Privacy Policy

Effective Date: 14 April 2025
Last Updated: 14 April 2025

1. Introduction

Machinery Masters Limited ("we," "us," "our"), a private limited company incorporated on 27 January 2025 with company number 16210616, is a Data Controller under the UK GDPR and Data Protection Act 2018. This Policy outlines how we process personal data collected via our subscription-based online marketplace for industrial machinery.

2. Data We Collect

  • Account Data: Name, email, business name, phone number, payment details.
  • Usage Data: IP address, browser type, device information, page views, session duration, search queries.
  • Content Data: Uploaded listings, enquiry forms, forum posts, messages, and communications.
  • Billing Data: Subscription details, transaction records.

3. Legal Basis for Processing

  • Contract Performance: To provide and manage Platform services, including listings, leads, and forums.
  • Legitimate Interests: To improve functionality, detect fraud, analyze usage, and ensure security.
  • Consent: For optional marketing or analytics (where required).
  • Legal Obligation: To comply with tax, audit, or regulatory requirements.

4. Data Sharing

We do not sell personal data. Data may be shared with:

  • Third-party service providers (e.g., hosting, payment processors, analytics tools) under strict confidentiality agreements.
  • Analytics providers (e.g., Google Analytics) for usage insights, with data anonymized where possible.
  • Regulators or law enforcement if legally required.
  • Successors in the event of a merger or acquisition, subject to equivalent protections.

5. Data Retention

  • Account data is retained for the duration of the account's existence plus six (6) months after closure, unless legally required longer (e.g., tax purposes).
  • Financial records are retained for seven (7) years to comply with HMRC requirements.
  • Usage and content data (e.g., forum posts, listings) are retained for operational purposes and deleted within twelve (12) months of inactivity unless otherwise justified.

6. User Rights

Under the UK GDPR, users have the right to:

  • Access, correct, or delete their data.
  • Object to or restrict processing.
  • Data portability (where applicable).
  • Withdraw consent at any time (where processing relies on consent).

Requests should be submitted to [email protected], with a response within one (1) month, extendable by two (2) months if complex, with written justification.

7. Security Measures

We implement industry-standard protections, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Access controls and multi-factor authentication for staff.
  • Regular security audits and penetration testing.

Users are responsible for securing their login credentials.

8. International Transfers

Data may be transferred outside the UK/EEA to service providers, subject to UK adequacy decisions or Standard Contractual Clauses ensuring equivalent protection.

9. Complaints

Users may lodge complaints with the Information Commissioner's Office (ICO) at www.ico.org.uk if dissatisfied with our response.

10. Contact

For queries, contact [email protected] or write to our Registered Address: 4 Cedar Park, Cobham Road, Ferndown Industrial Estate, Wimborne, England, BH21 7SF.