Privacy Policy
How we collect, use, share and protect your personal data
Effective date: 12 November 2025 • Last updated: 12 November 2025
1. Introduction
We are committed to protecting and respecting your privacy. This policy explains how we collect, use, share and protect your personal data when you visit our website, register or bid in our online auctions, consign goods, or otherwise engage with us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. The data we collect
2.1 Data you provide to us
- Identity and contact data: name, email, phone, billing/delivery address, company name and VAT no. (where applicable), date of birth (for verification).
- Account data: username, password (hashed), preferences, communication choices.
- Verification data: copies of ID, proof of address, card checks or refundable deposits required to verify bidding accounts.
- Transaction data: bids placed, lots won/sold, invoices, payments, refunds, delivery/collection bookings.
- Consignment data (sellers): business details, manifests, item descriptions, bank/payee details for settlement.
- Communications: enquiries, support tickets, call notes and email correspondence.
2.2 Data we collect automatically
- Technical data from your device: IP address, browser, OS, device identifiers.
- Usage data: pages viewed, referring URLs, clicks, search terms, session timing, and interactions with bidding features.
- Cookie/SDK data for preferences, analytics and marketing (see Cookies).
2.3 Data from third parties
- Bidding platforms and marketplaces (e.g. i-bidder/Bidspotter) used to register or place bids.
- Identity/fraud prevention providers and credit reference agencies.
- Payment processors and banks.
- Public sources (e.g. Companies House) for due diligence on business sellers.
3. Purposes and lawful bases
We only process personal data when we have a lawful basis. The table below summarises typical activities.
| Purpose | Examples | Lawful basis |
|---|---|---|
| Account set‑up & verification | Registering bidders/sellers, identity checks, refundable deposits | Contract; Legal obligation; Legitimate interests (fraud prevention) |
| Running auctions & fulfilment | Processing bids, invoicing, payments, collections/delivery | Contract; Legitimate interests |
| Consignments | Onboarding sellers, cataloguing, settlement | Contract; Legitimate interests; Legal obligation |
| Customer support & communications | Responding to enquiries, service notifications | Contract; Legitimate interests |
| Marketing | Newsletters, auction alerts, look‑alike audiences (where permitted) | Consent where required; Legitimate interests with opt‑out |
| Security & fraud prevention | Monitoring unusual activity, chargeback defence | Legitimate interests; Legal obligation |
| Legal & compliance | Tax/financial records, AML, complaints handling | Legal obligation; Legitimate interests |
4. Sharing your data
We may share personal data with service providers and partners that help us deliver our services. These include:
- Bidding platforms and marketplace partners (e.g. i-bidder/Bidspotter).
- Payment processors and banks (e.g. Stripe) for card and account payments.
- Delivery/courier and warehousing partners for collections and shipping.
- Identity verification and fraud prevention providers; credit reference agencies.
- IT hosting, CRM, email, marketing and analytics providers.
- Professional advisers (lawyers, accountants, insurers) and authorities where required by law.
We do not sell your personal data. Where we use processors, they act under our instructions and are bound by confidentiality and data protection terms.
5. Cookies and similar technologies
We use cookies and similar technologies to operate our site, remember preferences, analyse usage and, with your consent where required, for marketing. You can manage consent through our cookie banner and your browser settings.
6. International transfers
Some providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards (e.g. UK International Data Transfer Agreement or Standard Contractual Clauses) so that your data remains protected.
7. Data retention
- Core account and transaction records: typically retained for 6 years after the end of our relationship to meet tax, accounting and regulatory obligations.
- Verification/AML records: retained in line with legal requirements and our risk policy (usually 5–7 years).
- Marketing preferences: retained until you unsubscribe or your account is inactive for an extended period.
- Support correspondence: retained for our legitimate interests in record-keeping and dispute resolution.
When retention periods expire, we securely delete or anonymise data.
8. Security
We implement appropriate technical and organisational measures to protect personal data, including secure hosting, encryption in transit, access controls, staff training and regular reviews. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
9. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure in certain circumstances.
- Restrict or object to processing in certain circumstances (including to direct marketing).
- Request data portability in certain circumstances.
- Withdraw consent where processing is based on consent.
To exercise your rights, please contact us at support@castlers.com. We may need to verify your identity before responding.
10. Automated decision-making
We do not make decisions based solely on automated processing that have legal or similarly significant effects on individuals. We may use automated tools to help detect fraud or unusual bidding behaviour; these tools support human decision-making.
11. Children
Our services are not directed to persons under 18 years of age. If we become aware that we have collected personal data from a child without appropriate consent, we will delete it.
12. CCTV at our premises (if applicable)
Where CCTV operates at our premises, it is used for security and crime prevention. Footage may be shared with law enforcement when necessary and is generally retained for a short period unless required for an investigation.
13. How to complain
Please contact us first so we can resolve your concern. We will also aim to provide you with a response within 5 working days.
14. Changes to this policy
We may update this policy from time to time. The latest version will always be available on this page. We may notify registered users by email of significant changes.
15. Contact us
Castlers Auctions LtdAddress: Castlers, 10 Coach Road, Colchester, Essex, CO7 8EA
Email: support@castlers.com
Telephone: 0333 090 3234
Subscribe to our newsletter to get updates on our latest auctions
You will be able to unsubscribe at any time. Read our privacy policyhere.