top of page

Privacy Policy

A legal disclaimer

Last updated: 3rd February 2026


1) Who we are
This Privacy Notice is issued by The Ministry Group Elevation Ltd trading as Retail Spotter Solutions (“RSS”). We are the data controller for the personal data described in this notice.
Legal entity: The Ministry Group Elevation Ltd (trading as Retail Spotter Solutions “RSS”)


Company number: 16273971


Registered office / address: 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE


Email: retailspottersolutions@gmail.com


Website: retailspottersolutions.com


2) What this notice covers
This notice explains how we collect and use personal data when you:
enquire about RSS, onboard as a brand/customer (“Brand”), or communicate with us;
are a merchant or merchant contact engaged through RSS (“Merchant”);
use our website or forms; and/or
receive communications from us (including service updates and marketing).


This service is business-to-business (B2B) and not aimed at children.
3) Personal data we collect
We may collect and use:
A) Brand contact and onboarding data
name, job title, business name, business email, phone number, business address;
onboarding information you provide (e.g., product info, pricing info, delivery expectations, brand notes);
communications (emails, WhatsApp messages, form submissions, call notes).


B) Merchant contact and outreach data
merchant business name, address, business contact names and details;
outreach notes and outcomes (e.g., contacted, interested, sample requested, declined).


C) Transaction and payment administration data
order/payment references, amounts, dates, payout references, commission calculations;
refunds, chargebacks, dispute information.
(We do not store full card details; those are handled by the payment provider.)


D) Website and technical data
IP address, device/browser data, logs for security and troubleshooting.
(If cookies/analytics are used, we will provide a separate cookie notice/controls.)


E) Call recording data (only if we implement it)
audio recordings and/or transcripts of sales/support calls.


4) How we collect personal data
We collect personal data from:
you (forms, emails, calls, messages, onboarding);
merchants/brands/third parties where needed to deliver the service (business contact data);
service providers that support transactions and communications.


5) How we use personal data and our lawful bases
We use personal data for the purposes below. We always rely on a lawful basis under UK GDPR.
A) Delivering the service and managing the relationship
onboarding, introductions, communications, reporting, support, and service administration.
Lawful basis: contract (performance of a contract / steps to enter into a contract).


B) Running and protecting the business
internal administration, record-keeping, quality control, training, security, fraud prevention, and dispute handling.
Lawful basis: legitimate interests (running and protecting our business, and operating a B2B marketplace/service).


C) Legal and regulatory obligations
accounting/tax records, handling lawful requests, compliance.
Lawful basis: legal obligation.


D) Marketing and service updates (Brands and Merchants)
We may send promotional messages about RSS (and service updates) to:
Brand contacts; and/or
Merchant contacts.
PECR position (important):
For corporate subscribers (e.g., limited companies, LLPs), PECR consent is not required for electronic mail marketing, but you must still provide opt-out and comply with UK GDPR fairness/transparency.


For individual subscribers (e.g., sole traders and some partnerships), marketing by “electronic mail” generally requires consent, unless the “soft opt-in” applies (where applicable).


“Electronic mail” includes emails, texts, and similar stored electronic messages (which can include direct messages).


Opt-out: you can object to marketing at any time, and we will stop.


6) Call recording (kept open, but controlled)
We do not record calls as a standard practice. However, we may record sales and/or support calls in future for:
training and quality assurance;
evidencing what was agreed; and/or
preventing or resolving disputes.
If we record a call, we will tell you at the start of the call and explain how to opt out or use an alternative channel (e.g., email).
Lawful basis: legitimate interests (quality, training, dispute prevention/resolution). Where consent is required in a specific situation, we will obtain it.


7) Who we share personal data with
We may share personal data with trusted service providers who help us operate, including:
onboarding/form provider (e.g., Jotform);
payment processing and payouts (e.g., Stripe / Stripe Connect);
communications tools (e.g., WhatsApp);
cloud, accounting, and professional advisers (legal/accounting);
regulators, law enforcement, courts where required.
Payment processing and related personal data handling are subject to the payment provider’s terms and data protection arrangements (including DPAs).
We do not sell personal data.


8) International transfers
Some suppliers may process/store personal data outside the UK. Where international transfers occur, we use appropriate safeguards (e.g., UK International Data Transfer Agreement/Addendum or other recognised mechanisms).


9) Retention – how long we keep personal data
We keep personal data only for as long as needed for the purposes in this notice, including legal/accounting requirements. If we do not have a fixed period, we use clear criteria for deciding retention.
Typical retention (may vary):
enquiries and pre-contract communications: up to 24 months;
active Brand records and service communications: for the duration of the relationship;
financial records (payments, invoices, payouts, refunds/chargebacks): up to 6 years;
merchant/outreach logs needed to administer introductions/commission/tail/buy-outs: for the contract term plus the relevant tail/buy-out period and a reasonable period for dispute resolution;
call recordings (if implemented): typically up to 12 months, unless needed longer for an active dispute.


10) Your rights
Depending on the circumstances, you have rights including:
access, rectification, erasure, restriction, objection (including to direct marketing), and data portability (where applicable).
To exercise rights, contact us using the details in section 1.


11) Complaints
If you have concerns, contact us first. You also have the right to complain to the UK Information Commissioner's Office.


12) Security
We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration.


13) Changes to this Privacy Notice
We may update this notice from time to time. The “Last updated” date shows the latest version.
 

bottom of page