Privacy Policy

Welcome to AI Merchant ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or make purchases from us. We are registered in England and Wales and operate as a supplier of building materials and trade supplies. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection laws. By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

We use the information we collect for the following purposes: **To Provide Our Services:** • Process and fulfil your orders • Manage your account and trade credit facilities • Communicate about orders, deliveries, and account matters • Provide customer support and respond to enquiries **To Improve Our Business:** • Analyse usage patterns to enhance our website and services • Develop new products and features • Conduct market research and customer surveys **For Marketing (with your consent):** • Send promotional emails about products, offers, and services • Display personalised advertisements • Inform you about trade events and industry news **For Legal and Security Purposes:** • Comply with legal obligations and regulations • Prevent fraud and unauthorised transactions • Enforce our terms of service • Protect the rights and safety of our users

Under UK GDPR, we process your personal data based on the following legal grounds: **Contract Performance:** Processing necessary to fulfil orders and provide our services to you. **Legitimate Interests:** Processing for our legitimate business interests, such as improving our services, preventing fraud, and marketing to existing customers (with an easy opt-out). **Legal Obligation:** Processing required to comply with tax, accounting, and other legal requirements. **Consent:** Where you have given explicit consent, such as for marketing communications or non-essential cookies. You may withdraw consent at any time.

We may share your personal information with: **Service Providers:** Third parties who help us operate our business, including: • Payment processors (Stripe, PayPal) • Delivery and logistics partners • Email and communication platforms • Cloud hosting and infrastructure providers • Analytics and marketing tools **Business Partners:** Suppliers and manufacturers who may fulfil part of your order directly. **Professional Advisers:** Accountants, lawyers, and auditors as required for business operations. **Legal Requirements:** Government authorities, law enforcement, or other parties when required by law or to protect our legal rights. **Business Transfers:** In connection with any merger, sale, or transfer of business assets. We require all third parties to respect the security of your data and process it in accordance with applicable law. We do not sell your personal information to third parties for their marketing purposes.

Your information may be transferred to and processed in countries outside the UK or European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including: • Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) • Transfers to countries with an adequacy decision • Binding Corporate Rules where applicable You can request more information about these safeguards by contacting us.

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including: • **Account information:** For the duration of your account plus 7 years for tax and legal compliance • **Order history:** 7 years from the date of transaction (legal requirement) • **Marketing preferences:** Until you unsubscribe or request deletion • **Website analytics:** Typically 26 months After the retention period, we securely delete or anonymise your data.

Under UK data protection law, you have the following rights: **Right of Access:** Request a copy of the personal information we hold about you. **Right to Rectification:** Request correction of inaccurate or incomplete information. **Right to Erasure:** Request deletion of your personal information (subject to legal retention requirements). **Right to Restrict Processing:** Request limitation of how we use your data. **Right to Data Portability:** Receive your data in a structured, machine-readable format. **Right to Object:** Object to processing based on legitimate interests or for direct marketing. **Rights Related to Automated Decision-Making:** Not be subject to decisions based solely on automated processing that significantly affect you. To exercise any of these rights, please contact us using the details below. We will respond within one month of receiving your request. There is no fee for most requests, but we may charge a reasonable fee for repetitive or unfounded requests.

We use cookies and similar technologies to enhance your experience on our website. **Essential Cookies:** Required for the website to function (e.g., shopping basket, authentication). **Functional Cookies:** Remember your preferences and settings. **Analytics Cookies:** Help us understand how visitors use our site (e.g., Google Analytics). **Marketing Cookies:** Used to deliver relevant advertisements and track campaign performance. You can manage your cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect website functionality. For more information, please see our detailed Cookie Policy.

We implement appropriate technical and organisational measures to protect your personal information, including: • Encryption of data in transit (TLS/SSL) and at rest • Secure payment processing through PCI-DSS compliant providers • Access controls and authentication systems • Regular security assessments and monitoring • Staff training on data protection • Incident response procedures While we strive to protect your personal information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to notifying you and relevant authorities of any data breach as required by law.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

Our website may contain links to third-party websites, such as suppliers, payment providers, or social media platforms. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by: • Posting the updated policy on our website with a new "Last Updated" date • Sending an email notification to account holders (for significant changes) We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us: **AI Merchant** Email: privacy@aimerchant.co.uk Phone: Contact us during business hours Address: United Kingdom You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: **Information Commissioner's Office** Website: www.ico.org.uk Telephone: 0303 123 1113