Legal Reference: GPDR-2025-V4

Data Governance & Privacy Charter

Next Loop Ltd is committed to the highest standards of data sovereignty. This charter outlines our statutory obligations as a Data Controller and your rights under the UK General Data Protection Regulation (UK GDPR).

1. Identity of the Data Controller

The organization responsible for the processing of your personal data (The "Data Controller") is:

Legal Entity
Next Loop Ltd
Company Registration
NI730679
Registered Office
Office 117 Forsyth House, Cromac Square, Belfast, BT2 8LA
Jurisdiction
Northern Ireland (United Kingdom)

2. Data Collection Parameters

As a B2B wholesale platform, we collect specific data points necessary for commercial trade compliance, credit assessment, and logistics fulfillment. We do not collect consumer-level behavioral data for third-party advertising.

  • Entity Verification Data: Certificate of incorporation, VAT registration numbers, and Directorship details for AML (Anti-Money Laundering) checks.
  • Commercial Contact Data: Names, business emails, and direct dial numbers of authorized procurement officers.
  • Financial Data: Bank account coordinates for BACS processing and trade reference contact details for credit limit assessment.
  • Logistical Data: Delivery addresses, secure drop codes, and freight forwarder account numbers.

3. Usage Protocols & Legal Basis

We process your data under the following legal bases as defined by GDPR Article 6:

Contractual Necessity

Processing orders, arranging logistics, and managing warranty claims. Without this data, we cannot fulfill our trade agreement.

Legal Obligation

Retaining invoice data for 6 years to satisfy HMRC tax requirements and maintaining WEEE waste transfer notes.

Legitimate Interest

conducting fraud prevention checks and assessing creditworthiness via third-party bureaus.

4. Information Security Infrastructure

We employ enterprise-grade security architecture to protect your commercial secrets. Our platform runs on secure cloud infrastructure with the following measures:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted via TLS 1.3.
  • Encryption at Rest: Sensitive database fields (such as banking coordinates) are AES-256 encrypted.
  • Access Control: Internal access to customer data is strictly tiered based on role necessity (Least Privilege Principle).
  • Data Residency: Principles data is hosted within UK/EU data centers, ensuring compliance with GDPR sovereignty requirements.

5. Your Statutory Rights

Under the Data Protection Act 2018, you possess specific rights regarding your information:

1
Right of Access

You may request a copy of all personal data we hold about you (Subject Access Request).

2
Right to Rectification

You may demand corrections to incomplete or inaccurate data.

3
Right to Erasure ("Right to be Forgotten")

You may ask us to delete your data, provided it is not required for tax/legal retention.

To exercise any of these rights, please contact our Data Protection Office. We aim to respond to all valid requests within 30 days.

Last Updated: December 27, 2025. This policy is subject to annual review.
Next Loop Ltd is registered with the Information Commissioner's Office (ICO).