Privacy Policy

Last updated: 13 April 2026

1. Who we are

This Privacy Policy explains how Evermerch Ltd collects, uses and protects personal data.

Registered office: 31 Rutland St, Leicester, LE1 1RE
Company number: 13123342
Website: evermerch.io
General contact: hello@evermerch.io
Privacy contact: privacy@evermerch.io

For the purposes of UK data protection law, Evermerch Ltd may act as either a data controller or a data processor, depending on the circumstances described below. ICO guidance distinguishes controllers, who decide why and how personal data is used, from processors, who act on documented instructions for a controller.

2. What this policy covers

This Privacy Policy applies to personal data collected through:

  • our website;

  • contact forms and enquiries;

  • account registration and platform use;

  • communications with customers, suppliers and prospects;

  • demos, meetings and events;

  • billing and contract administration; and

  • cookies and similar technologies on our website.

3. The personal data we collect

We may collect and use the following categories of personal data:

Information you give us

  • name

  • business name

  • job title

  • email address

  • telephone number

  • postal address

  • account login details

  • enquiry details

  • information you provide when booking a demo, requesting information or contacting us

Information collected through use of the platform

  • account and user profile information

  • login and authentication data

  • usage data

  • device and browser information

  • IP address

  • pages viewed and actions taken within the platform

  • support requests and communications

Transaction and business records

  • billing details

  • payment-related records

  • contract and subscription information

  • correspondence relating to sales, service and support

Data customers upload or submit

Where customers use our platform, they may upload or submit information that includes personal data. In these cases, Evermerch may act as a processor on behalf of that customer.

4. How we use personal data

We use personal data to:

  • provide and operate our website and platform;

  • create and manage accounts;

  • respond to enquiries and requests;

  • provide demos and information about our services;

  • manage subscriptions, contracts and billing;

  • provide customer support;

  • monitor, maintain and improve website and platform performance;

  • protect the security of our systems and users;

  • send service-related communications;

  • send marketing communications where permitted by law;

  • comply with legal and regulatory obligations; and

  • establish, exercise or defend legal claims.

5. Our lawful bases

Under UK data protection law, we must have a lawful basis for processing personal data. ICO guidance says privacy notices should explain the lawful basis relied on and the main purposes for processing.

We rely on the following lawful bases, depending on the circumstances:

Contract

Where processing is necessary to:

  • provide our services;

  • create and manage accounts;

  • administer subscriptions;

  • respond to requests for our services; or

  • take steps before entering into a contract

Legitimate interests

Where processing is necessary for our legitimate interests, including:

  • running and improving our business;

  • maintaining platform functionality and security;

  • responding to business enquiries;

  • keeping records of business relationships;

  • preventing fraud and misuse; and

  • marketing our services to relevant business contacts where permitted by law

When we rely on legitimate interests, we consider and balance any potential impact on your rights and freedoms.

Legal obligation

Where we need to process personal data to comply with legal or regulatory requirements.

Consent

Where consent is required, for example for certain cookies or certain electronic marketing activities.

You may withdraw consent at any time, but this will not affect the lawfulness of processing carried out before withdrawal.

6. Marketing

We may send marketing communications to business contacts where permitted under applicable law.

You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us at privacy@evermerch.io.

Electronic marketing and cookie-related rules in the UK also sit alongside data protection law under PECR.

7. Cookies and similar technologies

Our website may use cookies and similar technologies to:

  • make the site function properly;

  • remember preferences;

  • understand how visitors use the site; and

  • improve performance and user experience.

Where required by law, we will ask for your consent before placing non-essential cookies on your device.

You can manage cookies through our cookie banner or your browser settings.

8. When we act as controller

Evermerch acts as a controller where we decide how and why personal data is used for our own purposes, including:

  • operating our website;

  • handling enquiries;

  • managing customer and supplier relationships;

  • administering accounts and billing;

  • maintaining records;

  • managing service communications;

  • analytics relating to our own services; and

  • security, fraud prevention and legal compliance

9. When we act as processor

Evermerch may act as a processor where we process personal data on behalf of a customer through our SaaS platform.

In those cases:

  • the customer is usually the controller;

  • we process the data on the customer’s documented instructions; and

  • separate contractual data processing terms may apply

ICO guidance is clear that controller-processor relationships require a written contract meeting Article 28 requirements.

10. Who we share personal data with

We may share personal data with:

  • professional advisers, such as lawyers, accountants and insurers;

  • IT, hosting and software service providers;

  • payment, billing and administration providers;

  • analytics and communication providers;

  • customer relationship management providers;

  • regulators, authorities, courts or law enforcement where required; and

  • prospective buyers, investors or group companies in connection with a business sale, merger or restructuring

We require service providers acting on our behalf to handle personal data appropriately and lawfully.

11. International transfers

Some of our suppliers or service providers may process personal data outside the UK.

Where we transfer personal data outside the UK, we will take steps to ensure that appropriate safeguards are in place where required by law.

These may include reliance on adequacy regulations or the use of approved transfer mechanisms.

12. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including for legal, regulatory, tax, accounting, security and record-keeping requirements.

Retention periods vary depending on the type of data and why we hold it. For example:

  • enquiry data: typically up to 24 months after last meaningful contact

  • customer account and contract data: typically for the duration of the relationship and up to 6 years afterwards

  • financial records: typically for as long as required by tax and accounting laws

  • technical logs: for a limited period appropriate to security and operational needs

Where we no longer need personal data, we will delete it or anonymise it.

ICO guidance says privacy information should explain either retention periods or the criteria used to determine them.

13. Your rights

Under UK data protection law, you may have the right to:

  • request access to your personal data;

  • request correction of inaccurate personal data;

  • request deletion of your personal data;

  • request restriction of processing;

  • object to processing;

  • request transfer of your personal data to you or another organisation in certain circumstances; and

  • withdraw consent where we rely on consent

These rights are not absolute and may be subject to legal exceptions.

You can exercise your rights by contacting us at privacy@evermerch.io.

14. Complaints

If you have concerns about how we handle personal data, please contact us first and we will try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO). ICO guidance says privacy notices should tell people about their right to complain to the ICO.

15. Security

We take appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

However, no internet-based service can ever be completely secure, and we cannot guarantee absolute security.

16. Third-party links

Our website may include links to third-party websites or services.

We are not responsible for their privacy practices, and you should read their privacy policies separately.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Any changes will be posted on this page and, where appropriate, notified to users by email or through the platform.

18. Contact us

If you have any questions about this Privacy Policy or how we handle personal data, please contact:

Evermerch Ltd
31 Rutland St
Leicester
LE1 1RE
Email: privacy@evermerch.io