Privacy Notice

Last updated: 14th April 2026

This Privacy Notice explains how Merchsmith Ltd collects, uses and protects personal data through the Merchsmith marketing website at merchsmith.com.

This notice applies to the marketing website only. It does not apply to the Merchsmith software platform, customer portal, or any separate service environment, which will have their own privacy terms if and when they are launched.

1. Who we are

Merchsmith Ltd is the controller of personal data collected through this website.

Registered office: 31 Rutland St, Leicester, LE1 1RE
Company number: 11169390
Email: hello@merchsmith.com

If you have questions about this Privacy Notice or how we handle your personal data, please contact us using the details above.

2. Personal data we collect

We may collect and process the following personal data through this website:

Information you provide to us

  • your name;

  • business name;

  • job title;

  • email address;

  • telephone number;

  • enquiry details;

  • booking details for discovery calls or meetings;

  • any other information you choose to submit through forms, email, or other communications.

Information collected automatically

  • IP address;

  • browser type and version;

  • device type;

  • operating system;

  • pages visited;

  • date and time of visits;

  • referral source;

  • on-site actions and interactions;

  • cookie and similar technology data.

Information from third parties

We may receive limited information from third-party tools we use for analytics, website hosting, form handling, advertising, scheduling, or CRM management.

3. How we use your personal data

We may use your personal data to:

  • operate, maintain and improve the website;

  • respond to enquiries and requests;

  • arrange and manage discovery calls or meetings;

  • provide information about Merchsmith and related services;

  • analyse website usage and performance;

  • maintain security and prevent misuse;

  • keep records of enquiries and communications;

  • send marketing communications where permitted by law;

  • comply with legal and regulatory obligations.

4. Our lawful bases for processing

Under UK data protection law, we rely on one or more of the following lawful bases depending on the context:

Legitimate interests

We may process personal data where it is necessary for our legitimate interests, including:

  • operating and improving our website;

  • responding to business enquiries;

  • managing leads and business development activity;

  • maintaining website security;

  • understanding how visitors use our site;

  • promoting our services to relevant business contacts where lawful.

Consent

We rely on consent where required, for example:

  • for non-essential cookies and similar technologies where applicable;

  • for certain direct marketing activity where consent is legally required.

Contract

If you ask us to take steps before entering into a contract, we may process your data to respond to that request.

Legal obligation

We may process personal data where necessary to comply with legal or regulatory obligations.

The ICO states that legitimate interests can potentially apply to direct marketing under the UK GDPR, but PECR may still require consent for certain electronic marketing and cookies.

5. Marketing communications

If you contact us about Merchsmith, we may send you relevant business communications in line with applicable law.

Where the law requires consent, we will ask for it. Where the law allows us to contact corporate subscribers or otherwise rely on a lawful basis, we may do so, but you can opt out at any time.

Every marketing email we send should include a clear unsubscribe option, or you can ask us to stop by contacting us at hello@merchsmith.com.

PECR applies to electronic marketing and sets stricter rules for marketing to individuals than to companies.

6. Cookies and similar technologies

We may use cookies and similar technologies to:

  • make the website function properly;

  • remember preferences;

  • measure traffic and performance;

  • improve user experience;

  • support marketing and advertising activity.

Where required by law, we will ask for consent before placing non-essential cookies on your device.

You can also manage cookies through your browser settings. Blocking some cookies may affect how the website works.

The ICO’s current guidance confirms that PECR applies to cookies and similar technologies.

7. Sharing your personal data

We may share personal data with trusted service providers who help us operate the website or manage related business activity, such as providers of:

  • website hosting;

  • analytics;

  • CRM systems;

  • scheduling tools;

  • email systems;

  • cloud storage;

  • technical support;

  • professional advisers.

We require such providers to process personal data only on our instructions where they act as processors, and to apply appropriate security measures.

We may also disclose personal data:

  • where required by law;

  • to enforce legal rights;

  • in connection with a business sale, investment, merger, or restructuring.

8. International transfers

Some of our service providers may process personal data outside the UK.

Where personal data is transferred internationally, we will take appropriate steps to ensure it remains protected, such as using lawful transfer mechanisms and appropriate contractual safeguards where required.

9. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this notice, including to:

  • respond to enquiries;

  • manage business relationships and lead records;

  • meet legal, tax, regulatory, or reporting obligations;

  • resolve disputes;

  • enforce legal rights.

Retention periods may vary depending on the nature of the data and the reason it was collected.

10. Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

No internet transmission or storage system is completely secure, so we cannot guarantee absolute security.

The NCSC notes that the GDPR requires organisations to process personal data securely using appropriate technical and organisational measures.

11. Your rights

Depending on the circumstances, you may have the right to:

  • request access to your personal data;

  • request correction of inaccurate personal data;

  • request erasure of personal data;

  • request restriction of processing;

  • object to processing;

  • request transfer of your personal data in certain cases;

  • withdraw consent where processing relies on consent;

  • complain to the Information Commissioner’s Office (ICO).

To exercise any of these rights, please contact us at hello@merchsmith.com.

If you are unhappy with how we use your personal data, you can also complain to the ICO. The Data Protection Act 2018 remains in force, and the ICO continues to oversee compliance with UK data protection law.

12. Third-party websites

This website may contain links to third-party websites. We are not responsible for their privacy practices. You should read their privacy notices before submitting personal data to them.

13. Children

This website is aimed at business users and is not intended for children.

14. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The latest version will always be posted on this page and will take effect from the date shown at the top.

15. Contact us

If you have any questions about this Privacy Notice or your personal data, please contact:

Merchsmith Ltd
31 Rutland St, Leicester, LE1 1RE
hello@merchsmith.com