Privacy Policy

Last Updated: 2025

This Privacy Policy (“Policy”) sets out how Crack On Mate UK Ltd (“Crack On Mate”, “we”, “us”, “our”) collects, uses, discloses, retains, transfers, and protects personal data when individuals (“Users”, “you”, “your”) access or use the Crack On Mate online marketplace (“Platform”).

Crack On Mate is firmly committed to safeguarding your personal data and ensuring full compliance with:

• the UK General Data Protection Regulation (UK GDPR);
• the Data Protection Act 2018;
• the Privacy and Electronic Communications Regulations (PECR); and
• applicable UK industry, consumer, and e-commerce regulations.

By accessing or using the Platform, creating an account, submitting information, or engaging in any Transaction, you acknowledge that you have read, understood, and agreed to the processing of your personal data in accordance with this Policy.

1. DATA CONTROLLER

The data controller responsible for your personal data is:

Crack On Mate UK Ltd

Website: www.CrackOnMate.com/contact-us   

Crack On Mate determines the purposes and means of processing your personal data.

Data Protection Contact

Crack On Mate has appointed a designated Data Protection Officer (DPO) or GDPR contact responsible for overseeing compliance with UK data protection laws and handling all data subject requests.

2. PERSONAL DATA WE COLLECT

We collect personal data only where lawful and necessary to operate the Platform, fulfil our contractual obligations, comply with statutory duties, or pursue our legitimate business interests.

2.1 Information You Provide Voluntarily

• Full name
• Email address
• Telephone number
• Billing and postal address
• Account credentials
• User profile information
• Messages, submitted inquiries, and uploaded content
• Listings, descriptions, images, certifications, and service-related information

2.2 Identity Verification & Compliance Documentation (KYC/AML)

Collected strictly for fraud prevention, regulatory compliance, and platform integrity:

• Government-issued identification
• Proof of address
• Proof of equipment ownership or lawful possession
• Insurance documents
• Business incorporation certificates
• Compliance documentation (e.g., PUWER, UKCA/CE certificates)

2.3 Transactional & Financial Data

• Purchase, rental, and service records
• Payouts, deposits, and commission calculations
• Refunds, chargebacks, and dispute histories
  Financial data is processed securely by regulated third-party payment processors.

2.4 Technical, Security & Analytics Data

Collected automatically through cookies, logs, and analytic tools:

• IP address and device identifiers
• Browser and operating system information
• Login activity and access times
• Pages viewed and usage patterns
• Risk scoring and behavioural analytics for fraud prevention

2.5 Communications & Reviews

• Messages exchanged within the Platform
• Uploaded reviews, comments, and ratings
• Customer support interactions

3. LEGAL BASES FOR PROCESSING PERSONAL DATA

We rely on the following lawful bases under UK GDPR:

3.1 Contractual Necessity (Art. 6(1)(b))

Used to:

• Create and manage accounts
• Facilitate purchases, rentals, and service arrangements
• Process payments, chargebacks, and payouts
• Provide support and resolve disputes

3.2 Legal Obligations (Art. 6(1)(c))

Used for:

• Fraud and AML checks
• Tax, accounting, and audit obligations
• Compliance with court orders, investigations, or statutory requirements

3.3 Legitimate Interests (Art. 6(1)(f))

Used to:

• Maintain Platform security
• Detect and prevent fraudulent or abusive conduct
• Conduct internal monitoring, risk analysis, and operational improvements
• Enhance user experience and ensure Platform integrity

3.4 Consent (Art. 6(1)(a))

Used where required for:

• Marketing communications
• Non-essential cookies
  Consent may be withdrawn at any time.

4. PURPOSES OF DATA PROCESSING

We process your personal data for the following purposes:

• Operating, maintaining, and improving the Platform
• Facilitating Transactions between Buyers and Sellers
• Conducting identity verification and fraud prevention checks
• Enforcing Platform rules, Seller Terms, and user compliance
• Managing disputes, chargebacks, and regulatory requests
• Ensuring legal, financial, and safety compliance
• Providing customer support and responding to inquiries
• Analysing Platform performance and user behaviour
• Enhancing user experience and operational efficiency

5. DATA MINIMISATION & STRICT PURPOSE LIMITATION

We collect only the minimum personal data necessary for lawful purposes and will not process personal data in a manner incompatible with those purposes unless authorised by law.

6. DISCLOSURE & SHARING OF PERSONAL DATA

6.1 To Buyers or Sellers

Where necessary to facilitate, manage, or complete a Transaction, Crack On Mate may disclose limited personal data between Buyers and Sellers, including information required to coordinate orders, deliveries, collections, payments, or customer support.

6.2 Order Fulfilment Data Sharing

Where a Buyer places an order, Crack On Mate will share limited personal data with the relevant Seller strictly for the purpose of processing and fulfilling the Transaction.

Such data may include the Buyer’s name, delivery or collection address, and contact details where required for order coordination, delivery, or customer support.

Sellers are permitted to use such personal data solely for order fulfilment purposes and must process it in accordance with the UK GDPR and the Data Protection Act 2018. Sellers must not retain, reuse, or process Buyer data for marketing or any unrelated purpose.

6.3 Service Providers & Third Parties

Crack On Mate may share personal data with trusted third-party service providers acting on its behalf, including payment processors, hosting providers, analytics services, and customer support tools, where necessary for platform operation and compliance.

Such third parties are contractually required to process personal data in accordance with applicable data protection laws.

6.4 Legal & Regulatory Disclosure

Crack On Mate may disclose personal data where required to comply with a legal obligation, regulatory request, court order, or to protect its legal rights, users, or the integrity of the Platform.

6.5 International Transfers

Where personal data is transferred outside the United Kingdom, Crack On Mate ensures appropriate safeguards are in place, including adequacy decisions or approved contractual safeguards, in accordance with UK GDPR.

6.6 Data Minimisation & Safeguards

Crack On Mate shares only the minimum personal data necessary for the relevant purpose and implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

7. COOKIES & TRACKING TECHNOLOGIES

Cookies and similar technologies are used to:

• enable essential Platform functionality
• maintain session integrity
• detect fraud and unauthorised access
• analyse usage and improve performance

Details are provided in our Cookie Policy.

8. DATA RETENTION POLICY

We retain personal data for no longer than necessary to fulfil the purposes for which it was collected, or as required by law.
Retention periods include:

• User account and profile data: up to 6 years after account closure
• Transaction and financial records: 6 years (HMRC compliance)
• KYC and identity data: up to 7 years (AML/fraud obligations)
• Communications and support interactions: 3 years
• Marketing consents: until consent is withdrawn

Data may be retained longer where required for legal claims or investigations.

9. AUTOMATED DECISION-MAKING & PROFILING

Automated tools may be used for:

• fraud detection
• behavioural scoring
• transaction risk analysis
• payout verification

You retain the right to:

• request human review
• contest automated decisions
• receive a clear explanation of the logic involved

10. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the UK, we implement lawful and adequate safeguards, including:

• Standard Contractual Clauses (SCCs)
• International Data Transfer Agreements (IDTAs)
• Approved adequacy decisions
• Vendor-specific binding safeguards

11. DATA SECURITY MEASURES

We employ robust technical and organisational measures designed to protect personal data, including:

• encryption during transmission
• secure data storage protocols
• multi-factor authentication
• access control restrictions
• continuous security monitoring
• intrusion detection systems

Despite our efforts, no platform can guarantee absolute security.

Cybersecurity

Crack On Mate implements comprehensive technical and organisational measures consistent with the guidance issued by the Information Commissioner’s Office (ICO) to ensure the security, confidentiality, and integrity of personal data.

12. YOUR RIGHTS UNDER UK GDPR

Subject to statutory conditions, you have the following rights:

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to certain processing
• Right to withdraw consent at any time

Data Subject Rights

All requests submitted by Users to exercise their rights under the UK GDPR shall be addressed in a timely manner and, in any event, no later than one month from the date of receipt, in accordance with applicable statutory requirements.

Requests may be submitted to: www.crackonmate.com/contact-us

13. VERIFICATION OF DATA REQUESTS

For your protection, we may require reasonable verification of identity before responding to any data rights request to prevent unauthorised access.

14. SELLER OBLIGATIONS IN HANDLING BUYER DATA

Sellers receiving Buyer information must:

• use Buyer data solely for fulfilling the relevant Transaction
• retain data only as long as reasonably necessary
• not send marketing communications without lawful consent
• not share, sell, or misuse Buyer data
• comply fully with UK GDPR and the Data Protection Act

Crack On Mate bears no liability for GDPR breaches committed by Sellers.

15. ANONYMISED & AGGREGATED DATA

Crack On Mate may generate anonymised or aggregated data that does not identify any individual. Such data may be used for analytics, business intelligence, operational improvement, and commercial purposes. Anonymised data may also be shared with third-party partners, advertisers, or industry analysts to support benchmarking and market insights.

We may combine anonymised data with information from external sources to enhance the accuracy and value of our insights. All anonymisation processes are designed to ensure that individuals cannot be re-identified, directly or indirectly, by any party.

16. PERSONAL DATA BREACHES

In the event of a personal data breach likely to result in a high risk to individuals, Crack On Mate shall:

• notify affected Users without undue delay;
• report the breach to the Information Commissioner’s Office (ICO) where required;
• take immediate steps to mitigate damage and prevent recurrence.

17. RIGHT TO RESTRICT OR TERMINATE ACCESS

Crack On Mate may restrict, suspend, or refuse service to any User where the processing of personal data presents compliance, regulatory, or security risks to the Platform.

Crack On Mate further reserves the right to disable accounts that engage in fraudulent activity, misuse personal data, or breach applicable data protection laws.

We may also limit or withdraw access where continued processing is likely to expose Crack On Mate to legal liability or jeopardise platform integrity.
Such decisions may be taken without prior notice where immediate action is required to protect users, data security, or regulatory compliance.

18. AMENDMENTS TO THIS POLICY

Crack On Mate may update this Policy periodically to reflect changes in legal, regulatory, operational, or business requirements. Material changes will be communicated to Users through appropriate channels, including the Platform or email notifications where required by law. Continued use of the Platform following the effective date of any update constitutes acceptance of the revised Policy.

Where required under applicable data protection laws, Crack On Mate will obtain renewed consent before implementing material changes. Previous versions of this Policy may be retained for audit, compliance, and regulatory record-keeping purposes

19. CONTACT DETAILS

Questions, concerns, or rights requests should be directed to:

Crack On Mate UK Ltd

www.crackonmate.com/contact-us