Legal Notice

Privacy Policy (Website + Mobile Apps)

Effective date: 19 December 2025
Last updated: 19 December 2025

This Privacy Policy explains how Secure Vending Solutions (trading as SecureVend) (“we”, “us”, “our”) collects, uses, shares, and protects personal information when you:

visit our website www.securevend.co.uk (the “Website”); and/or

use our mobile applications (the “Apps”) (together with the Website, the “Services”).

1) Contact us (Data Controller)

Secure Vending Solutions (trading as SecureVend) is the controller of personal data processed through our Services.

Contact (email only): enquiries@securevend.co.uk

2) What personal data we collect

We collect personal data in the following ways depending on how you use our Services.

A. Data you provide to us

Contact details: name, email address, phone number, company name, job title.

Account details (if you create an account): username, password (stored in hashed form), roles/permissions.

Support and communications: messages you send to us (e.g., via forms, email, phone), feedback, survey responses.

Commercial details: purchase enquiries, billing contact details, transaction references (if applicable).

Content you submit: information you upload or enter into our Services (for example, operational data relating to your organisation’s vending/stock systems).

B. Data we collect automatically (Website and Apps)

Device and technical data: IP address, device type, operating system, browser type, app version, time zone and locale, language, and diagnostic logs.

Usage data: pages/screens viewed, features used, clicks/taps, session duration, referring URLs, and other interaction data.

Approximate location: derived from IP address (Website) or device settings (Apps) where permitted. We do not require precise GPS location unless clearly stated and enabled by you.

Cookies and similar technologies (Website): see section 7.

C. Data from third parties

We may receive limited data from:

Service providers (e.g., analytics, crash reporting, hosting, email delivery);

App platforms (Apple/Google) (e.g., installation metrics, subscription status where relevant);

Payment providers (if you purchase from us) (e.g., payment confirmation; we typically do not receive full card details).

3) Special categories of data

We do not intentionally collect “special category” data (e.g., health, biometrics, religious beliefs) through our Services.

If you choose to share special category data with us (for example in a support ticket), we will handle it with extra care and only use it as necessary to address your request.

4) How we use your data (purposes)

We use personal data to:

Provide and operate the Services

create and manage accounts

authenticate users and maintain session security

deliver requested content/features

support core app/website functionality

Communicate with you

respond to enquiries and support requests

send service messages (e.g., security alerts, important updates)

Improve and develop our Services

analyse performance and usage patterns

debug issues and improve stability

test new features responsibly

Security and fraud prevention

protect accounts and prevent unauthorised access

monitor for suspicious activity

enforce our terms and policies

Marketing (where permitted)

send marketing communications where you have opted in or where otherwise allowed by law

measure marketing effectiveness
You can opt out at any time (see section 10).

Legal and compliance

meet legal obligations

respond to lawful requests

establish, exercise, or defend legal claims

5) Our lawful bases (UK GDPR)

We rely on these lawful bases under UK GDPR:

Contract: to provide Services you request (e.g., managing an account, delivering features).

Legitimate interests: to operate, secure, and improve our Services, communicate with business contacts, prevent fraud, and understand usage (balanced against your rights).

Consent: where required (e.g., certain cookies, optional marketing, push notifications, certain device permissions).

Legal obligation: to comply with applicable laws.

6) App permissions, device identifiers, and platform-specific data

Depending on your settings and how the Apps are built/used, the Apps may request permission to access:

Notifications (to send alerts and updates)

Camera (only if you choose features that require it, e.g., scanning)

Photos/Storage (only if you upload images/files)

Bluetooth/Nearby devices (only if you connect to compatible hardware)

Local network (only if required for device connectivity)

If a permission is optional, you can decline it. Some features may not work without certain permissions.

The Apps may also collect device identifiers (e.g., device model, OS version, app instance identifiers) for security, analytics, and crash diagnostics. We do not use these to identify you directly unless you have an account and sign in.

7) Cookies and similar technologies (Website)

We use cookies and similar technologies to:

Make the Website work (essential cookies: security, load balancing, session management).

Remember preferences (e.g., language, consent choices).

Analytics (understanding how the Website is used so we can improve it).

Marketing (only where used and where you consent, if applicable).

You can manage cookies via our cookie banner/preferences tool (if implemented) and your browser settings. Disabling some cookies may impact functionality.

8) Sharing your data

We may share personal data with:

A. Service providers (processors)

Trusted third parties who help us run our Services, such as:

hosting and infrastructure providers

email delivery providers

analytics providers

crash reporting/performance monitoring providers

customer support tools

payment processors (if applicable)

They are only permitted to process your data under our instructions and must protect it.

B. Legal or safety reasons

We may disclose data if required by law, regulation, legal process, or to protect the rights, property, or safety of SecureVend, our users, or others.

C. Business transfers

If we’re involved in a merger, acquisition, financing, or sale of assets, your data may be transferred as part of that transaction, subject to this policy.

We do not sell your personal data.

9) International transfers

Your data may be processed in the UK and (depending on service providers) other countries.

Where data is transferred outside the UK, we use appropriate safeguards such as:

UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs; and/or

transfers to countries recognised as providing adequate protection.

10) Marketing preferences

If we send marketing emails, you can opt out at any time by:

clicking the unsubscribe link in emails, or

emailing enquiries@securevend.co.uk.

Even if you opt out of marketing, we may still send service/transactional messages (e.g., password reset, important security notices).

11) Data retention

We keep personal data only as long as necessary for the purposes described above, including:

Account data: for as long as your account is active; and for a reasonable period afterwards for security, audit, and dispute resolution.

Support tickets/communications: typically 12–24 months after closure (adjust as needed).

Analytics and diagnostic data: typically up to 14 months (adjust to match settings).

Legal/accounting records: as required by law.

We may anonymise data so it can no longer be associated with you, and use it for analytics and improvement.

12) Security

We use appropriate technical and organisational measures to protect personal data, such as:

encryption in transit (HTTPS/TLS)

access controls and least-privilege permissions

monitoring and logging

secure development and patching practices

No method of transmission or storage is 100% secure, but we work to protect your information.

13) Children’s privacy

Our Services are not directed to children under 13 (or under 16 where local law requires). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at enquiries@securevend.co.uk and we will take appropriate steps to delete it.

14) Your rights (UK GDPR)

Depending on your location and applicable law, you may have rights to:

access your personal data

correct inaccurate data

delete your data

restrict processing

object to processing (including direct marketing)

data portability

withdraw consent (where processing is based on consent)

To exercise your rights, email enquiries@securevend.co.uk. We may need to verify your identity.

Complaints

If you are in the UK, you can complain to the Information Commissioner’s Office (ICO) if you believe we have handled your data unfairly or unlawfully.

15) Third-party links and services

Our Services may include links to third-party websites or services. Their privacy practices are governed by their own policies, and we are not responsible for their content or privacy practices.

16) Changes to this Privacy Policy

We may update this policy from time to time. If changes are significant, we will provide a prominent notice on our Website and/or in the Apps. The “Last updated” date at the top indicates when it was last revised.

17) Contact us

For privacy questions or requests, email: enquiries@securevend.co.uk