ScrapBull

Privacy Policy

Last Updated: 28 November 2025

Effective Date: 28 November 2025

1. Introduction

INTERTRADING HOLDING LIMITED ("we", "us", "our", or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [www.scrapbull.com], use our mobile application, or engage with our services (collectively, the "Services").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services. We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting to the Services, and you waive the right to receive specific notice of each such change or modification.

2. Controller and Data Protection Officer

Data Controller

INTERTRADING HOLDING LIMITED
4 Crown Pl, London EC2A 4BT United Kingdom

Email: privacy@scrapbull.com

UK Data Protection Officer (DPO)

Name/Title: Mr O Bondarev
Email: dpo@scrapbull.com
Address: 4 Crown Pl, London EC2A 4BT, United Kingdom

3. Information We Collect

We collect information in the following ways:

3.1 Information You Provide Directly

Account Registration:

  • Name, email address, phone number
  • Business name and registration details (for business accounts)
  • Business address and billing address
  • Payment information (processed through secure third-party payment processors)
  • Company VAT number or tax identification
  • Bank account details (for sellers and payment settlements)

Marketplace Transactions:

  • Details of scrap materials for sale or purchase
  • Quantity, weight, grade, and specification of materials
  • Pricing information and quotations
  • RFQ (Request for Quote) and reverse auction data
  • Communications regarding negotiations and transactions
  • Shipping and logistics information
  • Invoices and payment records

User Communications:

  • Messages sent through our platform
  • Support tickets and customer service inquiries
  • Feedback, reviews, and ratings
  • Testimonials and case studies (if you consent)

Profile Information:

  • Company logo and branding materials
  • Business description and history
  • Certifications and compliance documentation
  • Industry credentials and qualifications
  • Photos and videos of materials (if applicable)

Academy and Educational Content:

  • Course enrollment and completion data
  • Certificates earned
  • Learning progress and quiz results
  • Interaction with educational materials

3.2 Information Collected Automatically

Technical Information:

  • IP address and device identifier
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring/exit pages
  • Cookies and web beacons
  • Server logs
  • Click-stream data

Location Data:

  • Approximate location (derived from IP address)
  • Precise location (only with your explicit consent)
  • Geographic preferences and settings

Behavioral Data:

  • Search queries and filters used
  • Materials viewed and watchlists
  • Platform interaction patterns
  • Feature usage statistics
  • Document uploads and downloads

Device Information:

  • Device type and specifications
  • Mobile app version
  • Crash data and diagnostics
  • Hardware identifiers

3.3 Information from Third Parties

Payment Processors:

  • Transaction verification data
  • Payment status and confirmation

Authentication Services:

  • User authentication data (if using third-party sign-in)
  • Identity verification information

Business Databases:

  • Company registration information (public records)
  • Credit and financial standing data (if applicable)
  • Industry and sector classification

Communication Services:

  • Email delivery service data
  • SMS delivery confirmations

Analytics Providers:

  • Website analytics and usage statistics

Compliance and Verification Services:

  • Background check data (where legally permitted and consented)
  • Sanctions list data
  • AML/KYC verification information

4. Legal Basis for Processing

Under the UK GDPR and EU GDPR, we only process your personal data where we have a lawful basis to do so. The legal bases we rely upon are:

4.1 Performance of Contract

We process your personal data to:

  • Create and manage your account
  • Execute buy/sell transactions on our platform
  • Process payments and settlements
  • Provide customer support
  • Fulfill RFQ and auction services
  • Generate and deliver invoices and documentation
  • Arrange shipping and logistics

Legal Basis: Article 6(1)(b) UK GDPR / GDPR

4.2 Legitimate Interests

We process your personal data for:

  • Fraud prevention and detection
  • Platform security and integrity
  • Improving our Services and user experience
  • Aggregated analytics and business intelligence
  • Marketing (where you have not objected)
  • Compliance with legal obligations
  • Enforcement of our Terms of Service
  • Protection of our legal rights and interests
  • Business continuity and disaster recovery
  • Anti-money laundering (AML) and know-your-customer (KYC) compliance

Legal Basis: Article 6(1)(f) UK GDPR / GDPR

Balancing Test: We have assessed that our legitimate interests do not override your fundamental rights and freedoms, particularly your right to data privacy.

4.3 Legal Obligation

We process your personal data to:

  • Comply with UK tax and accounting regulations
  • Fulfill AML and counter-terrorism financing obligations
  • Respond to legal process (court orders, subpoenas)
  • Fulfill regulatory reporting requirements
  • Comply with environmental and carbon reporting mandates
  • Comply with industry-specific regulations

Legal Basis: Article 6(1)(c) UK GDPR / GDPR

4.4 Consent

Where applicable, we process your personal data based on:

  • Explicit consent for marketing communications
  • Consent to use precise location data
  • Consent to use of cookies and tracking technologies
  • Consent to automated decision-making

Legal Basis: Article 6(1)(a) UK GDPR / GDPR

You may withdraw consent at any time by contacting us at privacy@scrapbull.com.

4.5 Special Category Data

If we process special category data (such as health data related to material safety, or ethnic/national origin for regulatory purposes), we rely on:

  • Explicit consent (Article 9(2)(a))
  • Processing necessary for compliance with employment law (Article 9(2)(b))
  • Processing necessary for substantial public interest reasons (Article 9(2)(e))
  • Processing necessary for legal claims (Article 9(2)(f))

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery

  • Facilitating buy/sell transactions
  • Processing RFQs and reverse auctions
  • Managing pricing calculators and quotations
  • Providing educational academy content
  • Delivering logistics and shipping services
  • Processing payments and settlements
  • Sending transactional emails and confirmations
  • Providing customer support

5.2 Platform Management

  • Verifying user identity and credentials
  • Preventing fraud, abuse, and unauthorized access
  • Detecting and preventing security incidents
  • Managing access controls and permissions
  • Enforcing our Terms of Service and policies
  • Troubleshooting technical issues
  • Maintaining platform stability and performance
  • Conducting backups and system administration

5.3 Business Development

  • Understanding market trends in scrap metal trading
  • Analyzing supply and demand patterns
  • Developing new features and services
  • Improving pricing calculator accuracy
  • Enhancing platform user experience
  • Conducting market research (anonymized/aggregated)

5.4 Legal and Compliance

  • Meeting regulatory and legal obligations
  • AML/KYC compliance and verification
  • Tax and accounting compliance
  • Environmental and carbon reporting
  • Responding to legal requests and investigations
  • Protecting our legal interests and rights

5.5 Marketing and Communication

  • Sending promotional materials (with your consent or legitimate interests basis)
  • Communicating platform updates and feature announcements
  • Conducting surveys and gathering feedback
  • Sending newsletters and industry insights
  • Notifying you of policy changes

5.6 Analytics and Insights

  • Analyzing platform usage and behavior
  • Creating aggregated and anonymized reports
  • Improving search and recommendation algorithms
  • Understanding conversion funnels
  • Measuring campaign effectiveness
  • Training AI models and machine learning systems (anonymized data only)

6. Data Sharing and Third Parties

6.1 Who We Share Data With

Service Providers:

  • Payment processors and financial institutions
  • Email and communication service providers
  • Cloud hosting and storage providers
  • Analytics and data analytics platforms
  • Customer relationship management (CRM) platforms
  • Identity verification and background check providers
  • Logistics and shipping providers
  • Legal and compliance advisors

Buyers and Sellers:

  • In marketplace transactions, we share relevant product information, seller/buyer contact details, and transaction history as necessary to complete transactions
  • Your public profile information is visible to other platform users
  • Communications between buyers and sellers are facilitated through our platform

Business Partners and Integrations:

  • Affiliate partners (where applicable)
  • API integration partners
  • Strategic business partners (with your consent where required)

Legal and Regulatory Authorities:

  • Law enforcement agencies (where legally required)
  • Tax authorities and HMRC
  • Financial regulatory bodies (FCA, Bank of England)
  • Environmental regulators
  • Anti-money laundering/counter-terrorism authorities
  • Court-ordered disclosures and legal process

Data Aggregators and Analytics Providers:

  • Anonymized and aggregated data for market research
  • De-identified data for business intelligence

Corporate Transactions:

  • In the event of merger, acquisition, bankruptcy, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

6.2 Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of third-party sites. We encourage you to review their privacy policies before providing any personal data.

6.3 Data Processors

We have Data Processing Agreements (DPAs) in place with all data processors who access your personal data. These agreements ensure appropriate technical and organizational safeguards are implemented.

ProcessorPurposeJurisdiction & Safeguards
Vercel Inc.Cloud hosting, deployment, serverless functions, and static site hostingUSA - Transfers protected via Standard Contractual Clauses (SCCs) and Data Privacy Framework compliance. Vercel maintains high security certifications (SOC 2 Type II).
Stripe Payments Europe LtdPayment processing, transactions, payouts, subscription management, and fraud preventionIreland (EU) - EU-regulated entity under PSD2. Stripe maintains GDPR compliance via Data Processing Agreement. Transfers of non-EU data protected via SCCs and Data Privacy Framework.
ResendTransactional email and marketing email delivery (notifications, confirmations, alerts)USA (Primary) / EU (Ireland - eu-west-1) - Resend allows multi-region email sending. EU region (eu-west-1) available for GDPR compliance. All customer data retained in USA with SCCs for transfers.
Convex.devReal-time database, API functions, transaction processing, and backend logic executionUSA (Cloud-hosted) - Convex cloud deployment with global edge infrastructure. Data transfers protected via SCCs. Self-hosting option available for customers requiring EU residency.
Google AnalyticsWebsite analytics, user behavior tracking, aggregate traffic patterns, and conversion measurementUSA - Google Analytics 4 with Data Processing Agreement. Configured with IP anonymization enabled. Data transfers protected via SCCs and Data Privacy Framework compliance.
PostHogProduct analytics, feature usage, funnel analysis, and user behavior insights (alternative to/alongside Google Analytics)USA - PostHog provides Data Processing Agreement and GDPR compliance. EU cloud option available. Transfers protected via SCCs.

Data Transfer Mechanisms:

  • Standard Contractual Clauses (SCCs) - approved transfer mechanism under UK GDPR and GDPR
  • Data Privacy Framework (DPF) - US companies certified under EU-U.S. and UK Extension DPF
  • EU Adequacy Decisions - applicable for EU-based processors
  • Supplementary Technical Safeguards - encryption in transit and at rest for all transfers

7. International Data Transfers

7.1 Transfers Outside the UK/EU

Where we transfer your personal data outside the UK and European Economic Area (EEA), we ensure appropriate safeguards are in place:

Transfer Mechanisms:

  • Standard Contractual Clauses (SCCs) - approved transfer mechanism under UK GDPR and GDPR
  • Adequacy decisions - where UK/EU have determined the destination country has adequate privacy protections
  • Binding Corporate Rules (BCRs) - for transfers within our corporate group
  • Your explicit consent - in other circumstances

Recipient Countries:

  • [List countries where data is transferred to]

Safeguards:

  • Contractual safeguards in Data Processing Agreements
  • Technical encryption and security measures
  • Regular compliance audits and assessments

7.2 Transfers to the United States

If we transfer data to US-based processors, we use Standard Contractual Clauses and may supplement these with additional technical and organizational safeguards to address risks identified in the Schrems II ruling.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

8.1 Retention Periods by Data Category

Data CategoryRetention PeriodJustification
Account InformationDuration of account + 3 yearsLegal/tax obligations
Transaction Records7 yearsUK tax and accounting records requirements
Payment Data3 yearsPayment dispute resolution
Communications3 yearsLegal claims and compliance
Marketing Consent Records3 years after last consentPECR and marketing compliance
Support Tickets3 yearsLegal claims and customer service
Academy/CertificatesDuration of account + 1 yearEducational records
Location Data1 yearFraud prevention and analytics
Cookie Data1 year (or session)Technical and analytics purposes
Log Files6-12 monthsSecurity and system administration
Aggregated/Anonymized DataIndefiniteNo personal data after anonymization
IP Addresses6 monthsTechnical troubleshooting and security
AML/KYC Records7 yearsLegal and regulatory obligations

8.2 Exception for Legal Claims

If personal data is subject to legal proceedings or investigations, we may retain it for the duration of such proceedings plus 3 additional years.

8.3 Data Deletion

Upon expiry of retention periods, we securely delete or anonymize your personal data. If you request deletion, we will comply with your request subject to legal retention obligations.

9. Your Privacy Rights

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Subject Access Request)

You have the right to request and receive a copy of your personal data held by us, including:

  • The purpose of processing
  • Categories of data held
  • Recipients of your data
  • Retention periods

How to Exercise: Submit a written request to privacy@scrapbull.com with the subject line "Subject Access Request"

Timeline: 30 calendar days from receipt of a clear and complete request

Cost: Free (unless requests are manifestly unfounded, repetitive, or excessive)

9.2 Right to Rectification

You have the right to request that we correct inaccurate or incomplete personal data. You can also request we update or supplement information.

How to Exercise: Send a request to privacy@scrapbull.com with:

  • Specific data to be corrected
  • Corrected information
  • Supporting evidence (if applicable)

Timeline: 30 calendar days for consideration

9.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances:

  • Data is no longer necessary for the purposes collected
  • You withdraw consent (where consent is the legal basis)
  • You object to processing and we have no overriding legitimate interest
  • Data was processed unlawfully
  • Legal or regulatory obligation requires deletion

Exceptions: We may not delete data if:

  • Necessary to fulfill a contract
  • Required by law or regulatory obligation
  • Necessary for legal claims or defense
  • Necessary for fraud prevention
  • Public interest reasons apply

How to Exercise: Submit a deletion request to privacy@scrapbull.com with "Erasure Request" in the subject line

9.4 Right to Restrict Processing

You may request we suspend processing of your personal data in specific circumstances:

  • You contest the accuracy of data
  • Processing is unlawful but you prefer restriction to deletion
  • Data is no longer necessary but you require it for legal claims
  • You have objected to processing pending verification of legitimate interest

How to Exercise: Contact privacy@scrapbull.com with "Restrict Processing Request"

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly-used, machine-readable format and have it transmitted to another organization. This applies where:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

How to Exercise: Request data portability from privacy@scrapbull.com

Format: Data will be provided in CSV or JSON format

9.6 Right to Object

You have the right to object to processing of your personal data:

  • Marketing: Object to marketing communications at any time (one-click unsubscribe)
  • Legitimate Interests: Object to processing based on our legitimate interests
  • Direct Marketing: Object to direct marketing communications
  • Profiling: Object to automated decision-making and profiling with legal effects

How to Exercise: Contact privacy@scrapbull.com or use unsubscribe links in marketing communications

9.7 Right to Withdraw Consent

If processing is based on your consent, you may withdraw that consent at any time by:

  • Contacting privacy@scrapbull.com
  • Adjusting account settings
  • Using opt-out mechanisms in emails or our platform

Effect: Withdrawal does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

Under the Data (Use and Access) Act 2025, you have the right to lodge a complaint directly with us:

Our Internal Complaint Mechanism:

  • Email: privacy@scrapbull.com with "Complaint" in subject line
  • Response Time: We will acknowledge and respond to complaints within 30 calendar days

Supervisory Authorities:

You also have the right to lodge a complaint with:

UK - Information Commissioner's Office (ICO):

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Website: https://www.ico.org.uk
  • Phone: 0303 123 1113

EU/EEA - Relevant Data Protection Authority:

9.9 Right to Automated Decision-Making

Under the UK GDPR and EU GDPR, you have rights regarding automated decision-making and profiling that has legal or similarly significant effects on you.

Your Rights:

  • Right to meaningful human review
  • Right to contest automated decisions
  • Right to express your views and have them considered
  • Right to know the logic and significance of automated processing

Applicable Processing:

  • Automated account approval/rejection
  • Automated suspension or restricted access
  • Automated pricing or quotation decisions
  • Fraud detection flags

How to Exercise: Contact privacy@scrapbull.com to request human review of any automated decision

10. Cookies and Tracking Technologies

10.1 Cookies Policy

We use cookies and similar tracking technologies to:

  • Remember user preferences and login information
  • Measure website analytics
  • Deliver personalized content
  • Prevent fraud and maintain security
  • Optimize our Services

10.2 Types of Cookies

Essential/Functional Cookies (no consent required under 2025 DUAA):

  • Session management
  • Security and fraud detection
  • Site optimization and functionality
  • Analytics for service improvement

Preference Cookies:

  • Language and timezone preferences
  • Dark mode settings
  • Accessibility preferences

Marketing Cookies (opt-in consent required):

  • Advertising and retargeting
  • Social media integration
  • Campaign tracking
  • Behavior-based recommendations

Third-Party Cookies:

  • Analytics providers (Google Analytics)
  • Payment processors
  • Advertising networks
  • Social media platforms

10.3 Cookie Consent

Default Position (Updated 2025 DUAA): Functional cookies are enabled by default with clear information provided. Marketing cookies require opt-in consent.

Manage Cookies:

  • Use cookie banner on website
  • Adjust settings in account preferences
  • Browser privacy settings
  • Withdraw consent at any time

10.4 Do Not Track (DNT)

We honor Do Not Track signals where technically feasible. However, most browsers' DNT implementation is incomplete or non-standard.

11. Security Measures

We implement comprehensive technical and organizational security measures to protect your personal data:

11.1 Technical Safeguards

  • Encryption: TLS/SSL encryption for data in transit
  • Data Encryption: AES-256 encryption for sensitive data at rest
  • Access Controls: Role-based access control (RBAC)
  • Authentication: Multi-factor authentication (MFA) for sensitive accounts
  • Firewalls: Enterprise-grade firewalls and intrusion detection
  • Database Security: Database-level encryption and access logging
  • API Security: OAuth 2.0 and API key management
  • Backup: Regular encrypted backups with disaster recovery protocols
  • Monitoring: 24/7 security monitoring and incident response
  • Vulnerability Testing: Regular penetration testing and vulnerability scanning

11.2 Organizational Safeguards

  • Access Limitation: Data access restricted to authorized personnel only
  • Staff Training: Regular data protection and security training
  • Background Checks: Security clearance for privileged access staff
  • Data Protection Impact Assessments (DPIA): Conducted for high-risk processing
  • Incident Response Plan: Documented procedures for data breaches
  • Third-Party Audits: Annual security audits by independent parties
  • Data Minimization: We collect only necessary data
  • Data Protection by Design: Privacy considerations in all system design

11.3 Data Breach Response

In the event of a confirmed data breach that compromises personal data security:

For UK Data:

  • Notify affected individuals without undue delay (generally within 72 hours)
  • Notify the ICO within 72 hours (where required)
  • Provide breach details, potential impact, and remedial actions
  • Special notification for high-risk breaches

For EU Data:

  • Notify affected individuals without undue delay
  • Notify relevant DPA within 72 hours of becoming aware
  • Follow equivalent notification procedures

Breach Documentation:

  • Document nature, scope, and consequences
  • Record remedial actions taken
  • Maintain incident records for 3 years

11.4 Limitations

While we implement reasonable security measures, no internet-based service is 100% secure. We cannot guarantee absolute security against sophisticated attacks or insider threats.

12. Children's Privacy

12.1 Age Restrictions

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that a child has provided us with personal data, we will delete such information without undue delay.

12.2 Parental Contact

If you are a parent or guardian and believe your child has provided personal data to us:

  • Contact us immediately at privacy@scrapbull.com
  • Provide child's email/account details
  • We will delete the account and associated data

12.3 Special Safeguards for Under-18s

Per Data (Use and Access) Act 2025, we specifically consider children's needs when designing our information society services:

  • Age-appropriate privacy controls
  • Clear, accessible privacy information
  • Limitations on marketing to minors
  • Restricted automated decision-making affecting minors

13. Automated Decision-Making and Profiling

13.1 Automated Decisions

We use automated decision-making in the following scenarios:

Account Approval/Restrictions:

  • Fraud detection and account suspension
  • Platform eligibility verification
  • Access level determination

Pricing and Quotations:

  • Automated pricing calculator decisions
  • Dynamic pricing based on material specifications
  • Market-based quotation generation

Auction Systems:

  • Automated bid processing
  • Automated reserve price validation

13.2 Profiling

We engage in limited profiling for:

  • Personalized content recommendations
  • Search result optimization
  • Relevant opportunity matching (buyer/seller)

13.3 Your Rights

You have the right to:

  • Request human review of automated decisions affecting you significantly
  • Contest an automated decision
  • Obtain an explanation of the logic, significance, and consequences
  • Request meaningful human involvement in the decision process

How to Request Review:

  • Email privacy@scrapbull.com with "Request for Human Review"
  • Include the specific decision you wish to appeal
  • Provide supporting information or context

Timeline: We will review and respond within 30 calendar days

13.4 Exceptions

Automated decision-making without human review is permitted where:

  • Necessary for contract performance (with appropriate safeguards)
  • Authorized by law
  • You have given explicit consent

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of personal information (with exceptions)
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Limit: Limit our use of sensitive personal information
  • Right to Appeal: Appeal our decision regarding your privacy rights

How to Exercise CCPA Rights: Contact privacy@scrapbull.com with "CCPA Request" in subject line

Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

15. Other Jurisdictions

Depending on your location and applicable laws, you may have additional privacy rights including:

  • Canadian PIPEDA: Residents of Canada
  • Australian Privacy Act: Australian residents
  • Singapore PDPA: Singapore residents
  • Other jurisdiction-specific regulations

Contact privacy@scrapbull.com for information about your specific jurisdiction.

16. Legitimate Interests Assessment

We have conducted assessments to ensure our legitimate interests do not override your fundamental rights. Below is a summary:

Processing ActivityLegitimate InterestRights AssessmentConclusion
Fraud PreventionProtecting platform integrity and preventing financial lossInterest in security outweighs minor privacy intrusionPermitted with safeguards
Platform AnalyticsImproving user experience and service optimizationNon-intrusive, anonymized, proportionatePermitted
MarketingBusiness development and customer engagementOutweighed by recipient privacy rights if objectedPermitted with opt-out
Legal ClaimsProtecting our legal interestsNecessary for dispute resolutionPermitted

17. Contact Us

17.1 General Privacy Inquiries

Email: privacy@scrapbull.com

Mailing Address:
INTERTRADING HOLDING LIMITED
4 Crown Pl, London EC2A 4BT
United Kingdom

Phone: [Phone Number]

Response Time: We respond to privacy inquiries within 5-10 business days

17.2 Data Protection Officer

Email: dpo@scrapbull.com

Mailing Address:
INTERTRADING HOLDING LIMITED - DPO
4 Crown Pl, London EC2A 4BT
United Kingdom

18. Policy Changes and Updates

18.1 Modifications

We may update this Privacy Policy periodically to reflect:

  • Changes in our data processing practices
  • New technology or security measures
  • Legal or regulatory changes
  • User feedback and requests

18.2 Notification

  • Minor Changes: Updated with new "Last Updated" date
  • Significant Changes: Notification via email, banner notice, or other prominent method
  • Material Changes: Require renewed consent if required by law

18.3 Previous Versions

Previous versions of this Privacy Policy are available upon request from privacy@scrapbull.com

19. Definitions

Personal Data: Any information relating to an identified or identifiable natural person

Processing: Any operation performed on personal data (collection, storage, use, sharing, deletion)

Data Controller: The organization determining the purposes and means of processing (INTERTRADING HOLDING LIMITED)

Data Processor: Organization processing data on behalf of the controller

Data Subject: The individual whose personal data is being processed

Supervisory Authority: Independent public authority (e.g., ICO in UK, national DPA in EU)

Special Category Data: Personal data revealing racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life data

Legitimate Interests: Balanced interests of the organization that don't override individual privacy rights

Lawful Basis: Legal justification for processing personal data under GDPR

20. Acknowledgments

This Privacy Policy complies with:

  • ✓ UK GDPR (retained EU GDPR post-Brexit)
  • ✓ Data Protection Act 2018
  • ✓ Data (Use and Access) Act 2025
  • ✓ PECR (Privacy and Electronic Communications Regulations)
  • ✓ ICO Guidance and Recommendations
  • ✓ EU GDPR (Article 13/14 requirements)
  • ✓ International data transfer safeguards
  • ✓ Emerging regulations and best practices

Version: 1.0
Effective Date: 28 November 2025
Last Review Date: 28 November 2025
Next Review Date: 28 November 2026

This Privacy Policy is provided in English. For translations into other languages, please contact privacy@scrapbull.com. In the event of conflicting interpretations, the English version prevails.

Cookie Notice

We use cookies to enhance your browsing experience.