Privacy and Cookie Policy

You can also view/print a pdf version of this Policy.

This document (together with the documents referred to within it) describes the terms and conditions on which you may make use of our website.

TTPG understands that you value your privacy and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our website and will only collect and use information in ways that are useful to you, in a manner consistent with your rights and our obligations under the law. You can control the way we use your Personal Data and the way we communicate with you by using our Privacy preferences tool.

Our website has recently been measured (by Webcookies.org) to have a Privacy Impact Score of 5. The score can be in the range from 0 to 100, where 0 is minimal privacy impact (best) and 100 is the biggest privacy impact (worst) relative to other web sites.

You can manage how our website sets cookies on your device by using our ‘cookie control widget’ (by clicking on the icon found on the bottom left corner of all our web pages) or visiting our ‘How to manage cookies’ page. General information on managing cookies can be found at ‘What are cookies’.

By checking the box labelled “I’ve read and accept the terms & conditions” on our website, you confirm acceptance of these terms. If you do not confirm acceptance of this Privacy and Cookie Policy, you will not be able to purchase a Trade-BOOST or a DIY-BOOST membership card, nor become a TTPG Member.

Expand all Collapse all
Background:

(A)  This Policy sets out the obligations of The Trade Purchasing Group Ltd regarding data protection and the rights of data subjects (i.e. Members and Merchant Partners) in respect of their personal data under the General Data Protection Regulation “GDPR” (Regulation (EU) 2016/679) (“the Regulation”).

(B)  This Policy applies to our use of any and all data collected by us in relation to your use of our website. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our website and you will be required to read and accept this Privacy Policy when signing up for Membership. If you do not accept and agree with this Privacy Policy, you must stop using our website immediately.

(C)  This Website, thetradepurchasinggroup.co.uk, is owned and operated by The Trade Purchasing Group Ltd, a limited company registered in United Kingdom, Number: 10866828, whose registered (and main office) address is 20-22 Wenlock Road, London N1 7GU.

(D)  We are registered with the Information Commissioner’s Office (ICO), registration no. ZA432006.

(E)  If you have any concerns regarding this Privacy and Cookie Policy, please contact TTPG at:

dataprotection@thetradepurchasinggroup.co.uk

(F)  For further guidance on your rights our Privacy and Data Protection Policies please visit the Information Commissioner’s Office (ICO) at https://ico.org.uk/.

1. Definitions and interpretation.

1.1.  In these terms and conditions, unless the context otherwise requires, the following expressions shall have the following meanings:

“Account/Membership Account” means collectively the personal information, payment information and credentials used by users to access the Paid Content and/or use certain areas and features of our website.

Child” means a natural person under 16 years of age.

Cookie” means a small text file placed on your computer or device by our website when you visit certain parts of our website and/or when you use certain features of our website.

“Data Protection” see GDPR.

“Data Protection Officer (DPO)” means the person responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. In the case of TTPG the DPO is the Company Director.

“Data Subject” means an individual who is the subject of the personal data.

“EEA” means the European Economic Area. The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein.

“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).

“Merchant Partner (MP)” relates to merchants who have been selected by TTPG to enter into, and participate in, this Scheme for the provision of goods and/or services to TTPG members as detailed in the Preferential Discount Agreement.

“Paid Content”means the website content accessible only to TTPG members who hold an active Membership Plan. Access to paid content will be made available immediately upon the creation of an account and the payment of a subscription fee.

“Personal Data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via our website. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).

“Preferential Discount” means the discounts as defined by the Preferential Discount Agreement and the Discount Schedule. These discounts must be exclusive to TTPG members and beyond those offered to non-TTPG members. Merchant Partners can use the Discount Schedule to offer and assign specific Preferential Discounts tailored to suite their Trade and/or DIY customer base.

“Preferential Discount Agreement”means the Agreement negotiated and agreed between TTPG and the Merchant Partner. It stipulates precisely the terms of the Preferential Discounts offered by the Merchant Partner to TTPG members.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data.

“Scheme” means the Preferential Discount Agreement where “Trade-BOOST” and “DIY-BOOST” card holders purchase goods and/or services from our Merchant Partners at the Preferentially Discounted prices.

“Services” means collectively any online facilities, tools, services or information that TTPG makes available through its website either now or in the future.

“Subject Access Request (SAR)” relates to the individual's right to access their personal data and supplementary information.

“TTPG/The Trade Purchasing Group” means The Trade Purchasing Group Ltd, a limited company registered in United Kingdom, number: 10866828, whose registered (and main office) address is 20-22 Wenlock Road, London N1 7GU.

“Website” means the website that you are currently using, i.e.

www.thetradepurchasinggroup.co.uk

and any sub-domains of this site unless expressly excluded by their own Terms and Conditions.

“We/Us/Our” means The Trade Purchasing Group Ltd (TTPG).

“You/Your” means any individual using our website and/or our services.

2. Scope – what does this Privacy Policy cover?

2.1.  This Privacy Policy applies only to your use of our website. It does not extend to any third party websites that are linked to from our website. We have no control over how your data is collected, stored or used by other websites and we advise you check the privacy policies of any such websites before providing any data to them.

3. Data protection principles.

3.1.  This Policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:

  3.1.1.  processed lawfully, fairly, and in a transparent manner in relation to the data subject; and

  3.1.2.  collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; and

  3.1.3.  adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed; and

  3.1.4.  accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay; and

  3.1.5.  kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject; and

  3.1.6.  processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

4. Lawful, fair and transparent data processing.

4.1.  The Regulation seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The Regulation states that processing of personal data shall be lawful if at least one of the following applies:

  4.1.1.  the data subject has given consent to the processing of his or her personal data for one or more specific purposes; or

  4.1.2.  processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; or

  4.1.3.  processing is necessary for compliance with a legal obligation to which the data controller is subject; or

  4.1.4.  processing is necessary to protect the vital interests of the data subject or of another natural person; or

  4.1.5.  processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; or

  4.1.6.  processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.

5. Your Rights.

5.1.  As a Data Subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:

  5.1.1.  the right to be informed about our collection and use of personal data;

  5.1.2.  the right of access to the personal data we hold about you;

  5.1.3.  the right to rectification if any personal data we hold about you is inaccurate or incomplete;

  5.1.4.  the right to be forgotten – i.e. the right to ask us to delete the personal data we hold about you.

  5.1.5.  the right to restrict (i.e. prevent) the processing of your personal data;

  5.1.6.  the right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);

  5.1.7.  the right to object to us using your personal data for particular purposes;

  5.1.8.  rights with respect to automated decision making and profiling.

5.2.  If you have any cause for complaint about our use of your personal data, please contact us using our Privacy Preferences Tool on our website and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO), giving them the details of your complaint and quoting our ICO registration number: ZA432006.

5.3.  For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.

5.4.  All above Rights can be exercised using our Privacy Preferences Tool on our website. You may also exercise some of these Rights by selecting ‘My account’ and updating your personal details from your dashboard.

6. What data do we collect?

6.1.  Information you have provided us that is necessary for example in delivering you our Services under this Preferential Discount Scheme. Such information may include:

  •  name;
  •  account credentials;
  •  business/company name/registration number;
  •  job title;
  •  profession;
  •  contact information such as email address and telephone number;
  •  demographic information such as post code;
  •  records of any correspondence from you, including those entered in any of our website forms and file uploads;
  •  billing and shipping addresses;
  •  payment details and order history - some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information. See PayPal Privacy Policy for more information.

6.2.  Information automatically collected about you that is necessary for example to identify and prevent fraud, enhance the maintenance and security of our webservers and better understand how visitors use our website. Such information may include:

  •  IP address;
  •  web browser type and version;
  •  device type;
  •  operating system.

When you use our services or look at the contents of our website, your activities may be logged.

6.3.  We may also gather information about you that is publicly available.

7. How we use your data.

 7.1.  All personal data is stored securely in accordance with the principles of the EU General Data Protection Regulation “GDPR” (Regulation (EU) 2016/679).

7.2.  We use your data to provide the best possible service to you. This includes:

  7.2.1.  On the grounds of entering into a contract or fulfilling contractual obligations, we process your personal data for the following purposes:

  •  providing and managing your account;
  •  providing and managing your access to our website;
  •  supplying our services to you;
  •  to confirm your registration/membership/payment;
  •  to post your Membership Card(s) to you;
  •  notifications of Membership Plan renewals/expiry.

  7.2.2.  On the grounds of legitimate interest, we process your personal data for the following purposes:

  •  to confirm and reply to any of your correspondence made by using any one of our forms or other contact options;
  •  enhance your overall experience when visiting our website;
  •  to administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of the services offered.

  7.2.3.  With your consent we process your personal data for the following purposes:

  •  to update you on any new Merchant Partners;
  •  to update you on any changes to Preferential Discounts;
  •  to update you on news about TTPG;
  •  to update you on news and offers from Merchant Partners;
  •  to provide you other marketing materials from TTPG;
  •  for other purposes we have asked your consent for.

7.3.  We reserve the right to anonymise your personal data and to use such data outside the scope of this Policy.

7.4.  We might process your personal data for additional purposes not mentioned in this Policy, but only if it is compatible with the original purpose for which the data was gathered. To do this, we will ensure that:

  •  the link between purpose, context and nature of the personal data is suitable for further processing; and
  •  the further processing would not harm your interests; and
  •  there would be appropriate safeguards for the processing.

We will inform you of any changes in the way we process your personal data.

7.5.  You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it, see our Privacy Preferences Tool.

8. How and where we store your data.

8.1.  We only keep your data for as long as we need to and/or for as long as we have your permission to keep it.

8.2.  Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein).

8.3.  Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our website.

8.4.  TTPG’s servers meet the highest standards of safety, independently confirmed by the Technical Inspection Association (TÜV) according to ISO standard 27001:2013.

8.5.  Steps we take to secure and protect your data include:

8.5.1.  The use of SSL Certificates: In simple terms, an SSL certificate is a communications protocol that provides security for web users whilst using the Internet. This type of safeguard is important since the information sent across the Internet is essentially unsecured and, in theory, could be intercepted and accessed by a third party. SSL certificates provide a layer of confidentiality and security that ensures privacy for users when transferring sensitive information between websites or through email. For this reason an SSL, or Secure Socket Layer, is integral to the successful operation of web based business and other concerns that deal with users' personal information and payment data. SSL secures the browser connection between you and our website with a 256 bit encryption. All transmitted data is therefore neither visible nor available to third parties.

8.5.2.  TTPG servers are fully protected with features such as Firewalls and Patch Management Systems, including but not limited to:

   •  Website Application Scan: this checks that all applications used on our website are up to date. This is the most common entry point for hackers.
   •  SQL Injection Scan: helps block unwanted access to databases containing sensitive Membership data.
   •  Cross-site Scripting (XSS): checks our site for any malicious code injected by an attacker.
   •  Malware Scan: this scans for malware and external redirects, hidden links or links to recognised malware sites. This protects you from viruses and trojans.
   •  Daily Backups and Geo-Redundancy: this ensures that we can quickly implement disaster recovery processes.

8.6.  Steps you should take to ensure your transmitted data is secure:

  8.6.1.  You should ensure that the URL starts with https:// and not http://. The ‘s’ indicates that a secure SSL certificate is being used to encrypt data transmission between your device and our servers.

  8.6.2.  You should also ensure that your browser reports a valid and trusted SSL Certificate. Different steps are required to do this, depending on the browser you are using – as a guide please click here.

  8.6.3.  You should also ensure that the operating system and other applications installed on your device(s) are fully updated.

  8.6.4.  You should ensure that you keep your account credentials secure and regularly change your password.

8.7.  Even though we try our best we cannot guarantee security for the information transferred to, and stored on, our servers. We will, however, notify you and the Supervisory Authority (Information Commissioner’s Office) of any data breach.

9. Do we share your data?

9.1.  We may sometimes contract with third parties to supply products and services to you on our behalf. These may include payment processing and membership card production. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.

9.2.  We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.

9.3.  In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.

10. What happens if our business changes hands?

10.1.  We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Data provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the data for the purposes for which it was originally collected by us.

10.2.  In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.

11. How you can control your personal data.

11.1.  When you submit information via our website, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data, including the ability to opt-out of receiving emails from us - which you may do by using our ‘Privacy Preferences Tool’.

11.2.  The Regulation sets out the following rights applicable to you:
  •  The right to be informed.
  •  The right of access.
  •  The right to rectification.
  •  The right to erasure (also known as the ‘right to be forgotten’).
  •  The right to restrict processing.
  •  The right to data portability.
  •  The right to object.
  •  Rights with respect to automated decision-making and profiling.

11.3.  You may also wish to sign up to one or more of the preference services operating in the UK: the Telephone Preference Service (“the TPS”); the Corporate Telephone Preference Service (“the CTPS”); and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

12. Children.

12.1.  We do not intend to collect or knowingly collect information from children. We do not target children with our services.

13. Our use of Cookies.

13.1.  A list of all cookies used by our website, and a guide on how to manage them, can be found here.

13.2.  Our website may place and access certain first party cookies on your computer or device. First party cookies are those placed directly by us and are used only by us. We use cookies to facilitate and improve your experience of our website and to provide and improve our services. We have carefully chosen these cookies and have taken steps to ensure that your privacy is protected and respected at all times.

13.3.  By using our website you may also receive certain third party cookies on your computer or device. Third party cookies are those placed by websites, services, and/or parties other than us. These cookies are not integral to the functioning of our website.

13.4.  All Cookies used by and on our website are used in accordance with current UK and EU Cookie Law.

13.5.  Before any cookies are placed on your computer or device, you will be shown a pop-up message requesting your consent to set those cookies. By giving your consent to the placing of cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of cookies; however certain features of our website may not function fully or as intended.

13.6.  The types of cookies used on our website can be grouped into the following 3 categories:

  13.6.1.  Necessary cookies: These enable core functionality like page navigation and access to secure areas of our website. The website cannot function properly without these cookies, and they can only be disabled by changing your browser preferences.

  13.6.2.  Analytics cookies: Our Website uses analytics services provided by Google. No Personal Identifiable Information (PII) is sent to Google Analytics. Google Analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how people use our website. These can be safely deleted/blocked without affecting the functionality of our website.

  13.6.3.  Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging to the user and thereby more valuable for the publishers and third party advertisers. These can be safely deleted/blocked without affecting the functionality of our website.

13.7.  You can manage how our website sets cookies on your device by using our ‘cookie control widget’ (by clicking on the icon found on the bottom left corner of all our web pages) or visiting our ‘How to manage cookies’ page. General information on managing cookies can be found at ‘What are cookies’.

13.8.  There are many tools and resources you can use to control how advertisers interact with you when you view various websites. These tools are ‘global’ and can give you control across all websites you visit. Some of these tools may need to be set for each browser/device you use. These tools include:

  13.8.1.  Google Analytics opt-out browser add-on. This add-on allows you to set your browser to block all Google Analytics cookies. Download add-on.

  13.8.2.  Google Ads Settings can be used to control the information Google uses to show you tailored ads.

  13.8.3.  Opt-out of the DoubleClick cookie using this plug-in.

  13.8.4.  Other advertising opt-out tools. The Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA) and the Interactive Digital Advertising Alliance (EDAA) offer opt-out tools to assist you in managing your choices for participating companies that use cookies for Interest-Based Advertising (IBA) and Cross-App Advertising (CAA). For more information about these tools please visit:

  •  NAI opt-out tool (web browser only).
  •  DAA opt-out tool (web browser only).
  •  EDAA opt-out tool (web browser only).
  •  AppChoices (apps only).

13.9.  It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

14. Contacting us.

14.1.  If you have any questions about this Privacy Policy, please contact us by email:

dpo@thetradepurchasinggroup.co.uk

15. Changes to our Privacy Policy.

15.1.  We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on our site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our site following the alterations. We recommend that you check this page regularly to keep up-to-date.

15.2.  This Policy was updated on: Friday, 31st August 2018.