1. Data Controller
The data controller responsible for your personal data is:
If you have any questions or concerns about how we handle your personal data, or if you wish to exercise any of your rights, please contact us using the details above.
2. Personal Data We Collect
We may collect and process the following categories of personal data depending on your relationship with us:
Account and identity data
- Full name and job title
- Business name, trading name, and registered address
- Company registration number and VAT number
- Email address, telephone number, and correspondence address
Trade account application data
- Trade references and credit information provided during the application process
- Proof of business documentation
Transactional data
- Order history, purchase details, and delivery records
- Payment and billing information
- Customer service and support correspondence
Technical and usage data
- IP address, browser type, device information, and operating system
- Pages visited, time spent on our website, and referral sources
- Cookie data and similar tracking technologies (see our Cookie Policy for details)
3. How We Use Your Data
We use your personal data for the following purposes:
- Processing trade account applications — to evaluate your eligibility, verify business credentials, and set up your account
- Fulfilling orders — to process, dispatch, and deliver your orders accurately and on time
- Account management — to maintain your trade account, process payments, manage credit terms, and provide customer support
- Marketing communications — to send you product updates, promotions, and industry news where you have provided your consent or where we have a legitimate interest to do so. You can opt out at any time
- Improving our services — to analyse website usage, understand customer needs, develop new products, and enhance the overall experience
- Legal and regulatory compliance — to meet our obligations under applicable laws, regulations, and industry standards
- Fraud prevention and security — to protect our business, our customers, and the integrity of our systems
4. Legal Basis for Processing
We only process your personal data where we have a lawful basis to do so. The legal bases we rely upon include:
| Legal Basis | When It Applies |
|---|---|
| Contract performance | Processing your trade account application, fulfilling orders, managing your account, and providing our services to you. |
| Legitimate interest | Improving our products and services, analysing website usage, fraud prevention, and sending marketing communications to existing trade customers about similar products and services. |
| Consent | Sending marketing communications to prospective customers, placing non-essential cookies, and any other processing where we specifically request your consent. |
| Legal obligation | Retaining financial records for tax and accounting purposes, and complying with regulatory requirements. |
Where we rely on consent, you have the right to withdraw it at any time by contacting us at privacy@dealdirecttrade.com. Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.
5. Who We Share Your Data With
We may share your personal data with the following categories of third parties, strictly on a need-to-know basis and under appropriate contractual safeguards:
- Logistics and delivery partners — to fulfil and deliver your orders. This includes couriers, freight services, and warehouse operators
- Payment processors — to securely process payments for your orders. Payment data is handled in accordance with PCI DSS standards
- IT and technology providers — to host our website, manage our systems, and provide essential business tools
- Professional advisors — including accountants, auditors, and legal counsel where necessary for the operation of our business
- Regulatory authorities — where required by law, court order, or regulatory obligation
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
6. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. The following table outlines our general retention periods:
| Data Category | Retention Period |
|---|---|
| Active trade account data | Duration of the business relationship, plus 6 years after account closure |
| Order and transaction records | 6 years from the date of the transaction (in accordance with HMRC requirements) |
| Unsuccessful trade applications | 12 months from the date of the decision |
| Marketing consent records | Until consent is withdrawn, plus 12 months |
| Website usage and cookie data | As specified in our Cookie Policy |
| Customer support correspondence | 3 years from the date of the last interaction |
When personal data is no longer required, it is securely deleted or anonymised in accordance with our data retention procedures.
7. Your Rights Under GDPR
Under the UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions and exemptions:
- Right of access — you have the right to request a copy of the personal data we hold about you
- Right to rectification — you have the right to request that we correct any inaccurate or incomplete personal data
- Right to erasure — you have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it
- Right to restriction of processing — you have the right to request that we restrict the processing of your personal data in certain circumstances
- Right to data portability — you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another controller where technically feasible
- Right to object — you have the right to object to the processing of your personal data where we are relying on a legitimate interest, or where data is processed for direct marketing purposes
- Rights related to automated decision-making — you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not currently carry out any solely automated decision-making
To exercise any of these rights, please contact us at privacy@dealdirecttrade.com. We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, in which case we will notify you accordingly.
If you are unsatisfied with how we have handled your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
8. Cookies
Our website uses cookies and similar technologies to provide essential functionality, analyse usage patterns, and enhance your browsing experience. Cookies are small text files placed on your device when you visit our website.
We use strictly necessary cookies to ensure the website functions correctly. Additional cookies for analytics and marketing purposes are only set with your consent.
For full details on the cookies we use, how they work, and how to manage your preferences, please refer to our Cookie Policy.
9. International Data Transfers
We primarily store and process your personal data within the United Kingdom and the European Economic Area (EEA). However, some of our third-party service providers may process data outside the UK and EEA.
Where international transfers occur, we ensure that appropriate safeguards are in place to protect your personal data. These safeguards may include:
- Transfers to countries that the UK Government has determined provide an adequate level of data protection
- Standard contractual clauses approved by the UK Information Commissioner's Office
- Other legally recognised transfer mechanisms
You may contact us at privacy@dealdirecttrade.com to obtain further information about the specific safeguards applied to international transfers of your data.
10. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include:
- Encryption of data in transit and at rest
- Access controls and authentication procedures
- Regular security assessments and monitoring
- Staff training on data protection and information security
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is entirely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practicable standards.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any changes will be posted on this page with an updated "Last updated" date.
Where changes are significant, we will take reasonable steps to notify you directly, such as by email or by placing a prominent notice on our website. We encourage you to review this page periodically to stay informed about how we protect your data.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us:
Deal Direct Trade Ltd
Email: privacy@dealdirecttrade.com
We aim to respond to all enquiries within 5 working days.