Skip to content
TechLoop
TrackSearch
Back to homepageLast updated: 8 April 2026

Privacy Policy

How we collect, use, and protect your personal data when you sell your devices to TechLoop. Written in plain English and compliant with UK GDPR and the Data Protection Act 2018.

Jump to section (14)
  1. 01Who we are
  2. 02What personal data we collect
  3. 03Why we process your data (lawful basis)
  4. 04How we use your data
  5. 05How we protect your data
  6. 06Who we share your data with
  7. 07How long we keep your data
  8. 08Cookies and tracking technologies
  9. 09Your rights under UK GDPR
  10. 10Automated decision-making
  11. 11Children
  12. 12International data transfers
  13. 13Changes to this policy
  14. 14Contact us

Who we are

TechLoop is based at Unit 8, Pembroke Centre, Cheney Manor Industrial Estate, Swindon SN2 2PQ, United Kingdom. We operate the website www.thetechloop.co.uk and provide device buyback services to consumers across the UK.

We are registered with the Information Commissioner's Office (ICO) under registration number C1903496.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller. For privacy enquiries, see Section 14 below.

What personal data we collect

We collect different types of data depending on how you interact with us:

When you get a quote or sell a device

  • Full name
  • Email address
  • Phone number
  • Postal address (for shipping label generation)
  • Bank account details (sort code and account number, for payment)
  • Device information (make, model, storage, condition)
  • IMEI number (for blacklist and carrier checks)

When you visit our website

Where possible, this data is aggregated and not used to identify individual users.

  • IP address and approximate location
  • Browser type and operating system
  • Pages visited and time spent
  • Referral source (how you found us)

When you contact us

  • Name and email address
  • The content of your message
  • Any attachments you send

Why we process your data (lawful basis)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following. Where we rely on legitimate interests, we have carried out a Legitimate Interest Assessment (LIA) to ensure our processing is necessary and does not override your rights and freedoms.

PurposeLawful basis
Process your device trade-in and make paymentContract performance
Send order updates (confirmations, shipping, payment)Contract performance
IMEI blacklist and carrier checksLegitimate interest (fraud prevention)
Respond to enquiries and support requestsLegitimate interest
Cookieless product analyticsLegitimate interest (service improvement)
Cookie-based analytics and advertising measurement (Google Analytics, Clarity, Meta Pixel)Consent
Send marketing emails or SMSConsent
Comply with tax, accounting, and legal obligationsLegal obligation

How we use your data

  • Processing trade-ins: We use your name, contact details, and device information to process your order, generate shipping labels, inspect your device, and arrange payment.
  • Payment: Bank details are protected using industry-standard encryption before storage. We send payments via Wise (TransferWise Ltd), a regulated payment institution. Your bank details are shared with Wise solely for the purpose of completing your payment.
  • IMEI checks: We check device IMEI numbers against national blacklist and industry databases to prevent trade-ins of stolen or blocked devices. This may involve checks against law enforcement or industry databases where required. Devices failing these automated checks are automatically rejected, subject to manual verification where necessary.
  • Shipping: Your name and address are shared with Royal Mail to generate prepaid shipping labels. Royal Mail processes this data under their own privacy policy.
  • Communications: We send transactional emails (order confirmations, shipping updates, payment notifications) via a third-party email delivery service. We will only send marketing communications if you have explicitly opted in.
  • Website improvement: We use cookieless analytics to understand how visitors use our site. No cookies or persistent identifiers are used. With your consent, we also use Google Analytics, Microsoft Clarity and Meta Pixel for more detailed traffic analysis, advert performance measurement and retargeting controls.

How we protect your data

  • Bank details are encrypted before storage using industry-standard methods
  • All data is transmitted over encrypted connections (HTTPS)
  • Access to personal data is restricted by role-based access controls
  • Devices we receive are factory-reset to remove all previous owner data
  • We regularly review and update our security practices

Who we share your data with

We only share your personal data with third parties where necessary to provide our services or comply with legal obligations:

ServicePurposeData shared
Wise (TransferWise)Bank transfer paymentsName, bank details, payment amount
Royal MailShipping label generationName, postal address
IMEI verification providerDevice blacklist checksDevice IMEI number only
Email delivery providerTransactional emailsEmail address, name
Cloud database provider (EU)Secure data storageOrder and customer data (encrypted at rest)
Cloud hosting providerWebsite hostingServer logs (IP address, browser type)
MetaAdvertising measurement and retargeting, only with cookie consentPage views, ad click identifiers, quote/basket events, approximate device and browser data

We do not sell your personal data to any third party. We only share advertising measurement data with Meta where you have consented to analytics and performance cookies.

How long we keep your data

Data typeRetention periodReason
Trade-in records6 years after completionHMRC tax obligations
Bank detailsDeleted 90 days after final paymentDispute resolution window
IMEI check resultsDuration of stock holdingFraud prevention / law enforcement
Customer accountsUntil deletion requestedService provision
Enquiry messages12 monthsCustomer service
Analytics data14 months (Google Analytics), session-only (cookieless analytics), up to 3 months for Meta advertising cookiesService improvement and advertising measurement

Cookies and tracking technologies

A cookie is a small text file stored on your device by your web browser. We use cookies and similar technologies to keep our site working and, with your consent, to understand how visitors use it.

Strictly necessary cookies

These cookies are essential for the site to function. They do not track you and cannot be disabled.

Cookie namePurposeDuration
Session cookieKeeps your browsing session consistent across pages7 days
Consent cookieRecords your cookie preferences1 year

Cookieless analytics (no consent required)

We use a cookieless analytics tool for basic product analytics. No cookies are set and no persistent identifiers are stored on your device. We rely on legitimate interest under PECR for this processing, as it does not use technology to store or access information on your device.

Analytics cookies (consent required)

These cookies are only set if you click "Accept all" or enable analytics in the cookie preferences panel. They help us understand traffic patterns, measure advertising performance and improve the website.

Cookie nameProviderPurposeDuration
_gaGoogle AnalyticsDistinguish unique visitors2 years
_ga_*Google AnalyticsMaintain session state2 years
_clckMicrosoft ClarityUnique user identifier1 year
_clskMicrosoft ClaritySession tracking for heatmaps1 day
CLIDMicrosoft ClarityFirst-party unique ID1 year
_fbpMeta PixelMeasure ad performance and recognise browser sessions3 months
_fbcMeta PixelStore Facebook click ID when a visitor arrives from an ad3 months

How to manage cookies

You can change your cookie preferences or withdraw consent at any time by clicking the "Manage Cookies" link in the footer of every page on our website. This will reopen the cookie preferences panel where you can update your choices. You can also block all cookies in your browser settings, though this may affect site functionality.

Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Ask us to correct any inaccurate or incomplete data
  • Erasure: Ask us to delete your personal data (subject to legal retention requirements)
  • Restriction: Ask us to restrict processing of your data in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interest
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time

To exercise any of these rights, email us at privacy@thetechloop.co.uk. We may request proof of identity before fulfilling your request. Requests are free of charge unless manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request. We will respond within 30 days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Automated decision-making

We use automated checks to verify device IMEI numbers against blacklist databases. Devices that are reported as stolen or blocked are automatically rejected. This is the only automated decision-making process we use that may have a significant effect on your transaction. You have the right to request human review of any automated decision by contacting us.

We do not use profiling or automated decision-making for marketing purposes.

Children

Our service is not directed at persons under 18. We do not knowingly collect personal data from minors and do not have mechanisms to obtain parental consent. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

International data transfers

Our primary database is hosted within the EU. Some of our service providers may process data outside the UK/EEA:

  • Website hosting provider — US, with EU data processing
  • Wise (payments) — UK/EU regulated financial institution
  • Google (analytics, with consent only) — US, Standard Contractual Clauses apply
  • Meta (advertising measurement, with consent only) — US, Standard Contractual Clauses apply

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including the UK International Data Transfer Addendum alongside Standard Contractual Clauses and adequacy decisions where applicable.

Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email (if you have an active order) or a notice on our website. The "last updated" date at the top reflects the most recent revision.

Contact us

For any privacy-related questions or to exercise your rights:

Exercising your data rights

To access, correct, or delete your personal data — or to ask any privacy question — contact our data protection lead directly. We respond within 30 days.

Post
TechLoop, Unit 8, Pembroke Centre, Cheney Manor Industrial Estate, Swindon SN2 2PQ, United Kingdom

Registered with the ICO (Reg. No: C1903496).