Privacy Policy
Last updated: 2 May 2026 · Version 1.0
This Privacy Policy explains what personal data OnTheRota collects, how we use it, who we share it with, and what rights you have. It applies to everyone who visits ontherota.co.uk, joins the waitlist, or creates an account.
The short version: We collect the data you give us when you sign up — your name, contact details, company, trade, region, accreditations, and (if you pay) billing details. We use it to operate the marketplace and contact you about it. We don't sell it. We host data in the UK/EU. You can ask for a copy or for it to be deleted at any time.
1. Who we are
The data controller is Simpson's Ventures Ltd, a company registered in England and Wales (the "Company", "we", "us", "our"). OnTheRota is a trading name of Simpson's Ventures Ltd.
For any privacy question, email hello@ontherota.co.uk.
2. What data we collect
2.1 Data you give us when joining the waitlist or registering
| Category | Examples |
|---|---|
| Identity | Name, company, job title |
| Contact | Email address, phone number |
| Trade-specific (Trades) | Trade type, accreditations and certificates, day rate, regions worked, availability |
| Hirer-specific (Hirers) | Trades you typically need, region of operation, hiring volume |
| Profile media | Photographs and uploaded copies of accreditations / cards |
2.2 Data we collect automatically when you visit the site
- Anonymised analytics (page views, country, device class) collected through privacy-friendly tools that do not use tracking cookies.
- Server logs (IP address, request timestamps, user agent) retained for security and abuse-prevention purposes.
2.3 Data we collect if you become a paying customer
- Billing details (company name, billing address, VAT number where applicable, sort code and bank account number for Direct Debit). Bank-account data is processed by GoCardless under your Direct Debit mandate and is not stored on our servers.
- Subscription history, Contact Unlock counts, invoices.
3. How we use your data, and our lawful basis
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Operating the marketplace — letting Hirers search Trade Profiles and contact Trades | Performance of contract / legitimate interest |
| Processing payments and managing Subscriptions | Performance of contract |
| Sending transactional email (account confirmations, contact requests, billing receipts) | Performance of contract |
| Sending product updates and waitlist news | Consent (waitlist) / legitimate interest (existing customers, with opt-out) |
| Detecting and preventing fraud, abuse, and breaches of our Terms (including operating honeypot accounts to detect scraping) | Legitimate interest |
| Complying with legal and regulatory obligations | Legal obligation |
| Improving the Service through anonymised analytics | Legitimate interest |
4. Who we share your data with
We do not sell your personal data. We share it only with the following categories of recipient, all of whom act under written data-processing agreements:
- Other Users of the Service — your Profile information is visible to logged-in Users. Your phone number and email are not revealed to a Hirer until they spend a Contact Unlock. Once unlocked, those details remain visible to that Hirer.
- Netlify, Inc. — hosting and DNS for ontherota.co.uk. Data resides in UK / EU regions.
- Netlify Forms (a feature of Netlify, Inc.) — capture and storage of waitlist and contact form submissions, including names, email addresses, phone numbers, and any free-text answers you provide. Submissions are stored in the Netlify Forms dashboard and forwarded to our notification email address.
- GoCardless Ltd — UK Direct Debit collection for paid Subscriptions and unlock top-ups. GoCardless processes your bank-account details and the Direct Debit mandate; we never see or store the bank details.
- Email service providers (e.g. Postmark, Resend) — transactional and waitlist email delivery.
- Analytics providers (e.g. Plausible Analytics) — privacy-friendly anonymised site analytics.
- Professional advisors — accountants and lawyers, where strictly necessary.
- Authorities — where we are legally required to disclose data.
5. International transfers
Most processors we use store data in the UK or EU (GoCardless is UK-based; Netlify hosts in UK / EU regions for this site). Where a processor (e.g. certain email providers) transfers data to a country outside the UK / EU, we rely on an adequacy decision or appropriate safeguards (such as Standard Contractual Clauses) as required by UK GDPR.
6. How long we keep your data
- Active accounts: for as long as the account is active.
- Closed accounts: Profile data is hidden immediately on closure and deleted within 30 days, unless we are required to retain certain records (e.g. for tax law, fraud investigation).
- Waitlist signups: retained until launch + 12 months, or until you ask us to delete the entry.
- Billing records: retained for 7 years to comply with UK accounting and tax law.
- Server logs: retained for up to 90 days.
7. Your rights under UK GDPR
You have the right to:
- Access a copy of the personal data we hold about you;
- Rectify data that is inaccurate or incomplete;
- Erase your data where there is no compelling reason for us to continue processing it;
- Restrict or object to certain processing, including direct marketing;
- Data portability — receive your data in a structured, commonly used, machine-readable format;
- Withdraw consent at any time, where processing is based on consent;
- Complain to the UK Information Commissioner's Office (ico.org.uk).
To exercise any of these rights, email hello@ontherota.co.uk. We will respond within one calendar month.
8. Cookies and tracking
OnTheRota does not use third-party tracking cookies or advertising cookies. We use:
- Strictly necessary cookies for sign-in and security;
- A small number of first-party preferences (such as remembering which waitlist tab you opened);
- Privacy-friendly analytics that do not use cookies and do not track you across sites.
We will update this section if we add any other tracking technology, and we will not introduce non-essential tracking without giving you a clear way to opt out.
9. Security
We protect data using industry-standard measures including TLS encryption in transit, encryption at rest where supported by our processors, role-based access control, hardened deployment configurations, and regular security review. No system is perfectly secure, however, and we cannot guarantee absolute security of any data you transmit to us.
10. Children
OnTheRota is intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email to your registered address and posted on this page with a revised "Last updated" date.
12. Contact
Privacy questions, data subject requests, or complaints: hello@ontherota.co.uk.
You also have the right to complain to the UK Information Commissioner's Office at any time: ico.org.uk · 0303 123 1113.
© 2026 Simpson's Ventures Ltd. OnTheRota is a trading name of Simpson's Ventures Ltd. Registered in England and Wales.