Cardiff Chamber Logo

Privacy Policy

Last updated: January 2025

1. Introduction

Cardiff Chamber Business Directory ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We may collect and process the following categories of personal data:

  • Business Information: Business name, trading name, company registration number, business address, industry category, and business description.
  • Contact Details: Name, email address, telephone number, and website URL provided during registration or enquiry submissions.
  • Account Data: Email address and hashed password for user account authentication, subscription tier, and billing history.
  • Enquiry Data: Information submitted through quote request forms, including project descriptions and contact preferences.
  • Technical Data: IP address, browser type, device information, and pages visited, collected via cookies and server logs.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain the business directory service.
  • To process your business listing and keep it up to date.
  • To facilitate enquiries and quote requests between customers and listed businesses.
  • To manage your account, subscriptions, and billing.
  • To communicate with you about your account, listings, and service updates.
  • To improve our website, services, and user experience.
  • To comply with legal obligations.

4. Cookies

We use cookies to operate our website effectively. Essential cookies are required for authentication and core functionality. We may also use analytics cookies to understand how visitors interact with our site. For full details, please see our Cookie Policy.

5. Third-Party Services

We use the following third-party services that process data on our behalf:

  • Supabase: Our database and authentication provider. Business and account data is stored securely on Supabase's infrastructure, hosted within the EU.
  • Stripe: Our payment processor. Stripe handles all billing and subscription data. We do not store your full card details on our servers. Please refer to Stripe's Privacy Policy for details on how they handle your data.

These services act as data processors under our instructions and are bound by data processing agreements compliant with UK GDPR.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. If you close your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes (typically up to 6 years for financial records under UK law).

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to our processing of your data where we rely on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at the details below. We will respond within one calendar month.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. This includes encryption in transit (HTTPS), secure authentication, and access controls on our systems.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or contacting you directly. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]

Data Controller: Cardiff Chamber Business Directory

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.