Privacy Policy
Version 1.0.0
Effective from
1. Introduction
Go Find Part Limited ("GoFindPart", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our Platform.
Go Find Part Limited is the data controller for personal data processed through the Platform. We are registered in England and Wales.
This Privacy Policy applies to all users of the Platform, including Buyers, Sellers, and visitors.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Personal Data We Collect
2.1 Information You Provide
When you register for an account and use the Platform, we collect the following categories of personal data:
- Account information: name, email address, phone number, business name, business registration details, and account type (Buyer, Seller, or Both).
- Identity verification: information required for Stripe Connect onboarding (for Sellers), including identity documents and bank account details. This data is processed by Stripe and is subject to Stripe's own privacy policy.
- Transaction data: details of Requests created, Offers submitted, accepted Transactions, pricing, delivery information, and payment records.
- Communication data: messages exchanged through the Platform, dispute evidence, and support correspondence.
- Delivery information: delivery addresses, pickup locations, and geolocation data used for delivery cost calculation.
2.2 Information We Collect Automatically
- Device and usage data: IP address, browser type, operating system, pages visited, and interaction patterns.
- Cookies and similar technologies: as described in our separate Cookies Policy.
- Analytics data: anonymised usage statistics collected through our analytics system (subject to your consent).
3. How We Use Your Personal Data
We use your personal data for the following purposes and on the following lawful bases:
| Purpose | Lawful Basis |
|---|---|
| Providing and operating the Platform | Performance of contract |
| Processing Transactions and payments | Performance of contract |
| Calculating delivery costs and routing | Legitimate interests |
| Managing your account and communications | Performance of contract |
| Fraud prevention and security | Legitimate interests |
| Resolving disputes between Buyers and Sellers | Performance of contract |
| Calculating Seller Tier and Priority Score | Legitimate interests |
| Compliance with legal obligations (e.g. anti-money laundering) | Legal obligation |
| Analytics and Platform improvement (with consent) | Consent |
| Marketing communications (with consent) | Consent |
4. Sharing Your Personal Data
We may share your personal data with the following recipients:
- Other Platform users: limited information is shared between Buyers and Sellers to facilitate Transactions (e.g. business name, delivery address for accepted orders).
- Stripe: payment processing and Seller identity verification. Stripe acts as an independent data controller.
- Delivery providers: where a Delivery Service is selected, we share necessary details (addresses, parcel dimensions, contact information) with courier partners (Gophr, Stuart, CitySprint, DPD, Yodel).
- Cloud service providers: hosting (Render), database (Neon), caching (Upstash), email (AWS SES), and storage (AWS S3) providers who process data on our behalf under data processing agreements.
- Professional advisers: legal, accounting, and audit advisers where necessary.
- Law enforcement and regulatory bodies: where required by law or in response to valid legal process.
We do not sell your personal data to third parties.
5. International Transfers
Your personal data may be transferred to and processed in countries outside the United Kingdom where our service providers are located. Where this occurs, we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements (UK IDTAs) or reliance on adequacy decisions.
6. Data Retention
We retain personal data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until deletion requested | Service provision |
| Transaction records | 7 years | Legal and tax requirements |
| Audit logs | 7 years | Security and compliance |
| Dispute evidence | 2 years from resolution | Legal claims limitation |
| Operational logs | 90 days | Debugging and security |
| Analytics data (anonymised) | 26 months | Platform improvement |
After the applicable retention period, personal data is securely deleted or anonymised.
7. Your Rights
Under the UK GDPR, you have the following rights:
- Right of access: you may request a copy of the personal data we hold about you. You can generate a data export through the Platform at any time.
- Right to rectification: you may request correction of inaccurate or incomplete data through your account settings or by contacting us.
- Right to erasure: you may request deletion of your personal data, subject to our legal retention obligations.
- Right to data portability: you may request your data in a structured, machine-readable format (JSON).
- Right to restrict processing: you may request that we restrict processing of your data in certain circumstances.
- Right to object: you may object to processing based on our legitimate interests.
- Rights relating to automated decision-making: our Seller Tier system involves automated scoring. You have the right to request human review of decisions that significantly affect you.
To exercise any of these rights, please contact us at privacy@gofindpart.com. We will respond within one month of receiving your request.
8. Consent Management
Where we rely on consent as the lawful basis for processing (e.g. analytics, marketing), you may withdraw your consent at any time through the consent management controls on the Platform. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Our consent management system operates three tiers:
- Necessary: essential cookies and processing required for the Platform to function. These cannot be disabled.
- Functional: cookies and processing for user preferences (theme, locale). Requires your opt-in consent.
- Analytics: anonymised usage analytics. Requires your opt-in consent.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), secure password hashing, session management, rate limiting, and regular security assessments. Card payment data is processed by Stripe and never touches our servers (PCI DSS compliance via Stripe).
10. Children
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified to you by email and/or a prominent notice on the Platform. The "Effective Date" at the top of this policy indicates when it was last revised.
12. Complaints
If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
13. Contact
For any questions about this Privacy Policy or how we process your personal data, please contact:
Data Protection Contact
Go Find Part Limited
Email: privacy@gofindpart.com