Privacy Policy
Last updated:
1. Introduction
Hardhat Tradie LTD ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our online marketplace platform (the "Platform").
This Policy applies to all users of the Platform, including students, tradespeople, businesses, and employers within the United Kingdom.
We process personal data in accordance with:
- the UK General Data Protection Regulation ("UK GDPR"); and
- the Data Protection Act 2018.
2. Who Can Use the Platform
The Platform is available to individuals aged 16 years and over.
If you are aged 16 or 17, you confirm that:
- you have the consent of a parent or legal guardian to use the Platform; and
- you have authority to provide and share personal data as part of your use of the Platform.
We do not knowingly permit use of the Platform by individuals under the age of 16.
3. Personal Data We Collect
3.1 Data You Provide Directly
We may collect the following information when you register or use the Platform:
- Name and contact details (such as email address and phone number)
- Business name and business contact information (where applicable)
- Account login details (email address and encrypted password)
- Profile information, including:
- trade or role
- skills, qualifications, experience, and services offered
- work history, portfolio information, and ratings or reviews
- Messages and content submitted through Platform messaging features
- Payment and billing information (processed securely by third-party providers)
3.2 Data from Third Parties
We may receive personal data from trusted third parties, including:
- identity verification and fraud-prevention services
- payment processors and billing providers
- hosting, communication, and technical service providers
- publicly available sources, such as business registries
3.3 Data We Do Not Collect
We do not collect:
- behavioural tracking data
- advertising profiles
- automated decision-making data
- device fingerprinting or intrusive analytics
4. How We Use Your Personal Data
We use personal data only where lawful to do so under UK GDPR.
We collect personal and business data in the following ways:
Data you provide directly
- Contact information such as name, business name and phone number
- Account login details (email and encrypted password)
- Business profile information including services offered, qualifications, work history and ratings
- Payment and billing information (processed securely by third-party providers)
- Messages and content submitted through the platform's communication features
Data from third parties
- Identity verification and fraud-prevention services
- Payment and billing service providers
- Public data sources, including business registries
No automated tracking, analytics, behavioural monitoring or device data is collected by the platform.
2. How We Use Personal Data
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract |
| Operating the Platform and enabling user connections | Legitimate Interest |
| Matching users with opportunities | Legitimate Interest |
| Payment processing and invoicing | Contract |
| Identity verification, fraud prevention, and security | Legal Obligation / Legitimate Interest |
| Service communications and notifications | Contract |
| Marketing communications | Consent |
| Legal and regulatory compliance | Legal Obligation |
5. Marketing Communications
We will only send marketing communications where you have given explicit consent.
You may withdraw consent at any time by:
- updating your account settings; or
- using the unsubscribe link in any marketing message.
Withdrawing consent will not affect service-related or legally required communications.
6. Visibility of User Information
Some information you include in your profile may be visible to other registered users of the Platform. This may include:
- name or business name
- trade, role, skills, qualifications, and services
- ratings, reviews, and work history
- contact details you choose to display
The Platform is designed to enable users to connect directly. While we apply reasonable safeguards, we cannot control how other users use information that you choose to make visible.
By using the Platform, you acknowledge that:
- visible information may be copied, stored, or shared by others outside the Platform; and
- sharing personal or contact information is done at your own risk.
You should not share information you do not wish to be accessible by others.
7. Sharing of Personal Data
We may share personal data with the following categories of recipients:
- other Platform users, where required to facilitate introductions and communication
- third-party service providers (hosting, payments, messaging, verification)
- identity verification and fraud-prevention services
- professional advisers (legal, accounting, compliance)
- law enforcement or regulatory authorities where legally required
We do not sell personal data.
8. International Data Transfers
Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including:
- UK International Data Transfer Agreements; or
- adequacy decisions recognised under UK GDPR.
9. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this Policy or as required by law.
| Data Type | Retention Period |
|---|---|
| Account and profile data | While account is active or after 24 months of inactivity |
| Financial and transaction records | 6 years |
| Marketing consent data | Until consent is withdrawn |
| Support or dispute records | As required to resolve issues or comply with law |
You may request account deletion at any time, subject to legal retention obligations.
10. Your Data Protection Rights
Under UK GDPR, you have the right to:
- access your personal data
- request correction of inaccurate or incomplete data
- request deletion of your data
- restrict or object to certain processing
- request data portability
- withdraw consent where processing is based on consent
- lodge a complaint with the Information Commissioner's Office (ICO)
Requests should be submitted through the Platform's admin messaging system to ensure secure handling.
11. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- encryption
- secure hosting environments
- access controls
- regular monitoring
However, no online platform can be guaranteed to be completely secure. Users are responsible for keeping their login credentials secure.
12. Children and Young Users (16–17)
The Platform permits users aged 16 and over.
If you are aged 16 or 17:
- you confirm you have parental or guardian consent to use the Platform;
- you confirm you are authorised to provide and share personal data; and
- you understand that sharing personal information with other users is at your own risk.
We do not knowingly collect data from individuals under the age of 16.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
The most current version will always be published on the Platform, with the "Last updated" date shown at the top.
Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.
14. Contact Us
All enquiries relating to this Privacy Policy or data protection rights must be submitted via the Platform's admin messaging system to ensure secure and auditable communication.