Data Processing Policy

Customer Data Processing Policy

Primal Space is committed to ensuring the protection and privacy of our customers. This Data Processing Policy outlines our approach to collecting, storing, processing, and sharing data in compliance with applicable data protection laws and GDPR compliance.

Information Collected

We will collect and process the following data:

  • Information you give us: This is information about you that you give us by filling in forms on our site or by corresponding with us by phone or email. This may include your name, address, email address, password, job title, phone number, and financial information.
  • Information we collect from your use of our site: Upon each visit to our site we will automatically collect the following information including, technical information, such as the IP address, where you connected to our service, your Internet service provider, and what type of device you are using and personal information you disclose when using our live chat on our website
  • Information we collect throughout our relationship: This is information relating to the provision of our products and services
  • Information we collect when you call us: If you call us we will automatically collect the following information including, the phone number used to call us and any personal data disclosed on the call.
  • Information we receive from other sources: These may include marketing list providers, social media and business partners, subsidiaries, suppliers and sub-contractors
  • Providing us with your details online: This is information you may choose to provide us with using the contact page or requirements page on our site. Including your name, telephone number and email address. Please let us know if any of this information changes so we can keep our records up to date.

Why Collect Information?

We process personal information for the following reasons:

  • According to our contract:
    • process information at your request to take steps to enter into a contract
    • provide you with our products and services
    • process payments
    • make deliveries
    • maintain business and service continuity
    • send service communications (by email, post or, if the circumstances require it, by phone) so that you receive a full and functional service and so we can perform our obligations to you, including notifications about changes to our service
    • record information to facilitate your rights under guarantee.
  • Based on your consent:
    • where we rely on your consent for processing this will be brought to your attention when the information is collected from you, including using biometric information
    • we will only contact you with direct marketing communications if you consent to us doing so and you have the right to withdraw consent at any time (see the What are your rights? section below for more information)
  • In our legitimate interests of providing the best service and improving and growing our business, we will process information to:
    • provide you with a personalised service
    • improve our products and services
    • keep our site and systems safe and secure
    • understand our customer base and purchasing trends
    • defend against or exercise legal claims and investigate complaints
    • understand the effectiveness of our marketing

    We will carry out analytics to improve our products and services and store personal information for diagnostic purposes as set out above. You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.

  • To comply with legal requirements relating to:
    • the provision of products and services
    • data protection
    • health and safety
    • anti-money laundering
    • fraud investigations
    • assisting law enforcement
    • any other legal obligations placed on us from time to time

How Long is Information Held?

We will keep information about you for a maximum of 7 years after the end of our relationship with you unless obligations to our regulators require otherwise or we are required to remove such data from our records.

Who Might We Share Your Information With?

We will share your personal information with any member of our group, which means our subsidiaries and the following categories of third parties, some of whom we appoint to provide services, including:

  • business partners, subsidiaries, suppliers and sub-contractors for the performance of any contract we enter into with you
  • analytics and search engine providers that assist us in the improvement and optimisation of our site
  • auditors
  • on call engineers in the case of service issues or faults
  • marketing support providers, social media marketing suppliers
  • customer survey providers in order to receive feedback and improve our services

Additionally, we will disclose your personal information to the relevant third party:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets
  • if we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our customers, our regulator, or others (this includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction)

How is Your Data Stored and Kept Secure?

At Primal Space, we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers.

We may transfer your data outside the European Economic Area (“EEA“). We will only do so if adequate protection measures are in place in compliance with data protection legislation. We use the following protection measures:

  • transferring to Commission approved countries
  • using Commission approved model contractual clauses
  • requiring companies we transfer data to in USA to be signed up to certification e.g. Privacy Shield for US

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. More information is available by contacting us.

What Are Your Rights?

Where the processing of your personal data is based on consent, you can withdraw that consent at any time.

You have the following rights. You can exercise these rights at any time by contacting us at [email protected] You have the right:

  • to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes
  • to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing
  • to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest
  • to request from us access to personal information held about you
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete
  • to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services
  • to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing)
  • to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract

Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us using the contact details above. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time. The ICO’s contact details are available here:

Changes & Updates

This policy will be updated at least once per year, or as required when immediate policy changes are implemented in accordance with our terms & conditions.  The most recent version of our Data Processing Policy is always available at

For any enquiries regarding our Data Processing Policy, please contact us.