GDPR and Data Handling

GDPR Compliance and Data Protection

Beffer is committed to protecting your personal data and complying with UK GDPR regulations.

What Data We Collect

We collect only the data necessary to provide our services: contact information (name, email, phone), project details (location, sector, specifications, budget), communication records, payment information (processed securely by Stripe — we never store card details), and usage data.

How We Use Your Data

We use your data to connect you with relevant suppliers, process payments securely, provide customer support, improve our services, and comply with legal obligations.

Data Sharing

We share your data only with suppliers (when you request a quote), service providers (Stripe for payments, Resend for emails, Supabase for database), and as required by law.

Your Rights

Under UK GDPR, you have the right to access your data, correct inaccurate data, request deletion, restrict processing, receive your data in a portable format, and object to marketing processing.

Data Retention

Active accounts are retained until you close your account. Transaction records are kept for 7 years (UK tax law). Marketing data is retained until you unsubscribe.

Data Security

We protect your data with encryption in transit and at rest, regular security audits, access controls and monitoring, and secure data centres (UK/EU).

Contact Us

For data protection questions or to exercise your rights, email privacy@beffer.co.uk or call 0333 444 1098. You can also contact the ICO at ico.org.uk.