Privacy policy.

Last Updated: August 2025

Introduction

Thank you for choosing to be part of our community at BULLWHIP LTD (“Company”, “we”, “us”, “our”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage with us, including through our website, our services, and our data integration offerings.

If you have any questions about this Privacy Policy or our practices, please contact us at:

BULLWHIP LTD
24 Sandiway, Irlam, Manchester, England, M44 6EF
Email: info@bull-whip.com
Phone: +44 7432 623451

Controller and Processor Roles

Under the UK GDPR and applicable data protection laws, BULLWHIP LTD may act as both:

  • Data Controller – when we determine the purposes and means of processing (e.g. handling website visitor data, invoicing, and supplier data).

  • Data Processor – when we process shipment and related data strictly on behalf of our customers under contract.

Scope

This Privacy Policy applies to:

  • Customers who engage with our services, including data integration.

  • Suppliers who provide products or services to us.

  • Website visitors and prospective customers who interact with our website or contact us.

  • Public domain business data which we may process to provide insights to customers.

Types of Data We Collect

We may collect, use, store and transfer the following categories of personal and business-related data:

  • Customer Shipment Data – shipment details such as shipper names, shipment weight, profit data, and related information.

  • Financial Data – bank details, invoicing information, and transaction records when handling payments directly.

  • Publicly Available Business Data – information relating to businesses and business professionals obtained from public sources, including job titles, company affiliations, and professional profiles.

  • Supplier Data – contact and financial information required to manage supplier relationships.

  • Technical and Website Data – information collected automatically when you visit our website, such as IP address, browser type, and device data (processed via our hosting provider).

We do not intentionally collect sensitive personal data and do not knowingly collect personal information relating to children.

How We Collect Data

  • Directly from you – when you provide information to us (e.g., via contracts, invoices, website forms).

  • Through service use – shipment data supplied to us for integration and processing.

  • From public domain sources – professional and company-related information lawfully available in the public domain.

  • Automatically – technical and browsing data collected when using our website.

Lawful Basis for Processing

We process personal data under one or more of the following legal bases:

  • Performance of a contract – where processing is necessary to deliver our services.

  • Legitimate interests – such as improving our services, analysing shipment data, or using public domain business information, provided your rights are not overridden.

  • Legal obligations – to comply with financial, regulatory, and security requirements.

Data Integration Options

We offer three GDPR-compliant integration methods:

  1. Standard Procedure – Full Data Integration
    Data is securely received, cleansed, structured, and retained for the duration of the customer contract.

  2. Secure Anonymous Procedure – No Identifiable Data Stored
    Data is anonymised during processing, with the original dataset permanently deleted immediately after use.

  3. On-Premises Anonymous Procedure – No Data Leaves Your Network
    Processing occurs entirely within your infrastructure, with BULLWHIP LTD not retaining or accessing any data.

Data Sharing and Disclosure

We do not sell or share your personal data. We may disclose data only in the following circumstances:

  • Internal use – to authorised employees and contractors.

  • Service providers – including IT, hosting, cloud infrastructure, and professional advisers, where strictly necessary.

  • Legal and regulatory authorities – where required by law or regulation.

  • Business transactions – in the context of a merger, acquisition, or reorganisation, subject to safeguards.

International Transfers

Where data is transferred outside the UK, we ensure compliance with applicable data protection laws by relying on recognised safeguards such as:

  • Adequacy decisions;

  • Standard Contractual Clauses approved by the UK Government; or

  • Other legally compliant transfer mechanisms.

Data Retention

  • Standard Integration – data is retained until termination of the customer contract, after which it is deleted or anonymised.

  • Secure Anonymous – original data is permanently deleted immediately after processing.

  • On-Premises – no data is retained by BULLWHIP LTD.

  • Financial and legal records – retained as required under applicable accounting and tax laws.

Data Security

We implement appropriate organisational and technical measures to secure your data, including:

  • AES-256 encryption at rest and TLS 1.2+ in transit;

  • Role-based access control and multifactor authentication;

  • Continuous monitoring and security protocols through Microsoft Azure infrastructure.

While we take all reasonable steps to protect your information, no electronic transmission can be guaranteed to be 100% secure.

Cookies and Website Technologies

Our website may use essential cookies and technical tools provided by our hosting provider for basic functionality and security. We do not use non-essential cookies or tracking technologies for marketing purposes.

Minors

Our services are not directed at or intended for individuals under 18 years of age. We do not knowingly collect data relating to minors. If we discover that such data has been collected, we will delete it promptly.

Your Rights

Under the UK GDPR, you have the following rights:

  • Access – to request a copy of the personal data we hold about you.

  • Correction – to request rectification of inaccurate or incomplete data.

  • Erasure – to request deletion of your data where appropriate.

  • Restriction – to request suspension of processing under certain conditions.

  • Portability – to request transfer of your data to another party.

  • Objection – to object to processing carried out under legitimate interests.

  • Withdraw consent – where processing is based on consent, you may withdraw it at any time.

Requests can be made by contacting us at info@bull-whip.com. We will respond within one month, in accordance with legal requirements.

Complaints

If you are dissatisfied with our response to a privacy-related concern, you may lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or with your local data protection authority.

Updates to this Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with an updated “Last Updated” date. We encourage you to review this Privacy Policy periodically.