top of page

Privacy & Data Protection Policy

Last updated: September 2025

Global Supply Hub (“we”, “our”, “us”) is committed to protecting the privacy and security of the information we collect, store, and process. This policy sets out how we handle data obtained through our online sales channels, internal systems, and website.

1. Scope

This policy applies to:

  • Orders and customer information received from online marketplaces and sales channels (including but not limited to Amazon, eBay, Shopify, and other platforms where we sell).

  • Data processed by our Order Management System (OMS) and related tools.

  • Information gathered via our website, communications, and support services.

  • Internal processing by our employees, contractors, and systems.

2. Data We Collect

From Marketplaces & Sales Channels

When a customer places an order, we receive information from the platform including:

  • Buyer name

  • Shipping and billing address

  • Contact details (email, phone number if provided for delivery)

  • Order ID, product identifiers (ASIN, SKU, listing ID), quantity, and price

  • Chosen shipping method and tracking references

From Our Website & Communications

  • Contact form submissions (name, email, message)

  • Email communications for support inquiries

  • Technical information such as IP address, browser type, and cookies (see Section 13)

From Internal Operations

  • Employee and contractor access logs

  • System logs necessary for monitoring security and compliance

3. Purposes of Processing

We process data for the following reasons:

  • Order Fulfillment: To allocate stock, prepare shipments, and deliver items to customers.

  • Shipping & Logistics: To purchase shipping labels through marketplace-approved services or integrated carriers.

  • Customer Support: To respond to inquiries and resolve order issues.

  • Compliance: To meet obligations under consumer protection, tax, and trade laws.

  • Audit & Security: To maintain secure systems, detect fraud, and ensure compliance with marketplace rules.

  • Record Keeping: To maintain accurate operational, accounting, and compliance records.

We do not use marketplace order data for marketing or profiling purposes.

4. Data Retention

  • Personally Identifiable Information (PII) from marketplace orders is retained for no longer than 30 days after order fulfillment.

  • After 30 days, PII is permanently deleted or anonymized.

  • Non-identifiable information (e.g., product sales statistics, inventory movement) may be retained longer for business analytics and audit purposes.

  • Encrypted backups follow the same retention rules for PII.

5. Data Sharing

  • We do not sell or rent customer data to third parties.

  • Data is used exclusively for internal processing.

  • We share data only when necessary to:

    • Complete order processing with marketplaces and carriers

    • Comply with legal or regulatory obligations

  • All third-party providers (such as hosting or IT services) are contractually bound to protect data under GDPR/UK DPA standards.

6. Security Controls

We apply layered technical and organizational security measures:

  • Encryption:

    • Data in transit secured via TLS 1.2 or higher.

    • Data at rest secured with AES-256 encryption.

  • Access Controls:

    • Role-based permissions with need-to-know restrictions.

    • Unique credentials for all staff; multi-factor authentication enforced.

  • Monitoring & Logging:

    • All access attempts are logged.

    • Automated alerts for suspicious activity.

  • Incident Response:

    • Dedicated plan covering detection, isolation, remediation, and notification.

    • If a breach occurs, we notify regulators and marketplaces as required by law.

  • Testing & Hardening:

    • Routine vulnerability scans and penetration testing at least every 180 days.

    • Static code and dependency scanning before every release.

    • Environments segregated (development, testing, production).

  • Endpoint & Network Security:

    • Firewalls restrict database and server access.

    • VPN required for administrative systems.

    • External device usage (USBs, personal laptops) blocked for data access.

7. Employee & Organizational Measures

  • All employees undergo data protection and security training.

  • Regular access reviews ensure only active staff with business needs can view sensitive data.

  • Change management procedures control updates to applications and infrastructure.

  • Staff are individually accountable via unique logins; no shared accounts are permitted.

8. Data Backups

  • All backups are encrypted with AES-256.

  • Stored in secure, access-restricted environments.

  • Retained only as long as necessary for disaster recovery, subject to the same 30-day PII deletion rule.

9. Legal Basis for Processing

We process data under the following lawful bases (UK GDPR & Data Protection Act 2018):

  • Contractual necessity: To fulfill customer orders.

  • Legal obligations: To comply with tax, trade, and consumer law.

  • Legitimate interests: To operate secure order management and logistics systems.

10. International Transfers

  • All customer data is stored and processed within the UK or EU.

  • We do not transfer PII outside these jurisdictions unless required by law or via a marketplace integration that itself complies with GDPR safeguards.

11. Customer Rights

If you are a UK or EU resident, you have rights under data protection law:

  • Access: Request a copy of your data.

  • Correction: Fix inaccuracies in your data.

  • Erasure: Request deletion of your data (subject to legal retention requirements).

  • Restriction: Limit how we process your data in certain cases.

  • Objection: Object to processing under legitimate interests.

  • Portability: Request transfer of your data to another provider.

Requests should be directed to our contact details below.

12. Children’s Data

Our services are not directed at children under 18. We do not knowingly collect or store children’s personal data.

13. Cookies & Website Analytics

Our website may use cookies to:

  • Enable core functionality (session management, security).

  • Collect anonymous statistics to improve user experience.

You can control cookie settings through your browser. Cookies do not link to marketplace order data.

14. Third-Party Processors

We may use third-party service providers for:

  • Web hosting

  • Cloud infrastructure

  • Security monitoring

  • Shipping carriers

Each third party is bound by contractual obligations to protect data in line with GDPR/UK DPA standards.

15. Updates to This Policy

We may update this Privacy & Data Protection Policy from time to time to reflect changes in law, marketplace requirements, or our practices. The latest version will always be published on our website.

16. Contact Information

For privacy inquiries, please contact us:

Global Supply Hub
Email: help@globalsupplyhub.co.uk
Post: Unit A3, Windsor Place, Faraday Road, Crawley, West Sussex

Head Office:

Unit A3, Windsor Place

Crawley

West Sussex

RH10 9TF

© 2025 by Global Supply Hub Ltd

Company No: 16114074

VAT Number: 482692260

bottom of page