We use cookies to improve your experience. Essential cookies are always active. You can choose to accept analytics, preference, and marketing cookies. Learn more

    The Surrey Directory — Privacy Policy

    Effective Date: March 2026

    Background

    The Surrey Directory respects your privacy and will only collect and use personal data in ways consistent with our obligations and your rights under the law. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    Information About Us

    What Data Do We Collect?

    We may collect the following categories of personal data depending on how you use the site:

    Identity and Contact Data

    Name, business name, email address, physical address, telephone number, and mobile number. Collected directly when you register, claim a listing, or contact us.

    Verification Data

    Mobile number used for SMS OTP verification during the listing claim process. This is collected to verify your identity as an authorised business representative.

    Business Listing Data

    Business name, address, contact details, descriptions, photos, opening hours, website URLs, and any other content submitted to your listing. This information is publicly visible on the directory.

    Financial Data

    Transaction details including date, amount, and subscription plan purchased. Processed via our third-party payment provider Stripe. We do not store your card details.

    Technical and Usage Data

    IP address, browser type, operating system, pages visited, click tracking data (including which buttons are clicked on premium business listings), and information on how you use the website. Collected automatically via cookies and analytics.

    Communications Data

    Emails, support messages, and any correspondence you send to us.

    How and Why We Use Your Data

    We must have a valid legal reason (a Lawful Basis) to use your personal data under UK GDPR.

    To provide and manage your account

    Lawful Basis: Performance of a Contract. Necessary to provide the services you requested including account access and listing management.

    To verify business ownership during the claim process

    Lawful Basis: Performance of a Contract and Legitimate Interest. Your mobile number is used for SMS OTP verification. Your email is used to send a confirmation link to verify access to the listed business email address.

    To publish and display business listings

    Lawful Basis: Legitimate Interest and Performance of a Contract. Business listing information is publicly visible on the directory to connect businesses with local consumers.

    To process payments via Stripe

    Lawful Basis: Performance of a Contract. Necessary to fulfil paid subscriptions including premium listings, TradeSearch membership, and wedding supplier add-ons.

    To send transactional communications

    Lawful Basis: Performance of a Contract. We send emails and SMS messages relating to your account, listing verification, activation, subscription renewals, and service updates.

    To provide click tracking and analytics to business owners

    Lawful Basis: Legitimate Interest. Premium listing holders receive anonymised data on how consumers interact with their listing including button clicks, page views, and referral sources.

    Website improvement and security

    Lawful Basis: Legitimate Interest. We monitor and analyse usage to improve the service and protect against misuse.

    Marketing communications (if you opt in)

    Lawful Basis: Consent. You must give explicit consent which you can withdraw at any time by contacting hello@thesurreydirectory.co.uk or using the unsubscribe link in any marketing email.

    Legal compliance

    Lawful Basis: Legal Obligation. To comply with tax, accounting, or law enforcement requirements.

    Sharing and Disclosing Your Data

    We do not sell your personal data. We share data only as necessary for the following purposes:

    • Public display: Business listing information (name, address, contact details, description, photos) is publicly visible on the directory to all visitors.
    • ClickSend: We use ClickSend to deliver SMS verification codes during the listing claim process. Your mobile number is transmitted to ClickSend solely for this purpose.
    • Stripe: We use Stripe to process payments. Stripe handles all card data securely. We share only the information necessary to process your subscription.
    • Postmark: We use Postmark (by ActiveCampaign) to deliver transactional emails including verification links, account notifications, and listing activation emails.
    • Supabase: Our platform infrastructure and database is hosted on Supabase. Your account and listing data is stored securely on Supabase servers.
    • Analytics providers: We use anonymised analytics to understand how the site is used. No personally identifiable information is shared with analytics providers.
    • Legal and regulatory bodies: We will disclose data if legally required by a court order or other legal process.

    How and Where Do We Store Your Data?

    We use appropriate physical, electronic, and managerial procedures including SSL encryption to safeguard your data. We process your data primarily on secure servers within the UK or EEA. Where third-party providers are based outside this area we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses where applicable.

    How Long Do We Keep Your Data?

    We keep your data only as long as necessary for the purpose it was collected:

    • Account and listing data is retained for the duration of your active account or subscription
    • If you close your account or your subscription lapses, we will securely erase your personal data within 90 days, except where we are required to retain it for legal, accounting, or reporting purposes
    • SMS verification codes are automatically expired after 10 minutes and are not retained beyond that window
    • Payment records are retained for 7 years in accordance with HMRC requirements
    • Analytics and usage data is retained in anonymised form

    Cookies and Analytics

    Our website uses cookies. Please refer to our Cookie Policy for full details on what cookies are, the types we use, the data they collect, and how you can manage your preferences. Our Cookie Policy is available at thesurreydirectory.co.uk/cookie-policy.

    Your Rights Under UK GDPR

    Under the UK GDPR you have the following rights, which we will always work to uphold:

    • The right to be informed about how we use your data
    • The right to access the personal data we hold about you
    • The right to have your data corrected if it is inaccurate or incomplete
    • The right to erasure (the right to be forgotten)
    • The right to restrict processing of your data
    • The right to object to us using your data for certain purposes
    • The right to data portability
    • Rights relating to automated decision-making and profiling

    To exercise any of these rights, please contact us at hello@thesurreydirectory.co.uk. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

    Changes to This Policy

    We may update this Privacy Policy from time to time. Significant changes will be communicated to registered users by email. Continued use of the site after changes constitutes acceptance of the updated policy.

    Contact Us

    For any privacy-related queries or to exercise your rights:

    Last Updated: March 2026