Privacy Policy

Version 1.0Last updated: 05/06/2026

This Privacy Policy explains how TekSpert Ltd ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the Settlah platform. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller for personal data processed through this website and the Settlah platform is:

TekSpert Ltd
Company No. 16711813
Chorley, Lancashire, United Kingdom
Email: privacy@tekspert.co.uk

2. Data We Collect

2.1 Data you provide directly

  • Account data: Name, email address, company name, job title, phone number
  • Billing data: Payment method details (processed and stored by Stripe; we do not store card numbers)
  • Customer data: Information about your customers that you upload to the platform (names, addresses, email addresses, amounts owed)
  • Communications: Emails, support tickets, and other correspondence with us

2.2 Data collected automatically

  • Usage data: Pages visited, features used, actions taken within the platform
  • Technical data: IP address, browser type, operating system, device type
  • Cookie data: As described in our Cookie Policy

3. Lawful Basis for Processing

We process personal data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you (providing the Settlah service)
  • Legitimate interests: Processing necessary for our legitimate interests (service improvement, security, fraud prevention), provided these are not overridden by your rights
  • Consent: Where you have given specific consent (e.g. marketing communications, non-essential cookies)
  • Legal obligation: Processing necessary to comply with our legal obligations (tax records, regulatory requirements)

4. Purposes of Processing

  • Providing and maintaining the Settlah platform
  • Processing payments and managing subscriptions
  • Sending transactional notifications (invoices, reminders, payment confirmations)
  • Providing customer support
  • Improving and developing the platform
  • Ensuring security and preventing fraud
  • Complying with legal obligations
  • Sending marketing communications (with your consent only)

5. Recipients and Third Parties

We share personal data with the following categories of recipients, strictly as necessary to provide the Service:

  • Stripe: Payment processing (PCI DSS compliant)
  • Hosting providers: Infrastructure and server hosting (UK-based)
  • Email delivery: Nodemailer via our own SMTP server (mail.tekspert.co.uk) — no third-party email services
  • Professional advisers: Accountants, lawyers, as required by law
  • Law enforcement: If required by law or to protect our legal rights

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

6. International Transfers

Your data is primarily stored and processed within the United Kingdom. Where data is transferred outside the UK (e.g. Stripe's infrastructure), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO and UK adequacy regulations.

7. Data Retention

  • Active accounts: Data is retained for the duration of your subscription
  • Cancelled accounts: Data is retained for 90 days after cancellation, then permanently deleted
  • Financial records: Retained for 7 years as required by HMRC
  • Audit logs: Retained for 2 years for security and compliance purposes
  • Marketing consent records: Retained for the duration of consent plus 1 year

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data (subject to legal retention obligations)
  • Right to restriction: Request that we restrict processing of your data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Rights related to automated decision-making: We do not make automated decisions with legal or significant effects about you

To exercise any of these rights, contact us at privacy@tekspert.co.uk. We will respond within 30 days.

9. Children

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email at least 30 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

12. Contact

For privacy-related enquiries, contact our Data Protection Officer:

Email: dpo@tekspert.co.uk
TekSpert Ltd, Chorley, Lancashire, United Kingdom

TekSpert Ltd · Company No. 16711813 · VAT 505 2175 24 · Chorley, Lancashire, United Kingdom