Privacy Policy

1. Who We Are

The Sellers Index ("we", "us", "our") operates thesellerindex.com. Our registered address is available on request via [email protected]. We are the data controller for personal data processed through this website.

Our data protection contact is: [email protected].

We are accountable to the ICO under UK GDPR. See our About page.

2. Data We Collect Under This Privacy Policy

We collect three categories of data: information you provide, data collected automatically, and B2B business data in our product.

2.1 Data you provide

When you contact us or request information, we collect:

• Name and business email address
• Company name and message content
• Any additional information you choose to share

2.2 Data collected automatically

When you visit our website, we may collect:

• IP address and approximate location (country/city)
• Browser type and version
• Pages visited and time on site
• Referring URL
• Device type and operating system

2.3 B2B seller data (our product)

Our product database contains Amazon seller business intelligence. This relates to registered business entities, not private individuals. See our GDPR B2B compliance page for the full legal basis and processing details, including how we handle legitimate-interest assessments for commercially available business data.

We do not sell personal contact data to third parties.

3. Legal Basis for Processing

Every processing activity at The Sellers Index rests on a documented lawful basis under UK GDPR Article 6. We use four distinct bases depending on the activity: legitimate interests for contact-form enquiries and website improvement, contract performance when fulfilling a data purchase or subscription, consent for marketing communications, and legal obligation where UK law requires retention or disclosure. We do not process personal data speculatively. Before relying on legitimate interests, we complete a Legitimate Interests Assessment weighing our business purpose against your rights and freedoms. Because our primary product is B2B business intelligence rather than consumer data, the risk of undue intrusion on private individuals is low. However, that does not diminish the standard of care we apply. Each processing activity is documented in our Record of Processing Activities (RoPA) as required by UK GDPR Article 30.

• Legitimate interests — Processing contact enquiries and improving our service. Our legitimate interests do not override your rights.
• Contract performance — Processing necessary to fulfil a data purchase or subscription agreement.
• Consent — Where you have opted in to marketing communications. You may withdraw consent at any time.
• Legal obligation — Where processing is required to comply with applicable law.

4. How We Use Your Data

We use personal data only for the specific purposes listed below. We do not share it with unrelated third parties.

• Responding to enquiries and support requests
• Processing orders and delivering data products
• Sending service communications (e.g., order confirmations, updates)
• Improving our website and products (analytics)
• Complying with legal obligations
• Sending marketing communications where you have consented

For permitted uses of our Amazon seller data intelligence product, see the Terms of Service.

5. Retention

We retain personal data only as long as necessary:

• Contact enquiries: 2 years from last contact, unless a customer relationship forms
• Customer records: 7 years for financial records (legal obligation)
• Analytics data: Aggregated and anonymised after 26 months (Google Analytics default)
• Marketing opt-outs: Indefinitely, to honour your preference

6. Your Rights Under This Privacy Policy (UK GDPR and EU GDPR)

Under UK GDPR and EU GDPR, individuals hold seven enforceable rights in relation to their personal data, effective from 1 January 2021 in the UK and since 25 May 2018 across the EU. These rights apply to the personal data you provide to us directly — such as a contact-form submission or a purchase record. To exercise any right, email [email protected] with your name and the email address you used to contact us. We are required to respond within 30 calendar days. In complex or multiple-request cases, we may extend by up to two further months, but we will notify you within the initial 30 days. There is no charge for a first request; we may charge a reasonable administrative fee for manifestly unfounded or excessive repeat requests under UK GDPR Article 12(5). The seven rights are set out below.

• Access — Request a copy of data we hold about you
• Rectification — Correct inaccurate data
• Erasure — Request deletion ("right to be forgotten") where applicable
• Restriction — Limit processing in certain circumstances
• Portability — Receive data in a structured, machine-readable format
• Object — Object to processing based on legitimate interests or direct marketing
• Withdraw consent — Where processing is based on consent

7. Cookies

We use cookies in three categories under the UK Privacy and Electronic Communications Regulations (PECR):

7.1 Cookie categories

• Strictly necessary — Session management and security. No consent required.
• Analytics — Google Analytics 4 (GA4) to understand site usage. Anonymised IP. Consent required.
• Functional — Remembering preferences. Consent required where not strictly necessary.

You can manage cookie preferences at any time via your browser settings or our cookie consent banner.

7.2 Third-party cookies

Google Analytics 4 sets its own cookies, with IP anonymisation enabled. GA4 data is retained for 26 months, then deleted automatically.

8. Third-Party Services and Data Processors

We use third-party processors, each bound by a DPA under UK GDPR Article 28.

8.1 Processors and purposes

• Google Analytics 4 — Website analytics. Data processed in the US under Standard Contractual Clauses.
• Cloudflare — CDN and security. Processes IP addresses for security purposes.
• Formspree / similar — Contact form processing if enabled.
• Stripe — Payment processing. PCI-DSS compliant. We do not store card data.

All third-party processors are bound by Data Processing Agreements and appropriate transfer safeguards.

9. International Transfers

Some of our third-party providers are based outside the UK or EEA. Where transfers occur, we ensure they are protected by appropriate safeguards: Standard Contractual Clauses (SCCs), adequacy decisions, or UK International Data Transfer Agreements (IDTAs).

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. The effective date at the top of this page will always reflect the latest version. Material changes will be communicated to active customers by email.

11. How to Contact Us or Complain

For any privacy question or request: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

EU-based individuals may also contact their local supervisory authority (e.g., CNIL for France, BfDI for Germany).