PRIVACY POLICY Retane Ltd Registered in England and Wales | Nottingham, United Kingdom Contact: [email protected] | 0115 647 2028 Governing Law: England & Wales Last Updated: March 2026

This Privacy Policy explains how Retane Ltd collects, processes, and protects personal data. It also forms part of the Terms of Service and constitutes a binding contractual agreement between Retane Ltd and its clients regarding the handling of personal data.

By subscribing to or using Retane's services, you accept this Privacy Policy in full. Retane provides a separate privacy policy for any website you create and host via the Retane platform — this document governs Retane's own data practices, not those of your client-facing website.

1. Overview

This Policy applies when you:

Visit the Retane website at retane.co.uk

Communicate with us by email, phone, or any other channel

Subscribe to or use any Retane service, including website hosting, social media management, reputation management, AI tools, automations, booking systems, or any other service provided under your subscription plan

It also outlines your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Roles

The following roles apply depending on the context in which personal data is being processed:

Retane as Data Controller: when processing data about our own clients, website visitors, or prospective customers (e.g. enquiries, billing, account management, marketing).

Retane as Data Processor: when handling personal data belonging to your customers, which is stored or processed through your Retane-hosted website, booking systems, communication tools, or any other platform feature.

Clients as Data Controller: for all personal data collected from your own customers via your Retane-hosted website, booking forms, enquiry tools, SMS, WhatsApp, or any other feature included in your subscription. You are responsible for that data and for ensuring it is collected and processed lawfully.

3. Data We Collect

3.1 Data Collected About Clients (Retane as Controller) When you subscribe to or use Retane's services, we collect:

Full name

Email address

Phone number

Business name and address

Billing and payment information (processed via our third-party payment processor)

Usage data, support records, and account activity

Marketing preferences and communication history

3.2 Data Processed on Behalf of Clients (Retane as Processor) When your customers interact with your Retane-hosted website or tools, we may process on your behalf:

Customer names, email addresses, phone numbers, and addresses

Enquiry and booking details

Job information, notes, quotes, or other data you choose to store via the platform

Clients must not upload or process special category (sensitive) personal data through the Retane platform without a lawful basis for doing so under UK GDPR.

3.3 Client Contact Information in Generated Policies By creating or hosting a website through Retane, you authorise Retane Ltd to include your publicly supplied business contact details (business name, email address, and phone number) within automatically generated legal documents, such as your website's Privacy Policy and Cookie Policy. This is necessary to ensure your website meets UK GDPR transparency requirements.

4. How We Use Your Data

Account creation, login, and service delivery — Contract

Billing, invoicing, and tax records — Contract / Legal obligation

Failed payment notifications and account management — Contract

Security monitoring and fraud prevention — Legitimate interests

Platform diagnostics, analytics, and improvement — Legitimate interests

Sending transactional communications (see Section 6) — Contract

Marketing updates, offers, and product news — Consent or soft opt-in

Referral Programme administration (see Section 5) — Legitimate interests / Consent

5. Referral Programme Data

Where you participate in the Retane Referral Programme, we collect and process limited personal data solely to administer the referral and reward process.

Data collected:

Referrer's name, email address, and phone number

Referred business's name, contact name, email address, and phone number

Purpose: To verify eligibility, contact the referred business, and apply any applicable referral reward.

Lawful basis:

Legitimate interests — administering the Referral Programme

Consent — the referrer confirms they have the referred party's consent to share their details with Retane for this purpose

Retention: Referral data is retained for up to 90 days after the referral is processed or closed, after which it is securely deleted.

Third parties: Referral data is not shared with any third party except platform providers that support Retane's CRM and email systems, all of whom operate under data protection agreements.

6. Communications & Notifications

Retane sends emails and SMS messages for the following purposes:

Account setup and onboarding

Payment confirmations and invoices

Failed payment alerts

Account status changes (including suspension or termination)

Service updates relevant to your subscription

These are transactional communications necessary to deliver the service and cannot be opted out of while your account is active.

Marketing communications are optional and will always include an unsubscribe or "STOP" option.

7. Cookies

Retane uses the following cookies on retane.co.uk:

Essential cookies — required for login, session management, and core platform functionality

Optional analytics cookies — used to understand how the platform is used and to improve our services

Your client-facing website hosted through Retane will have its own Cookie Policy, provided and managed separately by Retane on your behalf.

8. Sharing & Third-Party Transfers

We share personal data only with trusted third-party providers where necessary to operate the platform. These may include providers of:

Website hosting and infrastructure

Payment processing

Email and SMS delivery

Analytics and performance monitoring

Booking and scheduling systems

Automation and integration tools

AI and chatbot services

All sub-processors operate under Data Processing Agreements with Retane. Where data is transferred outside the United Kingdom, we rely on the UK Addendum to the EU Standard Contractual Clauses or other appropriate lawful safeguards.

We do not sell personal data to third parties.

9. Data Retention & Deletion

Active accounts: Personal data is retained for the duration of your active subscription.

Cancellation: Where you cancel your subscription, your services and associated data remain active until the end of your current billing period. Following that, your data will be deleted in accordance with our standard deletion schedule. You are solely responsible for requesting access to and exporting any data you wish to retain before services are deactivated. Retane will not initiate data exports on your behalf. Access requests must be submitted in writing to [email protected] in accordance with the Terms of Service.

Failed payments: If a payment fails, Retane will automatically retry the following day. If payment remains unsuccessful for 14 days, your account will be permanently suspended and all associated data, including your website and any hosted content, will be permanently deleted from our servers. You will be notified prior to deletion wherever reasonably practicable. Returning users will receive a new blank account — no previous data will be restored.

Financial records: Billing and invoice records are retained for 6 years in accordance with legal obligations under HMRC requirements.

Where a subscription is cancelled or terminated, clients will be notified by email and given a minimum of 7 days to request access to their data before permanent deletion takes place.

10. Security

Retane protects personal data using the following measures:

Encryption of data in transit

Multi-factor authentication

Least-privilege access controls

Regular backups

Vendor due diligence and sub-processor vetting

Incident response planning

11. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of access — request a copy of the data we hold about you

Right to rectification — request correction of inaccurate data

Right to erasure — request deletion of your data where no longer required

Right to restriction — request that we limit how we process your data

Right to object — object to processing based on legitimate interests

Right to data portability — receive your data in a portable format

To exercise any of these rights, contact us at [email protected].

Where a request relates to personal data processed on behalf of a client (i.e. data for which the client is the Data Controller), we will forward the request to the relevant client for them to action. Where a client requires access to their platform account in order to fulfil a data subject request or for any other purpose, they must submit a written request to [email protected] in accordance with the Terms of Service. Retane will respond to written access requests within one business day. Where a data subject request is received by a client regarding their customer data, clients can manage this directly via their account or contact Retane for assistance at [email protected].

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time: https://ico.org.uk/concerns

12. Data Processing Agreement (DPA)

By subscribing to and using Retane's services, clients enter into a binding Data Processing Agreement with Retane Ltd, which applies automatically upon confirmation of payment or first use of the platform.

Under this DPA:

The Client acts as Data Controller for all personal data collected from their customers via the Retane platform

Retane acts as Data Processor, processing that data only as necessary to provide the subscribed services and in accordance with the Client's instructions

Retane will not process client customer data for any purpose other than service delivery without the Client's instruction or a legal obligation to do so

The DPA covers:

The purpose, nature, and duration of processing

The types of personal data and categories of data subjects involved

The sub-processors used by Retane (e.g. hosting, payment, email, SMS, AI and automation providers)

The security measures implemented by Retane

This DPA is legally binding under UK GDPR Article 28.

Client obligations under the DPA: Clients confirm that all personal data provided to or processed through Retane has been collected lawfully and in compliance with UK GDPR, PECR, and any other applicable data protection legislation. Clients are responsible for determining the lawful basis for processing, obtaining all required consents, and ensuring compliance with their own data protection obligations. Retane is not liable for any regulatory penalties or claims arising from the Client's failure to comply.

13. Client-Facing Website Policies

All websites hosted on Retane will include a Privacy Policy and Cookie Policy provided by Retane. These policies are automatically generated based on the services included in your subscription and your publicly provided business contact details.

Current versions of these policies can be viewed at:

Privacy Policy: https://www.retane.co.uk/clients-website-privacy-policy

Cookie Policy: https://www.retane.co.uk/clients-website-cookie-policy-880171

14. Managing Your Account & Support

You can manage or cancel your subscription at any time via the Retane Client Portal.

If you have lost your login details or require support, contact us at:

Email: [email protected]

Phone: 0115 647 2028

Support page: https://www.retane.co.uk/technical-support

Support hours: 08:00 to 18:00, Monday to Sunday

15. Changes to This Policy

We may update this Privacy Policy periodically. Where changes are material, we will notify clients by email with at least 30 days' notice before the changes take effect. The latest version will always be available at:

https://www.retane.co.uk/privacy

16. Governing Law

This Privacy Policy and all processing of personal data by Retane Ltd are governed by the laws of England and Wales. Any disputes arising in connection with this Policy are subject to the exclusive jurisdiction of the courts of England and Wales.