Privacy Policy & GDPR Compliance

Last Updated: 05 May 2025
Company Name: Auctium Limited
Registered Address: Innovation Centre Medway, Maidstone Road, Chatham, Kent, England, ME5 9FD
Company Registration Number: 16015703

1. Introduction

Auctium Limited (“we,” “us,” or “our”) is committed to protecting the privacy and security of our Clients’ data. This Privacy Policy outlines how we collect, process, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

2. Scope

This policy applies to all Clients using our SaaS auction platform. It governs the processing of personal data collected through our platform and related services.

3. Data Controller & Data Processor

  • Auctium Limited acts as a Data Processor when handling personal data on behalf of Clients.
  • Clients act as Data Controllers, determining the purpose and means of processing their customers’ personal data.
  • In some cases, Auctium Limited may act as a Data Controller for data collected directly from Clients (e.g., account registration details).

4. Personal Data We Collect

We may collect and process the following types of personal data:

  • Client Information: Name, business details, contact information, payment details.
  • User Data: Information uploaded by Clients, including bidder details, auction history, and transaction records.
  • Technical Data: IP addresses, login credentials, device information, and usage analytics.

5. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contractual Necessity: To provide and manage our auction platform services.
  • Legal Obligation: To comply with regulatory requirements, such as tax and financial reporting.
  • Legitimate Interests: To improve platform functionality, security, and user experience.
  • Consent: Where applicable, for marketing communications or optional data processing activities.

6. Data Processing & Security Measures

We implement robust security measures to protect personal data, including:

  • Encryption & Secure Storage: Data is encrypted and stored securely.
  • Access Controls: Restricted access to authorised personnel only.
  • Regular Audits: Compliance checks and security assessments.
  • Data Minimisation: Only necessary data is collected and retained.

7. Data Sharing & Third-Party Processors

We may share personal data with:

  • Payment Processors: To facilitate transactions.
  • Hosting Providers: For secure data storage.
  • Regulatory Authorities: If required by law.
  • Third-Party Integrations: Where Clients opt to use external services.

All third-party processors are contractually obligated to comply with UK GDPR standards.

8. Data Retention

  • Personal data is retained only as long as necessary for the purposes outlined in this policy.
  • Clients may request deletion of their data, subject to legal and contractual obligations.

9. Client Responsibilities

As Data Controllers, Clients must:

  • Ensure compliance with UK GDPR when collecting and processing user data.
  • Obtain necessary consents from their customers.
  • Implement appropriate security measures within their own operations.

10. Data Subject Rights

Under UK GDPR, individuals have the following rights:

  • Right to Access: Request copies of their personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of their data (subject to legal obligations).
  • Right to Restriction: Limit processing of their data.
  • Right to Data Portability: Transfer their data to another service provider.
  • Right to Object: Object to processing based on legitimate interests.

Clients must facilitate these rights for their customers where applicable.

11. Data Breach Notification

In the event of a data breach:

  • Auctium Limited will notify affected Clients promptly.
  • Clients must notify their customers if required under UK GDPR.
  • Appropriate remedial actions will be taken to mitigate risks.

12. Changes to This Policy

We may update this policy periodically to reflect changes in regulations or business practices. Clients will be notified of significant updates.

13. Contact Information

For privacy-related inquiries, Clients can contact:
Data Protection Officer (DPO)
Auctium Limited
[email protected]