Privacy Policy

Capital Carboot Sale Pimlico, operated by Pimlico CB Ltd ("we", "us", or "our"), is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, and protect your information when you use our website, book pitches, or attend our events.

1. Information We Collect

We collect the following types of personal information:

• Contact Information: Name, email address, phone number, and postal address when you book a pitch or ticket
• Payment Information: Payment details processed securely through Stripe (we do not store credit card information)
• Event Information: Details about your bookings, pitch preferences, and attendance history
• Website Usage: IP address, browser type, pages visited, and time spent on our website
• Communication Data: Records of correspondence when you contact us

2. How We Use Your Information

We use your personal information for the following purposes:

• To process your bookings and manage your attendance at our events
• To send you booking confirmations, updates, and important event information
• To respond to your enquiries and provide customer support
• To comply with legal requirements, including health and safety regulations
• To improve our services and website functionality
• To send you marketing communications (only with your consent)

3. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services and fulfil our contractual obligations
• Legal Compliance: Processing required to comply with legal obligations, including tax and health & safety requirements
• Legitimate Interests: Processing necessary for our business operations, customer service, and service improvement
• Consent: For marketing communications and non-essential cookies (you can withdraw consent at any time)

4. How We Share Your Information

We may share your personal information with:

• Payment Processors: Stripe for secure payment processing
• Email Service Providers: Resend for sending booking confirmations and communications
• Hosting Providers: Vercel and MongoDB Atlas for website hosting and data storage
• Professional Advisers: Legal, accounting, and other professional services as required
• Regulatory Authorities: When required by law or to comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory requirements (typically 7 years for financial records)
• Resolve disputes and enforce our agreements

When personal information is no longer needed, it will be securely deleted or anonymised.

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right of Rectification: Correct inaccurate personal data
• Right of Erasure: Request deletion of your personal data (subject to legal requirements)
• Right to Restrict Processing: Limit how we use your personal data
• Right to Data Portability: Receive your personal data in a portable format
• Right to Object: Object to processing for direct marketing or legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing based on consent

To exercise any of these rights, please contact us using the details provided below.

7. Cookies and Website Analytics

Our website uses cookies to improve your browsing experience and provide essential functionality. We use:

• Essential Cookies: Required for website functionality and cannot be disabled
• Analytics Cookies: Help us understand how visitors use our website (used only with your consent)

You can manage your cookie preferences through your browser settings.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (SSL/TLS)
• Secure payment processing through PCI DSS compliant providers
• Access controls and authentication systems
• Regular security updates and monitoring

9. International Transfers

Some of our service providers may be located outside the UK and European Economic Area (EEA). When we transfer your personal data internationally, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Other appropriate safeguards recognised under UK GDPR

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "last updated" date.

11. Contact Us

If you have any questions about this privacy policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Pimlico CB Ltd

Email: bookings@capitalcarboot.com

Registered Address: Portland House, 21 Narborough Road, Cosby, Leicester, LE9 1TA

Right to Complain

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: https://ico.org.uk

Phone: 0303 123 1113