top of page
  • X
  • LinkedIn
  • Facebook
  • Instagram

 

PRIVACY POLICY

THE COLLECTIONLAB

This notice explains how The Collection Lab Ltd (“we”, “us”) processes personal data when you use our website www.thecollectionlab.com and our services. We are a controller under the UK GDPR and the Data Protection Act 2018.

Who we are

  • Company: The Collection Lab Ltd

    • Registered address: St.Johns Innovation Centre, Cowley Road, CB4 0WS

  • Email: privacy @ thecollectionlab . com

  • ICO registration: ZB963698

What data we collect

  • Website usage

    • IP address

    • Device/browser information

    • Pages visited

    • Cookies (see Cookies section)

  • Contact & enquiries

    • Name

    • Email

    • Message content

  • Account/billing (if applicable)

    • Business contact details

    • Transaction metadata

    • Note: We do not store card data; this is handled by our bank/payment provider.

Why we use your data (lawful bases)

  • To provide services and respond to enquiries

    • Legal basis: Contract & Legitimate interests

  • Security and fraud prevention

    • Legal basis: Legitimate interests

  • Marketing

    • Legal basis: Consent (or where permitted by law)

Sharing & international transfers

We may share data with trusted service providers, including:

  • Google Workspace

  • Proton

  • DocuSign

  • OpenAI (for business productivity)

  • GitHub

Where data is transferred outside the UK:

  • We rely on SCCs/UK Addendum or adequacy decisions.

  • Contracts include appropriate data-protection commitments.

How long we keep data

  • Enquiry data: 12–24 months

  • Contractual records: 6 years

  • Data is retained only as long as necessary to fulfil its purpose and comply with legal/financial obligations.

Security

We use a layered security approach:

  • Multi-factor authentication (MFA) for admins

  • Device encryption

  • Network firewalls

  • Timely patching (critical fixes within 14 days)

  • Malware protection

  • Our processes are designed to align with ISO/IEC 27001 standards and Zero-trust infrastructure where practical in the context of the service being provided. 

Your rights

You can request:

  • Access

  • Correction

  • Deletion

  • Restriction

  • Portability

You can also object to certain processing.

Cookies

  • Essential cookies: Used for site operation

  • Optional cookies (analytics/marketing): Only used with your consent via a cookie banner

  • You can change your preferences at any time

Children

Our services are intended for business users and are not directed at children.

Changes

We may update this notice from time to time.

  • Material changes will be highlighted on this page.

Contact: privacy @ thecollectionlab . com

bottom of page