Back
You might have heard of the term “GDPR” but do you know your privacy rights and how you are protected by law? madelocal respects your privacy. It matters to us that users feel safe and secure in all aspects of interacting with us. In this document we set out how we protect your personal data collected through your use of the web application www.madelocal.app including the use of your data by third parties. Please take the time to read and understand what happens to your personal data. If you have any questions or concerns about madelocal’s Privacy Policy please contact us.
“GDPR” is the UK General Data Protection Regulation; in law the Data Protection Act 2018. It sets out rights for individuals on:
For further information see the Information Commission Officer website https://ico.org.uk
We do not collect any data in the special category under GDPR.
It is important that the personal data we hold about you is accurate and up to date. In accordance with our Terms and conditions you must let us know if your personal data changes by updating your account details on madelocal. If you fail to provide accurate personal data (for example a postcode) you will not be able to buy or sell items on madelocal.
Your personal data is only used for the purposes for which it is collected by madelocal. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. In accordance with our Terms and conditions madelocal reserves the right to update this policy at any time and without notice. However, when we update this document you will be notified the next time you access the site. We record the date of the last update at the beginning of the document.
madelocal is the data controller. madelocal is responsible for your personal data.
madelocal is a limited company registered in England and Wales with company number 13411017. madelocal operates in the United Kingdom.
The registered and postal address of madelocal is Chapel House Ffordd Y Llan Treuddyn Flintshire CH7 4LN. If you have any questions or concerns about madelocal’s Privacy Policy please contact us.
madelocal collects, stores, transfers and uses personal data about you. We have specified the types of personal information here:
The table describes all of the types of personal data that madelocal collects, stores, transfers and uses.
Data | Description | Collection | Storage | Transfer | Use |
---|---|---|---|---|---|
Identity Information | |||||
First Name | Identifies the user. Identifies the user in connection with their orders. |
User dashboard. | On the madelocal server which is protected by a username and password. | This data is not transferred. | Provision of goods and services. |
Last Name | Identifies the user. Identifies the user in connection with their orders. |
User dashboard. | On the madelocal server which is protected by a username and password. | This data is not transferred. | Provision of goods and services. |
Postcode/location | The specific location of the user is not identifiable from their postcode. The postcode is converted to a latitude and longitude to the nearest town. | When a user first enters the site they are prompted to enter their postcode in the search box before viewing items for sale in the Marketplace. The postcode is also collected when a user creates an account. |
Session variable temporarily stored in the server’s /tmp directory until the user closes the browser or after 10 mins of inactivity on the site. When a user creates an account, their postcode is stored on the madelocal server which is protected by a user name and password. |
This data is not transferred. | Provision of goods and services. Necessary for the function of the site. What makes madelocal unique is that it prioritises items for sale based on the proximity to the buyer’s location. |
Profile Information | |||||
Account username/profile name | To protect the privacy of users we ask them to enter a username by which they will appear to others in the community; as a seller, and through the messaging function. | When a user signs up for a madelocal account. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Account set up and administration. Provision of goods and services. |
Account password | User defined password to secure their sign-in details. | When a user signs up for a madelocal account. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Account set up and administration. |
About me | Sellers can create a profile to help other users get to know them. madelocal encourages sellers to share their inspiration to help connect with buyers and bring extra meaning to their purchases. | On madelocal site located in seller’s dashboard. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Account set up and administration. |
Your T&Cs | Sellers can add their own terms and conditions to help build trust and reduce the risk of any unexpected issues. | On madelocal site located in seller’s dashboard. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Account set up and administration. |
Your orders | A record of items bought and sold. | Automatically collected when a transaction is completed by the user. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Account set up and administration. |
Contact Information | |||||
Email address | A valid email address is a requirement to identify buyers and sellers on madelocal and to provide a point of contact for order confirmations. Email address acts as the username for an account. Required for processing payments. |
When a user signs up for a madelocal account. | On the madelocal server which is protected by a user name and password. | It is transferred securely to Stripe through their Application Programming Interface (API) which allows madelocal and Stripe to communicate. | Account set up and administration. Requirement of Stripe to process payments. |
Delivery address | The buyer must disclose the delivery address during the checkout process if they select a delivery option which requires the seller to have an address for the purposes of dispatching the item. | On checkout. | On the madelocal server which is protected by a user name and password. | This data is not transferred. The delivery address can only be viewed by the seller via their orders on the madelocal dashboard. | Provision of goods and services. |
Collection address | The seller must disclose their address if the buyer selects the option which requires the buyer to have the seller's address for the purposes of collecting the item. | When the seller sends the buyer a message containing instructions for collecting their item. | On the madelocal server which is protected by a user name and password. | The seller’s address is transferred via email to the buyer on completion of purchase. | Provision of goods and services. |
Transaction Information | |||||
Items bought/sold | Details of the items including images. | On completion of a transaction madelocal creates a record for the order which include the order ID, user ID, Date and time, status, item details, quantity and amount. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Account administration. Provision of goods and services. |
Payments made by/to you | madelocal holds data about every transaction to ensure that the checkout process is successful. | Stripe provides madelocal with an ID for every payment and charge made. | The ID is stored on the madelocal server which is protected by a user name and password. | It is transferred securely to madelocal from Stripe through their Application Programming Interface (API) which allows madelocal and Stripe to communicate. | Provision of goods and services. Provides a reference should a transaction require further discussion with Stripe. |
User Interaction Information | |||||
Messages | The username, date/time and contents of the message. A record of communication between buyers and sellers using the messaging function on the website. | Automatically collected when a user sends a message. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Provision of goods and services. Messages are only visible to the sender and recipient; not other users of the site. |
Reviews | The username, data/time and contents of the review. Buyers have the option to leave a review about the item they have purchased. | Automatically collected when a user completes the review. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Provision of goods and services. Reviews are visible to all users of the site. |
Marketing Information | |||||
Marketing consent | Record of user opting in/out of email marketing communications from madelocal. | When a user signs up for a madelocal account. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Delivering marketing communication. |
Technical Information | |||||
Session variables | Session variables store the user’s information to be used across the site (such as username). Session variables exist until the user closes the internet browser or signs out of the site. |
Throughout the use of the site. | Stored on the madelocal server temporarily and are deleted when the user closes the browser window, signs out or following a period of 10 minutes inactivity on a page. | This data is not transferred. | Provision of goods and services. Personalisation of content, user experience. |
Cookies | madelocal website uses cookies to record information about the user, such as the pages visted. madelocal also uses Google Analytics and tawk.to in order to provide data on the number of visits made to the website. Google Analytics and tawk.to use cookies. |
As a user navigates between web pages. Google Analytics and tawk.to provide madelocal with JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page. | madelocal does not store cookies. Cookies are placed on the user's device by the user's web browser. Google Analytics and tawk.to store data on their pages which are accessed by madelocal via a secure log on. The Google Analytics and tawk.to JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages and interactions with the website. |
There is no transfer of data from Google Analytics or from tawk.to to madelocal. | Personalisation of content, user experience. Internal research and development purposes. |
Internet Protocol (IP) address | A numerical label assigned to each device connected to a computer network that uses the internet for communication. It allows the host or network interface to identify and locate the device. |
madelocal website does not collect the users IP address but madelocal uses Google Analytics and tawk.to to provide data on the number of visits made to the website. Google Analytics and tawk.to collect IP addresses to provide and protect the security of the service, and to give website owners a sense of which country, state, or city in the world their users come from. |
The data is stored on the respective web pages which are accessed by madelocal via a secure log ons. | There is no transfer of data from Google Analytics or tawk.to to madelocal. | Personalisation of content, user experience. Internal research and development purposes. |
User Information | |||||
User name | The user’s email address is their username. A valid email address is a requirement to identify buyers and sellers on madelocal and to provide a point of contact for order confirmations. |
When a user signs up for a madelocal account. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Account set up and administration. |
Date and time of sign in | Record of the date and time that the user signs in to the website. | Automatically collected when the user signs in. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Personalisation of content, user experience. Internal research and development purposes. |
Page(s) visited | Record of the pages visited by all users whether or not they are signed in. | Automatically collected when the user browses the site. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Personalisation of content, user experience. Internal research and development purposes. |
Item(s) viewed | Record of the itema viewed by the user during a single browsing session. | Automatically collected when the user browses the site. | On the madelocal server which is protected by a user name and password. | This data is not transferred. | Personalisation of content, user experience. Internal research and development purposes. |
Business Information | |||||
Aggregated data | Data of one or more users for the purpose of calculating business information such as the number of users per postcode. | Data from individual users is automatically collected. This data is used for business information and analysis. |
On the madelocal server which is protected by a user name and password. | This data is not transferred. | Internal research and development purposes. |
madelocal uses personal information in order to carry out the following services and business-related activities:
The table above describes all of the types of personal data that madelocal collects, stores, transfers and uses.
Users must agree to our Terms and conditions when they register an account with madelocal. In those Terms and conditions, we stipulate the collection of the following data:
We generate a latitude and longitude for the users' location based on the postcode provided.
Additional information collected about madelocal users includes their acceptance of the Terms and Conditions and the date they registered for an account. Furthermore, to become part of the community users have to create a profile. Users are asked to provide a short statement about themselves. The information provided in the statement is given in the knowledge that this is visible to all users of madelocal.
madelocal uses a third party payment provider called Stripe. Stripe provides an end-to-end payment solution to manage third-party transactions, designed for marketplaces like madelocal. Stripe collects the following personal data as part of the account setup process:
For full details see Stripe's Privacy Policy https://stripe.com/en-gb/privacy
madelocal processes personal data on the following legal grounds:
Data sharing means disclosing your personal data to third parties other than madelocal. It also includes the sharing of personal data between different parts of madelocal or other organisations within the same group or under the same parent company.
madelocal treats personal data confidentially and there are only three occasions when we will share or disclose your data with a third party. These are necessary reasons to provide a service to users of the site and to conduct business operations, as outlined in the purposes for processing:
We may also need to share personal data with professional advisors, for example with solicitors where relevant in the case of a dispute or claim, and where required as part of legal and regulatory compliance.
madelocal stores all data on a secure web server. madelocal is based and operates in the United Kingdom only. Personal data is therefore processed in the users’ home country. Payment data is processed by Stripe. Stripe is a global business and because madelocal is based in the European Economic Area they comply with applicable laws to provide an adequate level of data protection for the transfer of your personal data.
Access to the madelocal web server is restricted by a user name and password which is only known to the relevant members of madelocal staff.
madelocal stores all data on a secure web server. Access to data is restricted by a user name and password. madelocal uses appropriate security measures to:
A requirement of the payment process is the collection of the users’ card details. This data is not stored by madelocal. Card details never pass via the madelocal server. madelocal is strictly not allowed to store card details. It is transferred securely to Stripe through their Application Programming Interface (API) which allows madelocal and Stripe to communicate.
In accordance with our Terms and conditions users accept that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information sent or received via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
madelocal retains your personal data in order to provide you with a record or history of your items sold and purchased. This is considered a legitimate basis for keeping personal data because it is part of the service provided by the site. We also retain your data to satisfy legal, accounting and reporting requirements. For example, details of your orders will be kept for as long as we need to retain the data to comply with our legal and regulatory requirements. This is usually seven years unless the law prescribes a longer period.
To determine the appropriate retention period for personal data, we consider the following factors:
Data is securely disposed of when it is no longer needed by deleting the record from the server.
madelocal respects the right of users to access and control their personal data. We aim to be as transparent as possible about how we collect, store, transfer and use personal data. Under GDPR, individuals have the right to be informed about the collection and use of their personal data, specifically:
For further information see the Information Commission Officer website https://ico.org.uk
Under certain circumstances, madelocal users have the right to:
madelocal users wishing to exercise their rights should contact us. We try to respond to all legitimate requests within one month, however it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated of progress. If your request is accepted then you will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In this case we may refuse to fulfil with your request where we can demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
In order to respond to your request, we may need to confirm your identity as a security measure to ensure that your personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
What makes madelocal unique is that it prioritises items for sale based on the proximity to the user’s location. In order to do this the user must enter their location in the form of their postcode in the search bar at the top of the Home page. The user’s exact location cannot be determined from the postcode. The website converts the postcode into a latitude and longitude, which generates a place name of the nearest town. The user is asked to confirm their location from a drop-down list before clicking the button to “show items”. The items are listed in order of proximity to the postcode, with the closest items listed first. The location of the items is determined by the seller’s location (postcode) which is collected through the account set-up process. The exact location of the seller is only revealed to the buyer via email if the seller agrees to the item being collected from their home or premises.
madelocal uses session variables to store the user’s information (such as username or items recently browsed) to be used across the site to enable personalisation of content and enhance the user’s experience. Session variables are temporarily stored on the madelocal server and are deleted when the user closes the browser window, signs out or following a period of 10 minutes inactivity on a page.
madelocal uses cookies along with tawk.to and Google Analytics to provide data on the number of visits made to the website. Google Analytics and tawk.to use cookies.
In Google Analytics, every user is registered with a unique ID. Google Analytics uses the unique ID to provide madelocal with insight into how many people visit the site and, for example, how many of them return. The unique IDs are considered personal data under GDPR.
Google Analytics is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides website owners JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page.
The Google Analytics JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages/interactions with the website.
Google Analytics also collects Internet Protocol (IP) addresses to provide and protect the security of the service, and to give website owners a sense of which country, state, or city in the world their users come from.
Read the Google Analytics privacy document for more details about the data collected by Google Analytics.
madelocal uses tawk.to in order to monitor and chat with visitors on the website.
Tawk.to uses several types of cookies to track visitors to the website and provide madelocal with usage information. For more information about the use of cookies see What are tawk.to cookies and what do they do?
tawk.to collects non-personally-identifying information of the sort that web browsers, apps and servers typically make available, such as the browser type, language preference, geographical location, referring site, and the date and time of each visitor request. tawk.to’s purpose in collecting non-personally identifying information is to better understand how tawk.to’s visitors use its services, and to provide tawk.to users the ability to understand how their visitors use their services. From time to time, tawk.to may release non-personally-identifying information in the aggregate, e.g. by publishing a report on trends in the usage of its services.
tawk.to also collects potentially personally-identifying information like Internet Protocol (IP) addresses for users that use the services and visitors.
madelocal remains in control of the information and data provided by users of the site. As part of the provision of services, tawk.to processes this data for madelocal, but at no stage of the collection, storage or retrieval of data, will the data belong to any other person except madelocal.
By using tawk.to (the chat function on madelocal), users acknowledge and agree to tawk.to’s collection, usage and disclosure of their personal information as governed by tawk.to's Privacy Policy.
madelocal may include links to other websites and third party content, plug-ins and applications. This does not mean that madelocal endorses the use of these sites. When users click on a link and leave madelocal for another site, we have no control or responsibility for the content or privacy of your data. It is important that you read the Privacy Policy of every website you browse.