Privacy Policy & UK GDPR Statement
1. Introduction & Who We Are
TradeWebs UK ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website (`tradewebs.co.uk`), subscribe to our Website-as-a-Service (WaaS) packages, or interact with our client onboarding portals.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is TradeWebs UK. If you have any questions regarding data protection, please contact our privacy officer at: `tradewebs.agency@gmail.com`.
2. Personal Data We Collect
We collect and process the following categories of personal data necessary to deliver our agency services:
- Identity & Contact Data: Full name, trade/company name, email address, postal/service address, and mobile/WhatsApp phone numbers.
- Business & Technical Data: Domain names, service area locations, business logos, competitor references, and website content provided during onboarding.
- Financial & Transaction Data: Subscription status, billing history, and payment confirmation details. **Note:** All credit/debit card processing is handled securely by our regulated payment processor, Stripe. We do not collect, view, or store raw credit card numbers on our servers.
- Usage & Communication Data: WhatsApp chat logs, email correspondence, and technical form submission timestamps via Netlify Forms.
3. Lawful Basis & How We Use Your Data
We process your personal data under the following lawful bases under UK GDPR Article 6:
- Performance of a Contract (Art. 6(1)(b)): To register your domain, build and host your custom website, process monthly retainer payments via Stripe, and provide ongoing WhatsApp customer support and content updates.
- Legitimate Interests (Art. 6(1)(f)): To improve our agency service offerings, maintain website hosting security, prevent fraud, and send essential administrative notices.
- Legal Obligation (Art. 6(1)(c)): To maintain accurate HMRC financial accounting records and comply with UK business compliance regulations.
4. Data Sharing & Third-Party Processors
We never sell, rent, or trade your personal data to third-party data brokers or marketing agencies. We share data strictly with vetted, GDPR-compliant infrastructure providers necessary to operate our service:
- Stripe: For secure PCI-DSS compliant subscription billing and payment processing.
- Netlify & AWS: For cloud website hosting, SSL encryption, and automated lead enquiry form capture (`data-netlify="true"`).
- Google Workspace & Zoho: For professional agency email communication and domain DNS management.
- WhatsApp (Meta): For direct, encrypted day-to-day client communication and photo updates.
5. Data Security & Retention
We implement robust technical and organizational security measures to protect your data against unauthorized access, loss, or alteration. All web traffic and form submissions are encrypted via industry-standard Transport Layer Security (TLS/SSL HTTPS).
We retain client personal data for the duration of your active subscription retainer. Upon contract termination or cancellation, we retain basic billing records for six (6) years as required by UK tax law (HMRC), after which all personal onboarding files and correspondence are securely deleted.
6. Your UK GDPR Statutory Rights
Under the UK Data Protection Act 2018 and UK GDPR, you hold the following statutory rights regarding your personal data:
- Right of Access (Subject Access Request): You have the right to request a copy of all personal data we hold about you.
- Right to Rectification: You can request immediate correction of any inaccurate or incomplete business or contact details.
- Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data when it is no longer necessary for the performance of our WaaS contract or legal compliance.
- Right to Restrict or Object to Processing: You have the right to object to processing based on legitimate interests or direct marketing.
- Right to Data Portability: You may request your content and data in a structured, commonly used machine-readable format.
To exercise any of these rights free of charge, please email `tradewebs.agency@gmail.com`. We will respond to all legitimate requests within thirty (30) calendar days.
7. Cookies & Website Tracking
Our public website (`tradewebs.co.uk`) uses minimal, strictly necessary technical cookies required for secure cloud routing and form submission integrity. We do not use intrusive third-party advertising tracking pixels or cross-site behavioral cookies.
8. Complaints & Supervisory Authority
If you have any concerns about our use of your personal data, you have the right to lodge a complaint with the UK supervisory authority: the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (Website: `https://ico.org.uk`).