Privacy Policy

1. Introduction and Data Controller Information

Slatebay Supply ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and disclose your personal information when you visit our website, purchase our products, or interact with our services.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered address is 42 Egerton Rd, Fallowfield, Manchester M14 6RA, UK.

This policy applies to all personal information we collect through our website, direct communications, business relationships, and any other interactions you may have with us.

2. Information We Collect

Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

• Contact details: name, email address, phone number, postal address
• Business information: company name, job title, industry sector
• Order information: product preferences, purchase history, delivery instructions
• Payment information: billing address, payment method details (processed securely by third-party providers)
• Communication records: correspondence, support requests, feedback, and survey responses
• Account information: login credentials, preferences, and account settings
• Marketing preferences: communication preferences and consent records

Information We Collect Automatically

When you visit our website, we automatically collect certain technical information:

• Device information: IP address, browser type and version, operating system
• Usage data: pages visited, time spent on pages, click-through rates
• Referral information: referring website, search terms used
• Location data: general geographic location based on IP address
• Cookie data: as described in our Cookie Policy

Information from Third Parties

We may receive information about you from:

• Business partners and suppliers in B2B transactions
• Payment processors and financial institutions
• Delivery and logistics providers
• Professional advisors and service providers

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary for fulfilling orders, providing services, and managing customer relationships
• Legitimate Interests: Business operations, fraud prevention, security, and improving our services
• Legal Compliance: Meeting regulatory requirements, tax obligations, and legal processes
• Consent: Marketing communications and optional services where you have given explicit consent
• Vital Interests: Protecting health, safety, or security in emergency situations

4. How We Use Your Information

We use your personal information for the following purposes:

• Order Processing and Fulfillment: Processing orders, arranging delivery, handling returns and refunds
• Customer Service: Responding to inquiries, providing technical support, resolving complaints
• Account Management: Creating and maintaining customer accounts, managing preferences
• Payment Processing: Processing payments, preventing fraud, maintaining financial records
• Business Operations: Managing supplier relationships, inventory, and business analytics
• Legal Compliance: Meeting regulatory requirements, responding to legal requests
• Marketing and Communications: Sending promotional materials, product updates (with consent)
• Website Improvement: Analyzing usage patterns, improving user experience
• Security: Protecting against fraud, unauthorized access, and security threats

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist in our operations:

• Payment processors and financial institutions
• Shipping and logistics companies
• IT service providers and hosting companies
• Professional advisors (legal, accounting, consulting)
• Customer support and communication platforms

Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our terms of service and other agreements
• Protect our rights, property, or safety, or that of others
• Investigate and prevent fraud or security issues

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to appropriate confidentiality protections.

6. International Data Transfers

Your personal information may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by UK authorities
• Binding corporate rules for multinational organizations
• Certification schemes and codes of conduct

We regularly review and update our international transfer mechanisms to ensure continued compliance with UK data protection laws.

7. Data Security

We implement comprehensive technical and organizational measures to protect your personal information:

Technical Safeguards

• Encryption of data in transit and at rest
• Secure hosting infrastructure with regular security updates
• Multi-factor authentication for system access
• Regular security assessments and penetration testing
• Automated backup and disaster recovery systems

Organizational Measures

• Staff training on data protection and security practices
• Access controls and need-to-know principles
• Regular review of data processing activities
• Incident response and breach notification procedures
• Vendor security assessments and contractual obligations

While we implement robust security measures, no method of transmission or storage is 100% secure. We continuously monitor and improve our security practices to protect your information.

8. Your Rights Under UK Data Protection Law

You have the following rights regarding your personal information:

Right of Access

You can request access to your personal information and receive a copy of the data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal information.

Right to Erasure

You can request deletion of your personal information in certain circumstances, such as when it's no longer necessary for the original purpose.

Right to Restrict Processing

You can request that we limit how we use your personal information in specific situations.

Right to Data Portability

You can request transfer of your personal information to another organization in a structured, commonly used format.

Right to Object

You can object to processing based on legitimate interests, including direct marketing.

Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling that significantly affects you.

To exercise these rights, please contact us using the information provided below. We will respond within one month of receiving your request.

9. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Customer accounts: Until account closure plus 7 years for legal and tax purposes
• Order and transaction records: 7 years from transaction date for accounting and legal compliance
• Marketing communications: Until you withdraw consent or unsubscribe
• Website analytics: Maximum 26 months from collection
• Support communications: 3 years from last contact for service improvement
• Legal and compliance records: As required by applicable laws and regulations

We regularly review our retention periods and securely delete information that is no longer required.

10. Cookies and Online Tracking

Our website uses cookies and similar technologies to enhance your browsing experience and provide essential functionality. We use:

• Essential cookies: Required for website functionality and security
• Functional cookies: Remember your preferences and settings
• Analytics cookies: Help us understand how visitors use our website (with consent)

For detailed information about our cookie usage, please see our Cookie Policy. You can manage your cookie preferences through our cookie banner or browser settings.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website with a new "Last Updated" date
• Notify you of material changes via email or prominent website notice
• Obtain your consent for changes that significantly affect how we use your information
• Maintain previous versions for reference and compliance purposes

We encourage you to review this policy periodically to stay informed about how we protect your information.