Privacy Policy
We're committed to protecting your privacy and being transparent about how we collect, use, and protect your personal data. This policy complies with UK GDPR and PECR regulations.
Contents
Quick Facts
At-a-Glance Summary
Quick overview of our privacy practices
This section provides a high-level overview of how we handle your personal data at Negotiables.
Who We Are & Scope
Company information and policy coverage
Elektroluma Ltd is a UK-registered company connecting venues with brands for pop-up activations across the West Midlands.
- Our website (negotiables.co.uk)
- Mobile application (when available)
- Email communications
- Event management tools (QR codes, forms)
- Customer support interactions
Key Definitions & Roles
Marketplace clarity on data controller and processor roles
Negotiables as Controller
We control data for platform accounts, billing, fraud prevention, site analytics, and support.
Negotiables as Processor
We process data on behalf of Brands/Hosts for QR lead capture and event management.
What We Collect
Data types by user category and purpose
We collect different types of data depending on how you use our platform:
How We Use Data
Purposes and lawful bases for processing
We use your data for platform operations, improvements, and communications.
International Transfers
Cross-border data protection measures
Some service providers may process data outside the UK/EEA with appropriate safeguards.
Retention Schedule
How long we keep different types of data
We retain data for different periods based on type and legal requirements.
Retention Periods Summary
Your Rights
What you can do with your personal data
You have various rights under UK GDPR including access, rectification, and erasure.
Security Measures
How we protect your personal data
We implement technical and organizational measures to protect your data.
Children's Privacy
Protection for users under 18
Our service is not directed at children under 16 without parental consent.
Changes & Contact
Policy updates and contact information
We may update this policy and will notify users of material changes.
Data Mapping Table
| Category | Examples | Purpose | Lawful Basis | Retention |
|---|---|---|---|---|
| Account & Contact | Name, email, phone | Create/manage account & bookings | Contract | Account life + 24m |
| Venue/Listing | Address, photos, rules, capacity | Publish & match listings | Contract; Legitimate interests | While listed + 24m |
| Booking & Payments | Dates, price, payout details | Fulfil bookings, payouts, invoicing | Contract; Legal obligation | 6 years (tax) |
| Event Leads (Processor) | QR scans, email consent | Send to Brand/Host CRM on their behalf | Consent (marketing) | 30–90 days processor copy |
| Analytics (consent) | Pages, referrers, device | Improve site, measure usage | Consent (non-essential cookies) | 14–26 months |
| Security/Fraud | IP, headers, logs | Prevent abuse, keep platform safe | Legitimate interests | 90–180 days |
Have Privacy Questions?
We're here to help. Contact our Data Protection Officer for privacy-related enquiries.