By continuing to browse our website, you agree to our use of cookies to enhance your experience and provide personalized content.

GDPR Compliance Policy

Effective Date: 18 April 2025

This GDPR Compliance Policy outlines how Watermelon Partners Ltd (trading as “Watermelon Partners”, “WP”, “we”, “us”, or “our”) collects, processes, and protects personal and business data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to protecting your privacy and ensuring your personal and business data is handled responsibly, securely, and lawfully.

1. Data Collection

We collect personal and business data from businesses and their representatives during the application and compliance process. This may include:

  • Business registration and contact details
  • Company structure and ownership information
  • Product and service details
  • Supplier and customer information
  • Purchase and sales records
  • Financial and banking details
  • Website and social media links
  • Any other information required to complete our compliance checks

This data is essential for us to carry out our certification process effectively.

2. Lawful Basis for Processing

We process data under the following lawful bases:

  • Contractual necessity – to fulfil our obligations as a certifying body
  • Legitimate interests – in ensuring ethical compliance and protecting the integrity of our certification scheme
  • Legal obligation – where we are required to retain or share data under UK law

3. Use of Data

We use the information we collect solely for purposes including:

  • Conducting compliance checks
  • Issuing and managing certifications
  • Administering payments and accounts
  • Providing updates and important communications
  • Promoting certified partners (businesses) on our website and social media platforms
  • Carrying out random audits and ensuring ongoing compliance

We do not sell, rent, or share your data for marketing purposes with third parties.

4. Data Sharing

We only share data with:

  • Watermelon Partners compliance officers and authorised staff
  • Legal or regulatory authorities if required by law
  • Your business, for the purpose of managing your certification
  • No other third parties, unless with your explicit written consent.

All payments are made via BACS or, after certification, through Direct Debit set up between the business and their provider. We do not use third-party payment processors.

5. Data Storage and Security

All data is stored securely on our internal protected database with limited access. We use appropriate technical and organisational measures to prevent unauthorised access, loss, misuse, or breach of data.

6. International Data Transfers

If any data is processed or stored using platforms based outside the UK, we ensure that appropriate safeguards are in place in accordance with the UK GDPR, such as Standard Contractual Clauses or adequacy decisions.

7. Cookies and Website Tracking

Our website uses cookies to improve user experience and collect anonymised data for analytics purposes.

Cookies are small text files stored on your device. By using our website, you consent to the use of cookies in accordance with our Cookie Policy. You can manage cookie preferences through your browser settings at any time.

Please refer to our separate Cookie Policy for more information on the types of cookies used and your options to control or disable them.

8. Children’s Data

Our services are not directed at, and we do not knowingly collect data from, individuals under the age of 18.

9. Data Breach Response

In the event of a personal data breach, we will investigate and act promptly to assess the impact, notify affected individuals, and report to the Information Commissioner’s Office (ICO) where legally required.

10. Data Retention

We retain data only for as long as necessary to fulfil the purposes for which it was collected and to meet any legal or regulatory requirements. When data is no longer required, it is securely deleted or anonymised.

11. Confidentiality

All business and personal data provided to Watermelon Partners during the compliance and certification process is treated as confidential. We do not disclose any commercially sensitive information without your prior written consent unless legally required to do so.

12. Your Rights

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure of data no longer needed
  • Object to processing in certain situations
  • Request restriction of processing
  • Withdraw consent where applicable
  • Lodge a complaint with the ICO at www.ico.org.uk

To exercise any of these rights, please contact us at:
Email: info@watermelonpartners.co.uk

13. Data Protection Contact

While we are not legally required to appoint a Data Protection Officer, we have designated a contact for data protection matters. For questions, concerns or requests, please email: info@watermelonpartners.co.uk

14. Updates to This Policy

We reserve the right to update this policy at any time. Updates will be published on our website. Continued use of our services following any changes constitutes acceptance of the revised policy.