GDPR Compliance

Our Commitment to GDPR

TradeTrackHQ is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and have implemented comprehensive measures to protect your personal data.

Your Rights Under GDPR

As a user of TradeTrackHQ, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection team:

• Email: privacy@tradetrackhq.com
• Subject line: "GDPR Request - [Your Right]"

We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days with notice.

Data We Collect

We collect and process the following categories of personal data:

• Identity Data: Name, username, business name
• Contact Data: Email address, phone number, business address
• Financial Data: Payment card details (processed by Stripe)
• Technical Data: IP address, browser type, device information
• Usage Data: How you use our service and features
• Customer Data: Information about your customers that you enter

Legal Basis for Processing

We process your data based on the following legal grounds:

• Performance of Contract: To provide the TradeTrackHQ service to you
• Legitimate Interests: To improve our service and communicate with you
• Consent: For marketing communications (which you can withdraw at any time)
• Legal Obligation: To comply with applicable laws and regulations

Data Security Measures

We implement appropriate technical and organisational measures to protect your data:

• 256-bit SSL/TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Employee training on data protection
• Incident response procedures

Data Storage Location

Your data is stored in secure data centres located in the United Kingdom and European Union. We use Amazon Web Services (AWS) infrastructure with data centres in London (eu-west-2).

Data Retention

We retain your personal data only for as long as necessary:

• Active accounts: Data retained while your account is active
• After cancellation: Data retained for 30 days, then deleted
• Legal requirements: Some data may be retained longer for legal compliance
• Backups: Removed from backups within 90 days of deletion

Third-Party Processors

We use carefully selected third-party services to help provide TradeTrackHQ:

• Amazon Web Services (AWS): Cloud infrastructure (UK/EU)
• Stripe: Payment processing (GDPR compliant)
• Amazon SES: Email delivery (EU region)

All processors are bound by Data Processing Agreements and must meet our security standards.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours
• Notify affected users without undue delay
• Document the breach and remediation steps taken

Your Responsibilities as a Data Controller

When you store your customers' personal data in TradeTrackHQ, you act as a Data Controller. You are responsible for:

• Obtaining appropriate consent or legal basis to store customer data
• Responding to data subject requests from your customers
• Ensuring the accuracy of customer data you enter
• Using customer data only for legitimate business purposes

Contact Our Data Protection Team

For any GDPR-related queries or to exercise your rights:

• Email: privacy@tradetrackhq.com
• Address: TradeTrackHQ, United Kingdom

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113