This policy explains how Trade Booking ("we", "the service") handles personal data. It is a plain-English summary and a starting template — please have it reviewed for your business before relying on it commercially.
When a business signs up to use Trade Booking, that business is the data controller for its own customers' information. Trade Booking acts as a data processor, storing and processing that information on the business's behalf to provide the service.
We process data to perform our contract with you (providing the service) and for our legitimate interests in running and securing it. You provide your customers' data on the basis that you have a lawful reason to do so.
We only share data with services needed to run Trade Booking:
We do not sell your data or use it for advertising.
We keep your data for as long as your account is active. You can delete records at any time. On account closure we delete or anonymise your data within a reasonable period, except where we must keep it for legal/tax reasons.
Data is encrypted in transit (HTTPS). Passwords are hashed (PBKDF2). Sensitive tokens (banking/HMRC/accounting) are encrypted at rest. Access is scoped so each business only sees its own data.
Under UK GDPR you can request access to, correction of, or deletion of your personal data, and you can object to or restrict processing. Contact us to exercise these. Customers of a business should contact that business (the controller) first.
We use a single essential cookie to keep you signed in. No advertising or third-party tracking cookies.
For any privacy question or request, email the business you booked with, or the Trade Booking account owner.