Communication with the reporting party

    The reporting party (user, agent, landlord or third party) must receive a neutral summary of the decision. The communication must:

    • Confirm that the review has been fully investigated
    • State the outcome (retained, edited, reinstated, removed, restricted)
    • Refer to the relevant internal policies
    • Avoid sharing any verification evidence or Personal Data relating to the reviewer
    • Avoid describing the reviewer’s explanation or circumstances
    • Avoid giving the impression that WhichPad UK Ltd “endorses” reviewer statements
    • All communications must maintain strict neutrality and avoid any commentary on the merits of either side.

    1.35                    Communication with letting agents and business users

    If the dispute involves a letting agent or business user, communications must be especially careful. The communication must:

    • Remain professional and non-confrontational
    • Avoid detailed justifications beyond policy reasons
    • Avoid providing internal reasoning that could be used as leverage in legal disputes
    • Remind agents of their responsibilities under the Terms of Service
    • Clarify that reviewer identity cannot be disclosed without a valid court order

    If an agent reply has been edited, restricted or removed, the agent must be informed of:

    • The specific policy breach
    • Any future expectations for compliance
    • the consequences of repeated breaches

    1.36                    Communication with solicitors or other legal representatives

    Where a complaint or takedown request is issued by a solicitor or legal representative:

    • WhichPad UK Ltd must reply using factual, neutral and policy-based language
    • Internal or reviewer evidence must not be disclosed
    • Reviewer identity must only be disclosed upon receipt of a valid court order
    • legal correspondence must be escalated under Section 10 before a final response is sent

    Communications must avoid:

    • Acknowledging liability
    • Offering concessions beyond policy
    • Making any comment on the legal merits of the underlying dispute

    1.37                    Communication with regulators or law enforcement

    If a regulator or law enforcement agency contacts WhichPad UK Ltd:

    • The matter must be escalated immediately under Section 10
    • Responses must be issued only by the authorised senior team member
    • Requests for data must be handled in accordance with the Privacy Policy and legal requirements
    • Disclosure of reviewer identity or verification information must only occur where legally

    1.38                    Documentation of communications

    Every communication sent or received must be stored in the case file, including:

    • Emails
    • Internal notes
    • Screenshots
    • Formal letters
    • Updates from reviewers, agents or solicitors
    • This is essential for audit purposes, legal compliance and ensuring consistency across future cases.

    Record-keeping

    • Accurate and comprehensive record-keeping is essential to ensure consistency, accountability and legal compliance in all content moderation and dispute-handling operations. Every case handled under this procedure must be fully documented from intake through to final

    1.40                    Creation and maintenance of the case file

    For every report, complaint, or takedown request, an internal case file must be created. The case file must include:

    • The date and time the report was received
    • The name or identifier of the staff member assigned to the case
    • The identities or profile IDs of all relevant users (reviewer, reporting party, agent)
    • The URL of the review, reply or content in question
    • A summary of the issue raised
    • The initial risk assessment carried out at intake
    • Copies of all evidence submitted by any party
    • Copies of all correspondence sent and received
    • A log of every action taken
    • The final decision and the reasoning for it
    • Any follow-up actions required
    • The case file must remain up-to-date throughout the

    1.41                    Preservation of content and evidence

    Before modifying or removing any content, WhichPad UK Ltd staff must ensure that the following are preserved:

    • The full text of the original review or agent reply
    • Screenshots showing how the review appeared on the platform
    • Any metadata available (for example timestamps, internal IDs)
    • Any evidence submitted by reviewers or reporting parties
    • Evidence must be stored securely and handled in accordance with the Privacy Policy and UK GDPR.

    1.42                    Storage and security

    All case files must be stored in WhichPad UK Ltd’s secure internal moderation system. Access must be limited to:

    • Authorised moderation staff
    • The Senior Reviewer
    • Legal counsel (internal or external) where necessary
    • Reviewer evidence and Personal Data must never be stored on personal devices or unapproved locations.

    1.43                    Retention period

    Case files, including removed reviews or correspondence relating to them, must be retained for as long as reasonably necessary for:

    • Audit purposes
    • legal defence
    • Regulatory compliance
    • Maintaining platform integrity
    • Retention must follow the periods set out in the Privacy Policy for relevant data categories. Where content has been anonymised, it may be retained indefinitely for statistical or operational purposes.

    1.44                    Audit and quality assurance

    To ensure consistency and compliance:

    • The Senior Reviewer must conduct periodic audits of closed case files
    • At least one audit must take place each quarter
    • Audits must assess the quality of reasoning, adherence to policy, and timeliness of responses
    • Any patterns of errors, delays, or policy misapplications must be documented and addressed through training or updated guidance.

    1.45                    Documentation of escalated cases

    Where a case has been escalated internally or externally:

    • The escalation pathway must be documented
    • All legal advice received must be stored in the case file
    • Any communications with regulators or law enforcement must be attached
    • Any court orders must be copied verbatim and retained
    • Cases involving legal threats, reputational risk or requests for reviewer identity must be flagged for long-term retention.

    Escalation rules

    • Certain cases carry heightened legal, safety or reputational risk and must be escalated promptly to senior staff or legal counsel. Escalation ensures that WhichPad UK Ltd handles complex or high-risk matters consistently, lawfully and with appropriate No member of staff should attempt to resolve an escalated matter alone.

    1.47                    When escalation is required

    • A case must be escalated immediately where any of the following

    1.47.1     Legal risk indicators

    Escalation must occur where the report or content involves:

    • Threats of legal action
    • Pre-action correspondence, letters before claim, or solicitor communications
    • Allegations of defamation, fraud, or criminal conduct
    • Requests for reviewer identity or verification evidence
    • Potential breaches of confidentiality obligations
    • Intellectual property or copyright complaints
    • Court orders, injunctions, or requests for urgent relief

    1.47.2     Safety and harm indicators

    Escalation must occur where the content or report includes:

    • Harassment, threats, discrimination or hate speech
    • Disclosures relating to harm, self-harm or the safety of users
    • Doxxing or exposure of sensitive information
    • Content that may endanger the reviewer or a third party

    1.47.3     Data protection and privacy indicators

    Escalation must occur where:

    • A data protection rights request is received (including subject access requests)
    • A reviewer’s Personal Data may need to be disclosed
    • There is a request to alter or delete Personal Data that affects platform integrity
    • The case could create a risk of non-compliance with UK GDPR

    1.47.4     Platform integrity concerns

    Escalation must occur where:

    • There are signs of coordinated fake reviews
    • Multiple accounts appear to be linked to manipulation
    • An agency or business user is engaging in systematic policy breaches
    • The issue has reputational implications for WhichPad UK Ltd
    • The case may set a precedent for future platform decisions

    1.47.5     Business and commercial concerns

    Escalation must occur where:

    • The case could affect relationships with letting agencies or business users
    • The dispute relates to a paying business customer (now or post-monetisation)
    • There is a risk that moderation decisions may impact commercial partnerships

    1.48                    Who to escalate to

    • Escalation must follow the internal hierarchy:
    1. Moderation Lead – First point of escalation for all
    2. Head of Operations / Senior team member – Escalate where the Moderation Lead identifies legal, safety or reputational risk.
    3. Internal or external legal counsel – Required for defamation risk, data disclosure requests, court orders or any case that may expose the company to legal liability.
    4. Directors / Founders – Escalate only where:
    • Litigation is threatened
    • The case may attract media attention
    • The case may affect commercial relationships
    • The case concerns platform-wide integrity or safety

    1.49                    Responsibilities during escalation

    The WhichPad UK Ltd staff member escalating the matter must ensure:

    • The case file is complete and up to date
    • All correspondence is included
    • A short summary of the issue and risks is prepared
    • No commitments or assurances are given to external parties before escalation
    • The content is temporarily hidden if continuing publication risks harm
    • The Senior Reviewer or legal counsel will decide whether:
    • Further evidence is required
    • The review must be removed immediately
    • A response must be delayed pending legal assessment
    • The case requires external legal advice
    • The requester should be informed of the escalation

    1.50                    Temporary measures during escalation

    While escalation is in progress, the WhichPad UK Ltd staff may:

    • Temporarily hide or restrict the review
    • Turn off replies for the property or agent in question
    • Block further edits to the review
    • Suspend any automated actions relating to the review
    • Place the reviewer or reporting party on hold
    • Restrict account functions where needed for safety
    • These measures must be proportionate and recorded in the case

    1.51                    Finalising escalated cases

    After senior or legal review:

    • A final decision must be documented
    • The reasoning must be added to the case file
    • All communications must follow Section 8
    • Any long-term risks identified must be escalated for policy review
    • Learning outcomes must be flagged for moderation training
    • Escalated cases must not be closed until all risks, legal considerations, and communication requirements have been fully addressed.

    Compliance with law enforcement and regulatory bodies

    • WhichPad UK Ltd may occasionally receive correspondence, notices, or requests from law enforcement agencies, regulators, public authorities or other statutory bodies. This section sets out the internal process for handling such requests to ensure full legal compliance, proper escalation and the protection of user rights.

    1.53                    Mandatory escalation

    • All law enforcement or regulatory enquiries must be escalated immediately to the senior moderation lead and to legal No member of staff may respond independently or disclose any information without prior authorisation.

    1.54                    Types of requests covered

    This section applies to any communication from:

    • Police forces in the UK or abroad
    • The courts or judiciary
    • The Information Commissioner’s Office
    • Trading Standards or other consumer regulators
    • Government departments
    • Financial crime, fraud, or safeguarding bodies
    • Any public authority authorised to request information
    • These bodies may request:
    • Disclosure of user data
    • Preservation of data
    • Removal or restriction of content
    • Assistance in criminal or regulatory investigations

    1.55                    Verification of the requesting authority

    Before responding to any request, staff must confirm:

    • The identity of the requesting organisation
    • The official capacity of the individual contacting WhichPad UK Ltd
    • That the request is genuine (for example, from an official domain)
    • that the scope of the request is lawful and sufficiently specific
    • If authenticity cannot be verified, no data must be

    1.56                    Legal basis for disclosure

    WhichPad UK Ltd may only disclose Personal Data where:

    • Required by a court order
    • Required by law or statutory instrument
    • Permitted by UK GDPR (for example for the prevention or detection of crime)
    • Required to comply with regulatory obligations
    • Any uncertainty must trigger legal
    • Reviewer identity or verification evidence must never be disclosed without a valid legal basis, and never voluntarily.

    1.57                    Preservation of data

    If a regulator or law enforcement body requests data preservation:

    • WhichPad UK Ltd staff must immediately secure the relevant content and account data
    • No modifications or deletions may take place
    • All actions must be documented in the case file
    • Preservation does not permit disclosure unless separately

    1.58                    Disclosure process

    Where disclosure is legally required:

    • Legal counsel will specify the scope and type of data that may be disclosed
    • Only the minimum necessary data will be provided
    • No contextual commentary or editorial opinion must be included The disclosure must be logged in the case file, including:
      • Date and time
      • Authority requesting disclosure
      • The legal basis relied on
      • The data disclosed

    1.59                    Content removal requests

    If a regulator or court directs WhichPad UK Ltd to remove content:

    • Removal must occur immediately
    • The reviewer must be notified unless prohibited by law
    • Evidence must be preserved before removal
    • The moderation log must be updated accordingly
    • If an authority merely requests removal, legal counsel must confirm whether the request has binding force.

    1.60                    Confidentiality and non-disclosure obligations

    Staff must not inform the reviewer or reporting party of a law-enforcement enquiry where:

    • The authority prohibits notification, or
    • Doing so would risk obstructing an investigation
    • Legal counsel will determine when, and whether, a user may be

    1.61                    Reporting obligations

    If WhichPad UK Ltd is subject to regulatory reporting duties (for example under consumer protection or information security regulations):

    • The senior leadership team must be informed
    • Any required reports must be submitted by the appropriate authorised person
    • Compliance actions must be documented and retained for audit purposes

    1.62                    Training and awareness

    All staff involved in moderation and legal processes must receive periodic training on:

    • Recognising regulatory notices
    • Lawful disclosure of data
    • Handling of police or court correspondence
    • Privacy and safeguarding obligations
    • Training must be refreshed at least

    Interaction with other internal policies

    • This internal procedure forms part of WhichPad UK Ltd’s wider governance framework for user-generated content and must be applied alongside other internal and external-facing

    1.64                    Relationship with the Website Terms of Service

    The Terms of Service set out the rules for users and agents when interacting with the platform. This procedure provides the internal process for enforcing those rules. If there is any inconsistency between the Terms and internal procedures, the Terms take precedence.

    1.65                    Relationship with the Review Moderation Policy

    The Review Moderation Policy defines which content is permitted, restricted or prohibited. This procedure sets out how WhichPad UK Ltd internally investigates breaches of that policy. All decisions must reflect the standards described in the Moderation Policy.

    1.66                    Relationship with the Privacy Policy

    The Privacy Policy governs how WhichPad UK Ltd collects, stores and uses Personal Data. This procedure incorporates those principles and provides operational guidance on:

    • Verification evidence
    • Handling Personal Data during disputes
    • Responding to data protection requests
    • Restrictions on disclosure of reviewer identities
    • In the event of any conflict, the Privacy Policy

    1.67                    Relationship with the Cookie Policy

    Content and dispute processes may require reference to technical logs or usage data (such as IP addresses, device data or session patterns). Access to such data must comply with the Cookie Policy and all applicable privacy standards.

    1.68                    Relationship with safety and security procedures

    Safety-related reports (harassment, threats, doxxing, discrimination) must be escalated in accordance with Section 10 and addressed consistently with any internal safeguarding or crisis- response procedures.

    1.69                    Relationship with commercial and business policies

    As WhichPad UK Ltd begins monetising platform services, disputes involving business accounts, paying customers or commercial relationships must be handled with heightened care. WhichPad UK Ltd staff must follow all additional commercial protocols adopted by the company as the platform evolves.

    1.70                    Collective application

    These policies should be read together. No single policy overrides the need for:

    • Legal compliance
    • Internal documentation
    • Fairness and neutrality
    • Protection of users’ rights
    • Where uncertainty arises, WhichPad UK Ltd staff must seek guidance from senior leadership or legal counsel.

    Periodic review and updates

    • This internal procedure must be reviewed regularly to ensure it remains current, legally compliant and effective. It must reflect changes in legislation, regulatory guidance, platform functionality, and operational needs.

    1.72                    Scheduled review cycle

    A formal review must take place:

    • Every 12 months as part of the company’s annual policy review cycle, or
    • More frequently where required by changes in law, regulation, or business operations

    1.73                    Trigger-based reviews

    In addition to scheduled reviews, this procedure must be updated where:

    • New legislation or case law affects platform obligations
    • WhichPad UK Ltd introduces new features that change moderation workflows
    • Significant disputes highlight gaps in existing processes
    • Regulators, auditors or legal counsel recommend amendments
    • Monetisation changes introduce new categories of risk
    • Systemic abuse or safety issues reveal weaknesses in policy

    1.74                    Responsibility for review

    The following roles hold responsibility for review and approval:

    • Moderation Lead: drafts amendments and identifies operational issues
    • Legal Counsel: ensures compliance with UK law and platform liability obligations
    • Senior Leadership / Directors: approve final policy versions

    1.75                    Version control

    Every update must be recorded in the policy’s version control log, including:

    • Date of revision
    • Summary of changes
    • Roles responsible
    • Reason for update
    • Cross-references to any new procedures created

    1.76                    Staff notification and training

    Once updated, all moderation and support staff must be:

    • Notified promptly of changes
    • Provided with a summary of the amendments
    • Trained, where necessary, on new processes or obligations
    • Compliance with updated procedures must be

    1.77                    Archiving

    Previous versions must be retained securely for audit, legal and historical reference, in accordance with the retention rules in the Privacy Policy and Section 9 of this document.

    Policy ownership and governance

    • This procedure is a core governance document of WhichPad UK Ltd and forms part of the company’s internal compliance framework. It sets out the responsibilities for oversight, implementation and enforcement of all processes relating to content moderation, takedown requests and dispute handling.

    1.79                    Policy owner

    The primary owner of this policy is the Moderation Lead, who is responsible for:

    • Day-to-day supervision of the policy
    • Ensuring consistent application across all moderation activities
    • Coordinating with staff involved in dispute-handling
    • Identifying emerging operational challenges or risks
    • Proposing updates or amendments during periodic reviews

    1.80                    Executive oversight 

    Ultimate responsibility for this policy rests with the Directors of WhichPad UK Ltd, who are responsible for:

    • Approving new versions of the policy
    • Ensuring that necessary resources are allocated
    • Reviewing escalated disputes and legal risks
    • Ensuring that company-wide governance standards are met
    • Overseeing compliance with regulatory and legal obligations

    1.81                    Legal oversight

    Legal counsel, whether internal or external, is responsible for:

    • Reviewing proposed updates for legal compliance
    • Advising on escalated disputes under Section 10
    • Advising on disclosure processes under Section 11
    • Ensuring that the policy aligns with obligations under defamation law, UK GDPR, consumer protection law and the online platform framework
    • Supporting risk mitigation strategies

    1.82                    Implementation responsibility

    The following teams are responsible for implementing this policy:

    • Moderation Team: operational handling of reports, investigations and outcomes
    • User Support Team: responding to enquiries, assisting reviewers and agents
    • Technical Team: supporting evidence preservation, log access and security
    • Business Account Team: ensuring agents and landlords comply with platform rules, especially once monetisation begins
    • Each team must ensure that their procedures and day-to-day activities align fully with this document.

    1.83                    Reporting and accountability

    The Moderation Lead must submit quarterly reports to the Directors summarising:

    • Volume and types of disputes handled
    • Outcomes and trends
    • Escalated cases and resolution times
    • Emerging risks or systemic issues
    • Recommendations for training, platform safeguards or policy updates
    • Directors may request additional reporting at any

    1.84                    Training and competence

    WhichPad UK Ltd Staff responsible for applying this policy must receive:

    • Onboarding training
    • Annual refresher training
    • Training following any material updates
    • Specialist training where appropriate, such as on defamation risk or data protection
    • Training records must be maintained as part of internal compliance

    1.85                    Non-compliance

    Failure to comply with this policy may:

    • Undermine platform integrity
    • Increase legal or reputational risk
    • Lead to internal disciplinary action where appropriate
    • Any suspected non-compliance must be reported to the Moderation Lead or Directors

    1.86                    Continuous improvement

    This policy is a living document. Feedback from WhichPad UK Ltd staff, reviewers, agents, legal counsel and audits must inform:

    • Iterative improvements
    • Clarification of internal procedures
    • Adjustments to reflect platform growth and monetisation
    • Adaptations to new legal or regulatory developments
    • The Moderation Lead is responsible for ensuring that continuous improvement is embedded into the document’s lifecycle.