Privacy Policy
How we collect, use, and protect your personal data when you sell your devices to TechLoop. Written in plain English and compliant with UK GDPR and the Data Protection Act 2018.
Jump to section (14)
- 01Who we are
- 02What personal data we collect
- 03Why we process your data (lawful basis)
- 04How we use your data
- 05How we protect your data
- 06Who we share your data with
- 07How long we keep your data
- 08Cookies and tracking technologies
- 09Your rights under UK GDPR
- 10Automated decision-making
- 11Children
- 12International data transfers
- 13Changes to this policy
- 14Contact us
Who we are
TechLoop is based at Unit 8, Pembroke Centre, Cheney Manor Industrial Estate, Swindon SN2 2PQ, United Kingdom. We operate the website www.thetechloop.co.uk and provide device buyback services to consumers across the UK.
We are registered with the Information Commissioner's Office (ICO) under registration number C1903496.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller. For privacy enquiries, see Section 14 below.
What personal data we collect
We collect different types of data depending on how you interact with us:
When you get a quote or sell a device
- Full name
- Email address
- Phone number
- Postal address (for shipping label generation)
- Bank account details (sort code and account number, for payment)
- Device information (make, model, storage, condition)
- IMEI number (for blacklist and carrier checks)
When you visit our website
Where possible, this data is aggregated and not used to identify individual users.
- IP address and approximate location
- Browser type and operating system
- Pages visited and time spent
- Referral source (how you found us)
When you contact us
- Name and email address
- The content of your message
- Any attachments you send
Why we process your data (lawful basis)
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following. Where we rely on legitimate interests, we have carried out a Legitimate Interest Assessment (LIA) to ensure our processing is necessary and does not override your rights and freedoms.
| Purpose | Lawful basis |
|---|---|
| Process your device trade-in and make payment | Contract performance |
| Send order updates (confirmations, shipping, payment) | Contract performance |
| IMEI blacklist and carrier checks | Legitimate interest (fraud prevention) |
| Respond to enquiries and support requests | Legitimate interest |
| Cookieless product analytics | Legitimate interest (service improvement) |
| Cookie-based analytics and advertising measurement (Google Analytics, Clarity, Meta Pixel) | Consent |
| Send marketing emails or SMS | Consent |
| Comply with tax, accounting, and legal obligations | Legal obligation |
How we use your data
- Processing trade-ins: We use your name, contact details, and device information to process your order, generate shipping labels, inspect your device, and arrange payment.
- Payment: Bank details are protected using industry-standard encryption before storage. We send payments via Wise (TransferWise Ltd), a regulated payment institution. Your bank details are shared with Wise solely for the purpose of completing your payment.
- IMEI checks: We check device IMEI numbers against national blacklist and industry databases to prevent trade-ins of stolen or blocked devices. This may involve checks against law enforcement or industry databases where required. Devices failing these automated checks are automatically rejected, subject to manual verification where necessary.
- Shipping: Your name and address are shared with Royal Mail to generate prepaid shipping labels. Royal Mail processes this data under their own privacy policy.
- Communications: We send transactional emails (order confirmations, shipping updates, payment notifications) via a third-party email delivery service. We will only send marketing communications if you have explicitly opted in.
- Website improvement: We use cookieless analytics to understand how visitors use our site. No cookies or persistent identifiers are used. With your consent, we also use Google Analytics, Microsoft Clarity and Meta Pixel for more detailed traffic analysis, advert performance measurement and retargeting controls.
How we protect your data
- Bank details are encrypted before storage using industry-standard methods
- All data is transmitted over encrypted connections (HTTPS)
- Access to personal data is restricted by role-based access controls
- Devices we receive are factory-reset to remove all previous owner data
- We regularly review and update our security practices
Who we share your data with
We only share your personal data with third parties where necessary to provide our services or comply with legal obligations:
| Service | Purpose | Data shared |
|---|---|---|
| Wise (TransferWise) | Bank transfer payments | Name, bank details, payment amount |
| Royal Mail | Shipping label generation | Name, postal address |
| IMEI verification provider | Device blacklist checks | Device IMEI number only |
| Email delivery provider | Transactional emails | Email address, name |
| Cloud database provider (EU) | Secure data storage | Order and customer data (encrypted at rest) |
| Cloud hosting provider | Website hosting | Server logs (IP address, browser type) |
| Meta | Advertising measurement and retargeting, only with cookie consent | Page views, ad click identifiers, quote/basket events, approximate device and browser data |
We do not sell your personal data to any third party. We only share advertising measurement data with Meta where you have consented to analytics and performance cookies.
How long we keep your data
| Data type | Retention period | Reason |
|---|---|---|
| Trade-in records | 6 years after completion | HMRC tax obligations |
| Bank details | Deleted 90 days after final payment | Dispute resolution window |
| IMEI check results | Duration of stock holding | Fraud prevention / law enforcement |
| Customer accounts | Until deletion requested | Service provision |
| Enquiry messages | 12 months | Customer service |
| Analytics data | 14 months (Google Analytics), session-only (cookieless analytics), up to 3 months for Meta advertising cookies | Service improvement and advertising measurement |
Your rights under UK GDPR
You have the following rights in relation to your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Ask us to correct any inaccurate or incomplete data
- Erasure: Ask us to delete your personal data (subject to legal retention requirements)
- Restriction: Ask us to restrict processing of your data in certain circumstances
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interest
- Withdraw consent: Where we rely on consent, you can withdraw it at any time
To exercise any of these rights, email us at privacy@thetechloop.co.uk. We may request proof of identity before fulfilling your request. Requests are free of charge unless manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request. We will respond within 30 days.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Automated decision-making
We use automated checks to verify device IMEI numbers against blacklist databases. Devices that are reported as stolen or blocked are automatically rejected. This is the only automated decision-making process we use that may have a significant effect on your transaction. You have the right to request human review of any automated decision by contacting us.
We do not use profiling or automated decision-making for marketing purposes.
Children
Our service is not directed at persons under 18. We do not knowingly collect personal data from minors and do not have mechanisms to obtain parental consent. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
International data transfers
Our primary database is hosted within the EU. Some of our service providers may process data outside the UK/EEA:
- Website hosting provider — US, with EU data processing
- Wise (payments) — UK/EU regulated financial institution
- Google (analytics, with consent only) — US, Standard Contractual Clauses apply
- Meta (advertising measurement, with consent only) — US, Standard Contractual Clauses apply
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including the UK International Data Transfer Addendum alongside Standard Contractual Clauses and adequacy decisions where applicable.
Changes to this policy
We may update this privacy policy from time to time. Material changes will be communicated via email (if you have an active order) or a notice on our website. The "last updated" date at the top reflects the most recent revision.
Contact us
For any privacy-related questions or to exercise your rights:
- Email: privacy@thetechloop.co.uk
- Phone: +44 1793 939176
- Post: TechLoop, Unit 8, Pembroke Centre, Cheney Manor Industrial Estate, Swindon SN2 2PQ, United Kingdom
Exercising your data rights
To access, correct, or delete your personal data — or to ask any privacy question — contact our data protection lead directly. We respond within 30 days.
- Phone
- +44 1793 939176
- Post
- TechLoop, Unit 8, Pembroke Centre, Cheney Manor Industrial Estate, Swindon SN2 2PQ, United Kingdom
Registered with the ICO (Reg. No: C1903496).