Privacy Policy

Bid Buddy customer privacy notice

This privacy notice tells you what to expect us to do with your personal information.

·       Contact details

·       What information we collect, use, and why

·       Lawful bases and data protection rights

·       Where we get personal information from

·       How long we keep information

·       How to complain

Contact details

Email

hello@bid-buddy.co.uk

What information we collect, use, and why

We collect or use the following personal information for the operation of client or customer accounts:

·       Names and contact details

·       Addresses

We collect or use the following personal information for information updates or marketing purposes:

·       Names and contact details

·       Marketing preferences

We collect or use the following personal information to comply with legal requirements:

·       Name

·       Contact information

We collect or use the following personal information to protect client welfare:

·       Names and contact information

·       Client account information

We collect or use the following personal information for dealing with queries, complaints or claims:

·       Names and contact details

·       Addresses

·       Customer or client accounts and records

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

·       Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.

·       Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.

·       Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.

·       Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.

·       Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.

·       Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.

·       Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

·       Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

·       Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

·       Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

·       Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

·       Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

·       Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information to comply with legal requirements:

·       Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

·       Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

·       Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information to protect client welfare are:

·       Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

·       Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

·       Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

·       Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

·       Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

·       Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Where we get personal information from

·       Directly from you

·       Publicly available sources

How long we keep information

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes.
Retention Periods by Data Category
Customer Account Data

Active accounts: Retained for the duration of the account relationship
Inactive accounts: Deleted 3 years after last activity, unless legal obligations require longer retention
Deletion: Upon account closure, personal data is deleted within 30 days, except where retention is required by law

Marketing and Communications

Email marketing lists: Retained until consent is withdrawn or 3 years of inactivity
Marketing preferences: Deleted within 30 days of withdrawal of consent
Communication records: Retained for 2 years from last interaction

Transaction and Financial Records

Invoices and receipts: Retained for 7 years for tax purposes

Website and Analytics Data

Website cookies: Retained as specified in our Cookie Policy (typically 1-24 months)
Analytics data: Anonymized after 14 months; aggregated data retained indefinitely
Server logs: Retained for 12 months

Legal and Compliance

Contract documents: Retained for 7 years after contract expiration
Legal correspondence: Retained for 7 years or duration of legal proceedings plus 7 years
Consent records: Retained for 3 years after consent is withdrawn

Your Rights
Under GDPR, you have the right to:

Request access to your personal data
Request correction of inaccurate data
Request deletion of your data (right to be forgotten)
Object to processing of your data
Request restriction of processing
Request data portability

To exercise any of these rights, please contact us at [your contact email/address].
Exceptions to Deletion
We may retain personal data beyond the periods specified above when:

Required by law or regulation
Necessary for legal claims or defense
You have specifically consented to longer retention
The data has been anonymized for statistical purposes

For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.