A legal disclaimer

1) Who we are

This Privacy Notice is issued by The Ministry Group Elevation Ltd trading as Retail Spotter Solutions (“RSS”). We are the data controller for the personal data described in this notice.

• Legal entity: The Ministry Group Elevation Ltd (trading as Retail Spotter Solutions “RSS”)
   

• Company number: 16273971

​

• Registered office / address: 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE
   

• Email: retailspottersolutions@gmail.com
   

• Website: retailspottersolutions.com
   

—---

TMGE (Trading as Retail Spotter Solutions “RSS”) – Privacy Notice

This notice explains how we use personal data in relation to RSS (a B2B service).

Last updated: 3rd February 2026

​

1. Who we are

This Privacy Notice is issued by The Ministry Group Elevation Ltd trading as Retail Spotter Solutions (“RSS”, “we”, “us”).

We are the data controller for the personal data described in this notice.

Legal entity: The Ministry Group Elevation Ltd (trading as Retail Spotter Solutions “RSS”).

Company number: 16273971

Registered office / address: 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE

Email: retailspottersolutions@gmail.com

Website: retailspottersolutions.com

Data protection contact (if different): [●]

2. Who this notice applies to

This notice applies to:

• Brands/customers who sign up to RSS (“Brands”);

• Merchants (and merchant contacts) that RSS engages as part of the RSS service (“Merchants”); and

• Visitors to our website and users of our forms.

RSS is a business-to-business (B2B) service and is not aimed at children.

3. The personal data we collect

We may collect and use the following categories of personal data:

A) Brand account and onboarding data

• names, job titles, business contact details (email/phone), business address, business name;

• onboarding details you provide (product information, pricing information, availability, fulfilment/delivery notes, preferences);

• communications with us (emails, messages, call notes).

B) Merchant outreach and contact data

• merchant business name, address, business contact names, business contact details;

• outreach notes and outcomes (e.g., contacted, interested, sample requested, declined, timing/next steps).

C) Transaction and payment administration data

• payment references, amounts, dates, payout references, refund/chargeback details, commission calculations, and related reconciliation records.

IMPORTANT: Card details

Brand subscription payments are made via Stripe-hosted payment pages (Stripe Checkout / Stripe Payment Links). We do not receive or store full card numbers or CVC.

D) Website and technical data

• IP address, device/browser information, and logs used for security and troubleshooting.

E) Call recordings (only if implemented)

• We do not record calls as a standard practice. If we implement call recording, it may include audio (and/or transcripts) of calls with Brands and/or Merchants.

4. How we collect personal data

We collect personal data:

• directly from you (forms, onboarding, emails, calls, WhatsApp/messages);

• from Merchants/Brands during normal business communications;

• from service providers used to operate the service (for example, payment status confirmations and payout references).

5. How we use personal data and our lawful bases

We use personal data for the purposes below and rely on a lawful basis under UK GDPR:

A) To provide the service (Brands and Merchants)

• onboarding Brands, delivering introductions, communicating with you, and providing support;

• engaging with Merchants (including outreach, product discussions, and co-ordinating samples);

• managing and administering payments and commission.

Lawful basis: performance of a contract (Brands) and legitimate interests (Merchants and general service operation).

B) To administer Protected Merchant/commission arrangements

• maintaining records needed to administer anti-circumvention, Protected Merchant status, commission, any tail period, and any buy-out elections (as described in the Terms & Conditions).

Lawful basis: legitimate interests and performance of a contract (where applicable).

C) To run, protect, and improve the business

• internal administration, training, quality assurance, auditing, security, fraud prevention, and dispute handling.

Lawful basis: legitimate interests.

D) To comply with legal obligations

• accounting, tax, responding to lawful requests, and compliance.

Lawful basis: legal obligation.

E) Direct marketing (Brands and/or Merchants)

We may send marketing about RSS and related service updates to Brand contacts and Merchant contacts where permitted by law.

• For corporate recipients, we may rely on legitimate interests (with an opt-out).

• For individual recipients (e.g., sole traders), we will obtain consent where required or rely on another lawful basis permitted by law.

• You can opt out of marketing at any time.

6. Call recording (kept open for future use)

We do not record calls as a standard practice. If we decide to record calls in future, it may be for:

• training and quality assurance;

• evidencing what was agreed; and/or

• preventing or resolving disputes.

If a call is recorded, we will tell you at the start of the call and explain how you can opt out or use an alternative channel (e.g., email).

We do not ask for, and you must not provide, card details during any recorded call.

7. Who we share personal data with

We may share personal data with trusted suppliers that help us operate the service, including:

• form/onboarding tools (e.g., Jotform or similar);

• payment processing and related services (Stripe / Stripe Connect);

• communications tools (including WhatsApp/email providers);

• cloud storage and collaboration tools;

• professional advisers (legal/accounting);

• regulators, law enforcement, courts, or other third parties where legally required.

We do not sell personal data.

8. International transfers

Some suppliers may process or store personal data outside the UK. Where international transfers occur, we use appropriate safeguards such as recognised transfer mechanisms and contractual protections.

9. How long we keep personal data (retention)

We keep personal data only for as long as necessary for the purposes in this notice, including legal/accounting requirements.

Typical retention (may vary depending on context):

• enquiries and pre-contract communications: up to 24 months;

• Brand account/onboarding/service communications: for the duration of the relationship;

• Merchant outreach/contact and service logs: for as long as needed to provide the service and administer any commission/tail/buy-out arrangements, plus a reasonable period to resolve disputes;

• financial records (payments, invoices, payouts, refunds/chargebacks): up to 6 years;

• call recordings (if implemented): typically up to 12 months unless needed longer for an active dispute.

10. Your rights

Depending on your circumstances, you may have rights to:

• access your personal data;

• correct inaccurate data;

• request deletion of data;

• restrict processing;

• object to processing (including direct marketing);

• data portability (where applicable);

• withdraw consent at any time (where we rely on consent).

To exercise rights, contact us using the details in section 1.

11. Complaints

If you have concerns, contact us first and we will try to resolve them. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

12. Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration.

13. Cookies and similar technologies

We may use cookies and similar technologies on our website. Where required, we will provide a cookie notice and controls.

14. Changes to this Privacy Notice

We may update this notice from time to time. The “Last updated” date shows the latest version.