top of page
  • X
  • LinkedIn
  • Facebook
  • Instagram

​​

 

PRIVACY POLICY

THE COLLECTIONLAB

​

​

This notice explains how The Collection Lab Ltd (“we”, “us”) processes personal data when you use our website www.thecollectionlab.com and our services. We are a controller under the UK GDPR and the Data Protection Act 2018.

​

Who we are

  • Company: The Collection Lab Ltd

    • Registered address: St.Johns Innovation Centre, Cowley Road, CB4 0WS

  • Email: privacy @ thecollectionlab . com

  • ICO registration: ZB963698

​

What data we collect

  • Website usage

    • IP address

    • Device/browser information

    • Pages visited

    • Cookies (see Cookies section)

  • Contact & enquiries

    • Name

    • Email

    • Message content

  • Account/billing (if applicable)

    • Business contact details

    • Transaction metadata

    • Note: We do not store card data; this is handled by our bank/payment provider.

​

Why we use your data (lawful bases)

  • To provide services and respond to enquiries

    • Legal basis: Contract & Legitimate interests

  • Security and fraud prevention

    • Legal basis: Legitimate interests

  • Marketing

    • Legal basis: Consent (or where permitted by law)

​

Sharing & international transfers

We may share data with trusted service providers, including:

  • Google Workspace

  • Proton

  • DocuSign

  • OpenAI (for business productivity)

  • GitHub

​

Where data is transferred outside the UK:

  • We rely on SCCs/UK Addendum or adequacy decisions.

  • Contracts include appropriate data-protection commitments.

​

How long we keep data

  • Enquiry data: 12–24 months

  • Contractual records: 6 years

  • Data is retained only as long as necessary to fulfil its purpose and comply with legal/financial obligations.

​

Security

We use a layered security approach:

  • Multi-factor authentication (MFA) for admins

  • Device encryption

  • Network firewalls

  • Timely patching (critical fixes within 14 days)

  • Malware protection

  • Our processes are designed to align with ISO/IEC 27001 standards and Zero-trust infrastructure where practical in the context of the service being provided. 

​

Your rights

You can request:

  • Access

  • Correction

  • Deletion

  • Restriction

  • Portability

You can also object to certain processing.

​

Cookies

  • Essential cookies: Used for site operation

  • Optional cookies (analytics/marketing): Only used with your consent via a cookie banner

  • You can change your preferences at any time

​

Children

Our services are intended for business users and are not directed at children.

​

Changes

We may update this notice from time to time.

  • Material changes will be highlighted on this page.

  • ​

Contact: privacy @ thecollectionlab . com

bottom of page