East-West Company Services Limited
Privacy Policy
EAST-WEST COMPANY SERVICES LIMITED
Company No. 15830144 (England & Wales)
Last Updated: 26 October 2025
Effective Date: 26 October 2025
________________
Introduction
East-West Company Services Limited ("we," "us," or "our") is committed to protecting your privacy and handling your personal data responsibly.
This Privacy Policy explains how we collect, use, share, and protect personal data when you:
* Visit our website
* Use our software platform and services
* Contact us or request information
* Sign up for marketing communications
Who We Are:
We are East-West Company Services Limited, a company incorporated in England and Wales (Company No. 15830144).
Contact Us:
For any privacy questions or to exercise your rights, contact us at:
* Email: admin@greenwich-mercantile.com
* Postal Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
________________
What This Policy Covers
This Privacy Policy applies to personal data we collect and process as a data controller. This includes:
* Information about website visitors and prospective customers
* Information about account holders and users of our Services
* Information about individuals who contact us
Note: When you use our Services and upload your own data (including personal data of your employees, customers, or partners), we process that data on your behalf as a data processor. That processing is governed by the Data Processing Addendum in our Terms of Service, not this Privacy Policy.
________________
1. What Personal Data We Collect
1.1 Information You Provide Directly
Account Registration & Service Use
* Name and business contact details (email, phone number, job title)
* Company name and business address
* Account credentials (username, password - encrypted)
* Payment information (processed by our payment provider - we do not store full card details)
* Communications with us (support tickets, emails, chat messages)
* Information you upload to the Services (see Section 2 for how this is handled)
Inquiries & Marketing
* Name, email address, company name, and message content when you contact us
* Preferences for receiving marketing communications
* Information you provide in surveys or feedback forms
1.2 Information Collected Automatically
Usage Data
* Features and functionality you use within the Services
* Time, frequency, and duration of your activities
* Settings and preferences
* Pages visited and actions taken
Device & Technical Data
* IP address and location (country/city level)
* Browser type and version
* Device type and operating system
* Referring website/source
* Date and time stamps
Cookies & Similar Technologies
* We use cookies and similar tracking technologies. See Section 9 (Cookies) below.
1.3 Information from Third Parties
We may receive information about you from:
* Third-party services you connect to our platform (with your authorization)
* Publicly available sources (such as company websites and LinkedIn)
* Marketing and analytics service providers
________________
2. How We Use Your Personal Data
2.1 Providing the Services
Legal Basis: Performance of contract
We use your personal data to:
* Create and manage your account
* Provide access to the Services
* Process payments and manage billing
* Provide customer support and respond to inquiries
* Send service-related notifications (account updates, security alerts, system maintenance)
2.2 Service Improvement & Development
Legal Basis: Legitimate interests (improving our Services and developing new features)
We use de-identified and aggregated data to:
* Improve existing features and develop new functionality
* Analyze usage patterns and trends
* Conduct research and development
* Ensure quality and performance of the Services
Note: When data is properly de-identified and aggregated, it is no longer personal data and is not subject to the restrictions below.
2.3 Marketing & Communications
Legal Basis: Consent (for marketing) or Legitimate interests (for existing customers)
With your consent or where we have a legitimate interest, we may:
* Send you information about our Services, updates, and offers
* Invite you to webinars, events, or surveys
* Display relevant content and advertisements
You can opt out at any time (see Section 10).
2.4 Security, Fraud Prevention & Compliance
Legal Basis: Legitimate interests (protecting our platform and users) or Legal obligation
We use your data to:
* Detect, prevent, and investigate fraud, abuse, or security threats
* Enforce our Terms of Service
* Comply with legal obligations (such as tax, accounting, or law enforcement requests)
* Establish, exercise, or defend legal claims
2.5 Analytics & Performance
Legal Basis: Legitimate interests (understanding how our Services are used)
We use analytics tools to:
* Understand how visitors interact with our website
* Analyze user behavior and preferences
* Measure the effectiveness of our marketing
* Improve website and app performance
We may use third-party analytics providers (such as Google Analytics). See Section 4.
________________
3. Children's Privacy
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.
If you believe we have inadvertently collected data from a child, please contact us immediately at admin@greenwich-mercantile.com so we can delete it.
________________
4. Who We Share Your Data With
We do not sell your personal data to third parties.
We share your personal data only in the following circumstances:
4.1 Service Providers & Subprocessors
We share data with trusted third-party service providers who help us deliver the Services:
Infrastructure & Hosting
* Amazon Web Services (AWS) – cloud hosting and infrastructure (EU/UK regions)
Payment Processing
* Payment processors to handle billing and payments (we do not store full payment card details)
Analytics & Marketing
* Analytics providers (such as Google Analytics) to understand website and app usage
* Email service providers for sending communications
* CRM and marketing automation platforms
Customer Support
* Customer support and helpdesk tools to respond to inquiries
All service providers are contractually required to:
* Process data only on our instructions
* Implement appropriate security measures
* Comply with data protection laws
4.2 Business Transfers
If we are involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your data.
4.3 Legal Requirements
We may disclose your data if required to:
* Comply with applicable laws, regulations, or legal processes
* Respond to lawful requests from public authorities (including law enforcement)
* Enforce our Terms of Service or protect our rights
* Protect the safety and security of our Services, users, or the public
4.4 With Your Consent
We may share your data with other third parties when you have given us specific consent to do so.
________________
5. International Data Transfers
5.1 Where We Store Your Data
Our primary data storage is in the United Kingdom and European Economic Area (via AWS data centers).
5.2 Transfers Outside the UK/EEA
Some of our service providers may process data outside the UK or EEA. When we transfer personal data internationally, we ensure appropriate safeguards are in place:
* UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs) with UK Addendum
* Transfers to countries with adequacy decisions from the UK Government or European Commission
* Additional technical and organizational measures (such as encryption) where appropriate
You can request a copy of the safeguards we use by contacting admin@greenwich-mercantile.com.
________________
6. How Long We Keep Your Data
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Typical Retention Periods:
Account Data
* While your account is active, plus 60 days after account closure or termination
* Financial records: 7 years (for tax and accounting purposes)
Marketing Data
* Until you unsubscribe or withdraw consent, then we will delete or anonymize it (subject to legal retention requirements)
Website Visitor Data
* Usage and analytics data: up to 26 months
* Cookie data: as specified in our Cookie Policy (see Section 9)
Support & Communications
* Customer support records: 3 years from the last interaction
Backups
* Encrypted backups are retained for 35 days on a rolling basis
Legal Claims
* We may retain data longer if necessary to establish, exercise, or defend legal claims
When data is no longer needed, we will securely delete or anonymize it.
________________
7. How We Protect Your Data
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration.
Security Measures Include:
Technical Safeguards
* Encryption in transit (TLS 1.2+) and at rest (AES-256)
* Access controls – role-based access with least privilege principle
* Multi-factor authentication for administrative access
* Regular security monitoring and intrusion detection
* Automated backups with encryption
* Vulnerability scanning and penetration testing
Organizational Safeguards
* Employee background checks and security training
* Confidentiality agreements for all staff with access to personal data
* Incident response procedures to detect and respond to breaches
* Regular security reviews and audits
Infrastructure Security
* Industry-standard data center security (via AWS)
* Geographically distributed infrastructure for redundancy
Your Responsibility
You are responsible for:
* Keeping your account credentials secure and confidential
* Using a strong, unique password
* Notifying us immediately if you suspect unauthorized access
No security is perfect. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If you believe there has been a security breach, contact us immediately at admin@greenwich-mercantile.com.
________________
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
8.1 Right to Access
You can request a copy of the personal data we hold about you. We will provide this free of charge within 30 days of your request.
8.2 Right to Rectification
You can ask us to correct inaccurate or incomplete personal data.
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances:
* The data is no longer necessary for the purposes we collected it
* You withdraw consent (where consent was the legal basis)
* You object to processing and there are no overriding legitimate grounds
* The data was processed unlawfully
* Deletion is required to comply with a legal obligation
Note: We may refuse deletion if we need to retain the data for legal obligations, to establish/defend legal claims, or for other lawful reasons.
8.4 Right to Restriction of Processing
You can request that we restrict processing of your data in certain circumstances (e.g., while we verify accuracy or assess objections).
8.5 Right to Data Portability
You can request a copy of your data in a structured, commonly used, machine-readable format and ask us to transmit it to another controller (where technically feasible).
8.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.
8.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
8.8 Right to Complain
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):
* Website: www.ico.org.uk
* Helpline: 0303 123 1113
* Postal Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
How to Exercise Your Rights
To exercise any of these rights, contact us at admin@greenwich-mercantile.com with:
* Your name and company
* Description of your request
* Proof of identity (if required for security purposes)
We will respond within 30 days (or as required by law). In complex cases, we may extend this by a further 60 days and will notify you.
________________
9. Cookies & Tracking Technologies
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help us remember your preferences, understand how you use our site, and improve your experience.
Types of Cookies We Use
Essential Cookies (Always Active)
These cookies are necessary for the website and Services to function. They enable core functionality such as:
* Security and authentication
* Remembering your login session
* Load balancing and performance
Legal Basis: Necessary for the performance of a contract or our legitimate interests in providing a functional website.
Analytics & Performance Cookies
These cookies help us understand how visitors interact with our website by collecting information about:
* Pages visited
* Time spent on pages
* Click patterns and navigation
* Errors encountered
We use services such as Google Analytics.
Legal Basis: Consent (for non-essential cookies) or legitimate interests (where cookies are anonymized).
Marketing & Advertising Cookies
These cookies are used to:
* Display relevant advertisements
* Measure the effectiveness of marketing campaigns
* Remember your preferences
Legal Basis: Consent.
Managing Cookies
Cookie Banner: When you first visit our website, you will see a cookie banner allowing you to accept or reject non-essential cookies.
Browser Settings: You can control and delete cookies through your browser settings. However, disabling essential cookies may affect the functionality of the Services.
Opt-Out Links:
* Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
Cookie Retention
Most cookies expire when you close your browser (session cookies). Others remain on your device for a set period (persistent cookies), typically between 1 month and 2 years.
For a detailed list of cookies we use, including names, purposes, and expiration periods, contact admin@greenwich-mercantile.com.
________________
10. Marketing & Communications
How We Use Your Data for Marketing
With your consent or where we have a legitimate interest (for existing customers), we may send you:
* Product updates and new features
* Industry insights and best practices
* Invitations to webinars and events
* Promotional offers and discounts
How to Opt Out
You can opt out of marketing communications at any time by:
Email Unsubscribe
* Click the "Unsubscribe" link in any marketing email
Account Settings
* Update your communication preferences in your account settings
Contact Us
* Email admin@greenwich-mercantile.com with your request
Note: Even if you opt out of marketing, we may still send you service-related communications (such as account notifications, security alerts, billing notices) that are necessary for the Services.
________________
11. Third-Party Links
Our website and Services may contain links to third-party websites, services, or integrations that are not operated by us.
We are not responsible for:
* The privacy practices of third-party websites
* Content or accuracy of third-party services
* How third parties collect or use your data
We encourage you to review the privacy policies of any third-party services you access.
________________
12. Automated Decision-Making
We do not use personal data for fully automated decision-making (decisions made solely by algorithms without human involvement) that produces legal or similarly significant effects.
AI-Generated Outputs: Our Services use artificial intelligence and machine learning to generate outputs. However:
* These outputs are suggestions only and require human review
* They do not constitute automated decisions with legal effect
* You remain responsible for reviewing and validating all outputs
________________
13. Business Customers & Employee Data
If you are a business customer using our Services, you may upload personal data of your employees, customers, or partners.
Important: For that data, you are the data controller and we are the data processor. Our processing of that data is governed by the Data Processing Addendum in our Terms of Service, not this Privacy Policy.
You are responsible for:
* Having a legal basis to process and share that data with us
* Providing appropriate privacy notices to those individuals
* Ensuring you have necessary consents or legitimate interests
* Complying with data protection laws as a controller
________________
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
* Changes to our Services or business practices
* Legal or regulatory requirements
* Feedback from users or regulators
Notice of Changes: We will notify you of material changes by:
* Posting a prominent notice on our website
* Sending an email to your registered email address (if you have an account)
* Updating the "Last Updated" date at the top of this policy
Continued Use: By continuing to use our Services after changes become effective, you accept the updated Privacy Policy.
We encourage you to review this Privacy Policy periodically.
________________
15. Legal Basis Summary (UK GDPR)
Purpose
Legal Basis
Providing the Services, managing your account, billing
Performance of contract
Customer support and responding to inquiries
Performance of contract or legitimate interests
Service improvement and development (using de-identified data)
Legitimate interests
Security, fraud prevention, abuse detection
Legitimate interests or legal obligation
Analytics and understanding usage
Legitimate interests or consent (for cookies)
Marketing communications to prospects
Consent
Marketing communications to existing customers
Legitimate interests or consent
Legal compliance, responding to legal requests
Legal obligation
Establishing, exercising, or defending legal claims
Legitimate interests
Legitimate Interests: Where we rely on legitimate interests, we have balanced our interests against your privacy rights and ensured that processing is not overridden by your interests or fundamental rights.
________________
16. Contact Us & Questions
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Email: admin@greenwich-mercantile.com
Postal Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Complaints: If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk or 0303 123 1113.
________________
This Privacy Policy was last updated on 26 October 2025. We are committed to protecting your privacy and handling your data responsibly. Thank you for trusting East-West Company Services Limited.
________________
← Go back