1. Introduction
We are committed to safeguarding your privacy under the UK GDPR and the Data Protection Act 2018. This policy explains how we collect, use, and protect personal data when you visit our site or interact with us.

2. Data Controller
We act as the data controller—deciding what personal data is processed and why.

3. Types of Data Collected
We collect only the data needed, including:

  • Personal data (e.g., name, email address)
  • Technical data (e.g., IP address, browser type)
  • Behavioral data (e.g., referral activity, analytics)

4. Purpose of Collection
Data is used for:

  • Affiliate tracking and commission management
  • Analytics to improve user experience
  • Email communications and marketing (with consent)

5. Legal Basis for Processing
We process data based on:

  • Consent (for newsletters, marketing)
  • Contractual necessity (for managing affiliate relationships)
  • Legitimate interests (analytics and improving our service), where appropriate

6. Consent & Cookie Use
We only place non-essential cookies or gather tracking data after obtaining your explicit consent. You may accept or reject different cookie categories, and withdraw consent at any time.

7. Data Minimisation & Purpose Limitation
We collect only what’s necessary for clearly defined purposes and don’t repurpose data without further consent.

8. Data Subject Rights
You have the right to:

  • Access your data
  • Rectify inaccuracies
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Port your data
  • Withdraw consent at any time

9. Data Retention
Personal data is retained only as long as needed for business or legal purposes. It is deleted or anonymised promptly once no longer required.

10. Security Measures
We protect data with appropriate technical and organisational safeguards, including encryption, secure storage, access controls, and staff training.

11. Third-Party Sharing
We may share data with third parties (e.g., analytics providers, affiliate networks, email services) only under GDPR-compliant agreements, ensuring they uphold equivalent data protection standards.

12. International Transfers
If your data is transferred outside the UK, we apply adequate safeguards—such as standard contractual clauses—to ensure continued protection.

13. Accountability
We document our data processing activities and have measures in place to demonstrate GDPR compliance. We can provide records if required.

14. Breach Notification
In case of a data breach affecting your rights, we will notify the Information Commissioner’s Office (ICO) in line with legal requirements and inform you if there’s any risk to your privacy.

15. Complaints & Contact
If you have concerns or wish to exercise your data rights, you may contact our Data Protection Officer at [email protected]. You also have the right to lodge a complaint directly with the ICO.