Privacy Policy

1. Introduction

PYCO RENEW LTD ("we", "our", "us") is committed to protecting the privacy and security of your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our auction platform and related services.

We are registered with the Information Commissioner's Office (ICO) under registration number ZA123456 and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Information you provide directly:

• Full name and contact details (email address, phone number)
• Company name and business details
• Auction preferences and category interests
• Bidding history and transaction records
• Communications with our team

Information collected automatically:

• IP address and browser user agent
• Device type and operating system
• Pages visited and interaction data
• Cookies and similar technologies (see Section 9)
• Bid timestamps and activity logs

3. How We Use Your Information

We use your personal data for the following purposes:

• To provide and manage our auction services, including processing bids and notifications
• To send you auction alerts, bid confirmations, and outbid notifications
• To communicate about new lots matching your category preferences
• To process transactions and manage your account
• To improve our platform and services
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal and regulatory obligations

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the UK GDPR:

• Consent: When you register and provide your contact details and category preferences, you consent to receiving auction-related communications.
• Contractual necessity: Processing required to fulfil our obligations when you participate in auctions (bid processing, transaction management).
• Legitimate interests: Platform security, fraud prevention, service improvement, and business operations.
• Legal obligation: Where we are required to process data by law, such as financial record keeping.

5. Data Sharing

We do not sell your personal data to third parties. We may share your information with:

• Email service providers: To send auction notifications and transactional emails (e.g., MailerSend)
• Hosting providers: For secure storage and processing of data
• Legal and regulatory bodies: When required by law or to protect our legal rights
• Professional advisors: Accountants, auditors, and legal counsel where necessary

All third-party processors are contractually bound to handle your data in accordance with UK GDPR requirements.

6. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: Request limitation on how we use your data
• Right to data portability: Request your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests or direct marketing
• Right to withdraw consent: Withdraw consent at any time by using the unsubscribe link in our emails

To exercise any of these rights, please contact us at privacy@pycorenew.com. We will respond within 30 days.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy:

• Active accounts: Data is retained for the duration of your account plus 2 years after last activity
• Bid and transaction records: Retained for 7 years to meet financial and legal obligations
• Unsubscribed users: Core records retained for 12 months, then securely deleted
• Security logs: IP addresses and access logs retained for 6 months

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (TLS/SSL) and at rest
• Tokenised access to buyer accounts (no passwords required)
• Rate limiting and IP-based abuse prevention
• Regular security assessments and vulnerability testing
• Access controls limiting data access to authorised personnel only
• Secure data destruction procedures for IT assets we process

9. Cookies

Our platform uses the following cookies:

• Essential cookies: Required for the platform to function (session management, CSRF protection)
• Preference cookies: To remember your cookie consent choice

We do not use tracking cookies, advertising cookies, or analytics cookies that track individual users. You can manage cookie preferences through your browser settings.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify registered buyers of significant changes via email. The "Last updated" date at the top of this policy indicates when it was last revised.