Costrick Privacy Policy

Last updated: 24 August 2025

This Privacy Policy explains how Costrick Ltd (“Costrick”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you interact with our digital platform, including our website (www.costrick.com), upcoming mobile application, or support services. As a business-to-business (B2B) platform connecting convenience stores with wholesalers, we are committed to safeguarding your data and complying with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We encourage you to review this policy periodically to stay informed about how we process your data and the choices available to you.

Costrick Ltd, headquartered at 6 Ristol Road, Glasgow, G13 1UY, Scotland, is the data controller for the personal data we process. This policy applies to all interactions with our platform in the UK. For interactions outside the UK, different privacy policies may apply, depending on local regulations and entities.

Our Commitment to Privacy

We respect your privacy and are dedicated to protecting your personal data. Our platform, designed to streamline stock ordering for convenience stores, handles data responsibly to deliver a seamless, efficient service. We do not sell, rent, or share your personal data except as outlined in this policy, and we only do so with your consent or as permitted by law. We aim to provide clear information to help you make informed decisions about your data, ensuring transparency while maintaining the security of our operations.

What is Personal Data?

Personal data refers to any information relating to an identified or identifiable individual, such as a name, contact details, or other data that can be linked to you. In the context of our B2B platform, this primarily involves data related to convenience store owners, managers, or authorised staff interacting with our services.

What Personal Data Do We Collect?

We collect personal data when you register for an account, use our comparison-shopping engine, place orders, interact with support, or engage with our website or upcoming mobile app. The data we collect supports our mission to simplify stock ordering and enhance retailer-wholesaler connections. The categories of data include:

  • Identification Data: Your name, job title (e.g., store owner or manager), business name, and Costrick account details.
  • Contact Data: Business address, email address, and phone number for communication purposes.
  • Transactional Data: Details of orders placed, payment methods (e.g., card type, but not full card details), and notes related to transactions, such as product preferences or delivery instructions.
  • Electronic Data: IP address, browser type, device information, platform activity, and, if enabled, geolocation data via our app for location-based services (e.g., finding nearby wholesalers). We use cookies and similar technologies to enhance user experience (see our Cookie Policy for details).
  • Indirect Data: Information provided by account holders (e.g., adding team members to a store’s account) or from partners involved in order fulfilment, fraud prevention, or promotional activities.

We collect only the data necessary to provide our services, ensuring minimal intrusion while maximising functionality. For example, when a store owner registers, we request basic details to set up an account and facilitate order processing, keeping the process straightforward and secure.

How Do We Use Personal Data?

We use personal data to deliver, improve, and secure our platform, ensuring convenience stores can efficiently compare and order stock from wholesalers. The specific purposes include:

  • Account Management: To create, manage, and maintain your Costrick account, including registration and authentication (legal basis: performance of a contract).
  • Order Processing: To facilitate stock orders, process payments, and coordinate with wholesalers for delivery or click-and-collect services (legal basis: performance of a contract).
  • Customer Support: To respond to queries, complaints, or feedback submitted via email, phone, or our platform (legal basis: your consent or legitimate interest).
  • Marketing and Promotions: To send tailored promotions, product updates, or newsletters about Costrick’s services or wholesaler offers, based on your account activity or preferences. You can opt out at any time via email settings or by contacting us (legal basis: legitimate interest or consent, where required).
  • Platform Improvement: To analyse usage patterns and improve our website and app functionality, ensuring a seamless user experience (legal basis: legitimate interest).
  • Legal Compliance: To meet obligations under UK laws, such as tax reporting or fraud prevention (legal basis: legal obligation).
  • Security: To monitor platform activity and prevent unauthorised access or fraudulent transactions (legal basis: legitimate interest).

Our use of data is guided by the principles of necessity and proportionality, ensuring we only process what’s needed to deliver value to our users while maintaining trust.

How Do We Share Personal Data?

We share personal data only when necessary to provide our services, comply with legal requirements, or protect our platform. Sharing occurs in the following cases:

  • Service Providers: We engage trusted partners for platform hosting, payment processing, analytics, and customer support. These providers are contractually bound to protect your data and only process it as instructed.
  • Wholesale Partners: To fulfil orders, we share necessary data (e.g., store name, order details, delivery address) with wholesalers or logistics providers.
  • Legal Obligations: We may disclose data to comply with UK laws, respond to legal requests (e.g., court orders), or protect Costrick’s rights, safety, or property.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, data may be transferred to relevant parties, with safeguards to ensure continued protection.

We do not share data for purposes unrelated to our platform’s functionality unless we have your explicit consent. All sharing adheres to strict data protection standards.

International Data Transfers

As a UK-based company, most of our data processing occurs within the UK. However, some service providers may operate outside the UK, including in the European Economic Area (EEA) or other regions. When transferring data internationally, we use UK-approved mechanisms, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses, to ensure equivalent protection. For example, if a cloud provider processes data in the EEA, we ensure contractual safeguards are in place. You may request copies of these agreements by contacting us.

How Do We Protect Personal Data?

We employ robust physical, technical, and administrative measures to safeguard your data against loss, misuse, or unauthorised access. These include:

  • Encryption for data in transit and at rest.
  • Secure servers with restricted access.
  • Regular security audits and updates.
  • Compliance with payment industry standards for transaction data (e.g., PCI DSS).

Our team is trained to handle data securely, and we work with reputable service providers to maintain high security standards. While no system is entirely risk-free, we take all reasonable steps to protect your information.

How Long Do We Retain Personal Data?

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by UK law. For example:

  • Account data is kept for the duration of your active account and up to 7 years after to comply with tax and accounting obligations.
  • Transactional data is retained for 7 years to support order history and legal requirements.
  • Electronic data, such as platform activity logs, is typically kept for up to 12 months unless needed for security or legal purposes.

If you request deletion of your data, we will comply unless retention is required by law (e.g., for tax purposes). Anonymised data may be retained for analytics to improve our services.

Third-Party Services

Our platform connects convenience stores with wholesalers, who may act as third parties for order fulfilment. When you place an order, we share only the data necessary (e.g., store details, order specifics) with these partners. We are not responsible for their privacy practices, and we encourage you to review their policies before engaging. For example, a wholesaler may require your business address to deliver stock, but we ensure such sharing is limited and secure.

Your Data Protection Rights

Under UK data protection laws, you have the following rights:

  • Access: Request details about the data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal obligations.
  • Restriction: Ask us to limit processing while retaining your data.
  • Portability: Receive your data in a structured, machine-readable format or have it transferred to another controller.
  • Objection: Object to processing for marketing or other purposes based on legitimate interest.
  • Withdraw Consent: Revoke consent for processing where applicable.
  • Complain: Lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk).

To exercise these rights, contact us at contact@costrick.com. We will respond within one month, though complex requests may take longer, in which case we will inform you.

Children’s Data

Our platform is designed for business users, specifically convenience store owners and staff, and is not intended for individuals under 18. We do not knowingly collect data from children. If we discover such data, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our services or legal requirements. Significant updates will be communicated via email or a notice on our website. The latest version is always available at www.costrick.com. We encourage regular review to stay informed about how we handle your data.

Contact Us

For questions, concerns, or to exercise your data rights, contact:

  • Email: contact@costrick.com
  • Post: Costrick Ltd, 6 Ristol Road, Glasgow, G13 1UY, Scotland
  • Phone: 01419591098

Our team is committed to addressing your inquiries promptly and ensuring your data is handled with care.

Additional Information

As a B2B platform, Costrick prioritises data minimisation, collecting only what’s necessary to deliver our comparison-shopping engine and related services. Our focus on eco-friendly practices, such as digital promotions to reduce paper waste, extends to our data practices, ensuring efficiency and responsibility. If you represent a convenience store or wholesaler, we may process data on behalf of your business, and you should ensure any staff data provided (e.g., for account access) is shared with their consent.

We also use anonymised data to generate insights, such as order trends, which help wholesalers optimise their offerings. These insights do not identify individuals and are used to enhance our platform’s value for all users. Our upcoming AI and machine learning features, such as waste management tools, will process data responsibly, with safeguards to protect your privacy.

If you interact with our platform on behalf of a business, ensure you are authorised to provide data, such as contact details for team members. We assume such data is provided with consent, and we rely on you to inform us of any changes to this authorisation.

Data Security and Monitoring

To maintain platform integrity, we monitor usage for security purposes, such as detecting suspicious activity. This may involve analysing login patterns or IP addresses, but we do so in a way that respects your privacy. Video surveillance is not used on our platform, as our services are digital, but any future in-person interactions (e.g., at events) would follow strict data protection protocols.

Cookies and Tracking

Our website and app use cookies to enhance functionality, such as remembering your preferences or analysing usage trends. You can manage cookie preferences through your browser or our app settings. Our Cookie Policy, available on our website, provides further details on how we use these technologies and your options for controlling them.

Legal and Regulatory Compliance

We comply with all applicable UK laws, including tax, anti-fraud, and consumer protection regulations. If required to disclose data to authorities (e.g., for fraud investigations), we will do so only as legally mandated, ensuring minimal disclosure. Our platform’s design reflects our commitment to balancing functionality with legal and ethical responsibilities.

Your Role in Data Protection

As a user, you play a key role in protecting your data. Keep your account credentials secure and notify us immediately of any unauthorised access. If you provide data about others (e.g., staff members), ensure you have their consent. By working together, we can maintain a secure and trusted platform.