Privacy Policy
This Privacy Policy explains how Bajaj IT Services Ltd (“TrustRefer”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you use our website and platform at trustrefer.co.uk (the “Service”).
We are committed to handling your personal data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Data controller
Bajaj IT Services Ltd
Company number: 09115792
For privacy-related queries, please use the form on our contact page or submit a request through your account settings.
2. What data we collect
a) Account and profile information
When you register for an account, we collect your name, email address, and any profile information you choose to provide. We may also store your membership tier and account preferences.
b) Referral submissions
When you submit a referral link, we collect the submitted URL, provider name, category, any description or notes you provide, and metadata such as submission timestamp and status.
c) Usage data
We record interactions with the platform in our own database — for example, when a referral link is clicked and the timestamp of that click. This data is used solely to display statistics to the link owner and to operate the Service. We do not use third-party analytics tools and do not track your browsing behaviour across other websites.
d) Technical data
We automatically collect your IP address, browser type, device type, operating system, and session data when you use the Service.
e) Communications and support
If you contact us via a form or support channel, we retain the content of your message and any information you provide so we can respond to and resolve your query.
3. How we use your data
| Purpose | Lawful basis |
|---|---|
| Providing and managing your account | Performance of contract |
| Displaying your submitted referral links | Performance of contract |
| Processing and moderating submissions | Legitimate interests |
| Recording referral link clicks to display statistics to link owners | Legitimate interests |
| Improving the Service and user experience | Legitimate interests |
| Sending service-related communications | Performance of contract / legitimate interests |
| Detecting and preventing abuse or fraud | Legitimate interests / legal obligation |
| Complying with legal obligations | Legal obligation |
| Inviting you to leave a review via Trustpilot following registration | Legitimate interests |
4. Cookies
We use cookies and similar tracking technologies on TrustRefer. For full details, please see our Cookie Policy.
5. Sharing your data
We do not sell your personal data. We may share it with:
Service providers
We work with the following third-party providers who process data on our behalf:
- Vercel — hosting and edge infrastructure
- Supabase — database hosting
- Stripe — payment processing
- Resend — transactional email delivery
- Cloudflare — bot detection (Turnstile) on sign-in and registration pages
- Trustpilot — review collection; your email address is shared with Trustpilot following registration so they can invite you to leave a review of TrustRefer
Each provider is bound by appropriate data processing agreements and we use only providers that comply with UK data protection standards.
Legal and regulatory authorities
We may disclose data where required by law, court order, or regulatory requirement, or where necessary to protect the rights and safety of TrustRefer or others.
Business transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity. We will notify users where required by law.
We do not share your personal data with third-party advertisers or data brokers.
6. Data retention
We retain your personal data for as long as your account is active and for a reasonable period thereafter, or as long as necessary to fulfil the purposes described in this policy. Account data is typically deleted or anonymised within 12 months of account closure unless a longer retention period is required by law.
Link click records may be retained in aggregated or anonymised form for longer periods for the purpose of displaying historical statistics to link owners.
7. International transfers
Where we use service providers that process data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, such as UK International Data Transfer Agreements or equivalent adequacy mechanisms.
8. Your rights
Under UK data protection law, you have the following rights:
- Access — you can request a copy of the personal data we hold about you
- Rectification — you can ask us to correct inaccurate data
- Erasure — you can request deletion of your data in certain circumstances
- Restriction — you can ask us to restrict processing in certain circumstances
- Portability — you can request your data in a portable format where applicable
- Objection — you can object to processing based on legitimate interests
- Withdrawal of consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please submit a request via your account settings or through the contact form.
9. Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. However, no system is entirely secure and we cannot guarantee absolute security.
10. Children
TrustRefer is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. For significant changes, we will endeavour to notify registered users via the platform.