Trust Toucan Privacy Policy
# Privacy Policy
Last Updated: [Insert Date]
Swapauto Ltd, operating as Trust Toucan (“we,” “us,” or “our”), operates a platform that provides an escrow-like service to facilitate secure transactions for the private sale or purchase of vehicles and items in the United Kingdom using a delayed payment strategy (the “Platform”). We are committed to protecting your privacy and handling your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our Platform, including our website [Insert Website URL] and any related applications.
By using the Platform, you consent to the collection, use, and sharing of your personal data as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Platform.
## 1. Data Controller
Swapauto Ltd, with registered address at Unit A, 82 James Carter Road, Mildenhall, United Kingdom, IP28 7DE, is the data controller responsible for your personal data. You can contact us with any questions or concerns about your data at:
– Email: enquiries@swapauto.co.uk
– Address: Unit A, 82 James Carter Road, Mildenhall, United Kingdom, IP28 7DE
## 2. Personal Data We Collect
We collect and process the following categories of personal data:
### 2.1. Data You Provide
– Identity and Contact Information: Name, address, email address, phone number, and government-issued identification (e.g., passport, driver’s licence) provided during registration and identity verification.
– Transaction Information: Details about the vehicle or item being sold or purchased, including price, condition, and delivery arrangements.
– Payment Information: Bank account or payment card details provided to facilitate transactions, including the Transaction Fee.
– Communications: Any correspondence with us, such as support requests or feedback submitted via email or the Platform.
### 2.2. Data Collected Automatically
– Technical Information: IP address, browser type, device information, operating system, and usage data (e.g., pages visited, time spent on the Platform) collected via cookies and similar technologies.
– Transaction Activity: Records of tasks completed (e.g., delivery, confirmation of receipt) as part of the delayed payment process.
### 2.3. Data from Third Parties
– Identity Verification and Payment Data: We use Stripe, our payment partner, to process payments and conduct identity verification. Stripe collects and holds identity documents and payment details (e.g., card or bank account information), and we have access to this data as necessary to provide our services.
– Other Third-Party Services: We may receive data from analytics providers or other service providers to improve the Platform’s functionality and security.
## 3. How We Use Your Personal Data
We use your personal data for the following purposes, based on the legal grounds outlined:
| Purpose | Personal Data Used | Legal Basis |
|————-|———————–|—————–|
| To register and verify your identity | Identity and contact information, government-issued ID | Performance of a contract, legal obligation (e.g., anti-money laundering compliance) |
| To process transactions, including payments and task completion | Transaction information, payment information, identity data | Performance of a contract |
| To provide legal documents (e.g., Bill of Sale) | Identity and transaction information | Performance of a contract |
| To manage your account and provide customer support | Identity, contact information, communications | Performance of a contract, legitimate interests (customer service) |
| To prevent fraud and ensure Platform security | Identity, payment, technical, and transaction data | Legal obligation, legitimate interests (security and fraud prevention) |
| To improve the Platform and analyze usage | Technical information, transaction activity | Legitimate interests (service improvement) |
| To comply with legal and regulatory requirements | Identity, payment, and transaction data | Legal obligation |
| To send service-related communications (e.g., Transaction updates) | Contact information | Performance of a contract |
| To send marketing communications (with your consent) | Contact information | Consent |
## 4. Sharing Your Personal Data
We share your personal data only as necessary and in the following circumstances:
### 4.1. With Other Users
– Buyers and Sellers: To facilitate a Transaction, we may share limited identity and contact information (e.g., name, delivery address) between the Buyer and Seller, as required for delivery or communication.
– Bill of Sale: Identity and transaction details are included in the Bill of Sale provided to both parties.
### 4.2. With Third-Party Service Providers
– Stripe: Our payment partner, Stripe, collects and holds identity documents and payment details to process payments and verify identities. We have access to this data as necessary to provide our services. Stripe’s privacy policy applies (available at https://stripe.com/gb/privacy).
– Other Providers: We may share data with third-party providers for analytics (e.g., cloud storage, analytics, or security services) to support Platform operations. These providers are contractually obligated to protect your data.
### 4.3. Legal and Regulatory Authorities
– We may share your data with law enforcement, regulatory authorities, or other entities to comply with legal obligations, such as anti-money laundering (AML) or know-your-customer (KYC) requirements.
### 4.4. Business Transfers
– If we sell or merge our business, your personal data may be transferred to the acquiring entity, subject to UK GDPR requirements.
## 5. International Data Transfers
Your personal data may be transferred to and stored in countries outside the UK, such as the United States, by third-party providers like Stripe. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data in accordance with UK GDPR.
## 6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law:
– Identity and Transaction Data: Retained for [6 years] after the Transaction or account closure to comply with AML and tax regulations.
– Payment Data: Held by Stripe and retained per their retention policies, with our access limited to the duration of the Transaction or as required by law.
– Technical Data: Retained for [12 months] for analytics and security purposes.
– Communications: Retained for [2 years] or until you request deletion, unless required for legal purposes.
When data is no longer needed, it is securely deleted or anonymized.
## 7. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
– Access: Request a copy of the personal data we hold about you.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of your data, subject to legal retention requirements.
– Restriction: Request restriction of processing in certain circumstances.
– Data Portability: Request transfer of your data to another provider in a structured, commonly used format.
– Object: Object to processing based on legitimate interests, including marketing.
– Withdraw Consent: Withdraw consent for marketing communications at any time.
– Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or significant effects (we do not engage in such processing).
To exercise your rights, contact us at enquiries@swapauto.co.uk. We will respond within one month, extendable by two months for complex requests. If you are dissatisfied with our response, you may lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or by phone at 0303 123 1113.
## 8. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience, analyze usage, and ensure Platform security. You can manage cookie preferences through your browser settings or our cookie consent tool (if applicable). For details, see our [Cookie Policy, if separate, or include cookie details here].
## 9. Marketing Communications
If you opt in to receive marketing communications, we may send you promotional emails about our services or offers. You can unsubscribe at any time by clicking the “unsubscribe” link in the email or contacting us at enquiries@swapauto.co.uk.
## 10. Security of Your Data
We implement technical and organizational measures to protect your personal data, including encryption, access controls, and secure servers. Stripe also employs robust security measures to protect ID and payment details. However, no system is completely secure, and we cannot guarantee absolute security.
## 11. Third-Party Links
The Platform may contain links to third-party websites, such as Stripe. We are not responsible for the privacy practices or content of these websites. Review their privacy policies before providing personal data.
## 12. Children’s Privacy
The Platform is not intended for individuals under 18. We do not knowingly collect personal data from children. If we become aware of such data, we will delete it.
## 13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The updated version will be posted on the Platform, and significant changes will be notified via email or a Platform notice. Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.
## 14. Contact Us
For questions, concerns, or to exercise your data protection rights, contact us at:
– Email: enquiries@swapauto.co.uk
– Address: Unit A, 82 James Carter Road, Mildenhall, United Kingdom, IP28 7DE
