BURTZ LTD

Privacy Policy

How BURTZ LTD handles personal data on the Burtz website and, when launched, the Burtz mobile marketplace.

Last updated: 16 July 2026

1. Who we are

BURTZ LTD (“Burtz”, “we”, “us” or “our”) is a private limited company registered in England and Wales under company number 17340350. Our registered office is 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For the purposes of applicable data-protection law, BURTZ LTD is the controller of personal data described in this Privacy Policy unless a different controller is identified at the point of collection.

You can contact us at [email protected].

2. Scope and current development status

This Privacy Policy covers the Burtz website and is intended to cover the Burtz mobile application and marketplace services when they launch.

Burtz mobile app is currently under development. Launching across Europe in 2026. Features described below that depend on user accounts, payments, listings, rentals, identity verification or marketplace transactions are not necessarily active yet. We will update this Policy before or when those features become available.

3. Personal data we may collect

Website and enquiry data

  • your name, email address and the contents of messages you send to us;
  • early-access, partnership, bookshop or business enquiries;
  • technical data such as IP address, browser type, device type, approximate location, referring page, pages visited, timestamps and security logs generated by our hosting and security providers.

When the mobile app and marketplace launch

Depending on the features you use, we may collect:

  • Account and profile data: name, username, email, telephone number, profile image, language, country and account preferences.
  • Verification data: date of birth, identity-document information, verification result and fraud-prevention indicators. Where possible, specialist providers will verify identity without Burtz retaining a full copy of the document.
  • Marketplace data: book listings, ISBNs, photographs, descriptions, prices, availability, private-library information, rental periods, swaps, orders, returns, disputes and reviews.
  • Payment and payout data: transaction references, payment status, payout account identifiers, tax or business information and limited payment-card metadata. Full card numbers are expected to be processed by regulated payment providers rather than stored by Burtz.
  • Delivery and location data: delivery address, pickup point, locker selection, shipment tracking and location information you choose to provide.
  • Communications: messages sent through the platform, support requests, reports and dispute evidence.
  • Usage and device data: app interactions, device identifiers, operating system, diagnostic logs, crash information and security events.
  • Business-account data: legal name, registration number, VAT number, registered address, representatives, beneficial-owner or compliance information where required.

We do not intentionally ask for special-category personal data. Please do not include sensitive health, political, religious, biometric or similar information in listings or messages unless it is strictly necessary and requested through an appropriate process.

4. How we obtain personal data

We may obtain personal data directly from you, from other users involved in a transaction, from your device, from payment, identity, delivery and authentication providers, from public company registers, and from fraud-prevention or compliance providers where permitted by law.

5. Purposes and lawful bases

PurposeTypical lawful basis
Responding to enquiries and operating the pre-launch websiteLegitimate interests; steps requested before entering a contract
Creating and administering accountsPerformance of a contract
Facilitating sales, rentals, swaps, subscriptions, delivery, payments and supportPerformance of a contract; legal obligations
Identity, age, business and payout verificationPerformance of a contract; legal obligation; legitimate interests in trust and fraud prevention
Platform safety, fraud prevention, security, dispute handling and enforcementLegitimate interests; legal obligations; establishment, exercise or defence of legal claims
Accounting, tax, regulatory and record-keeping requirementsLegal obligation
Improving and analysing the serviceLegitimate interests; consent where required for non-essential analytics technologies
Sending requested updates and direct marketingConsent, or legitimate interests where permitted; you may opt out at any time

Where we rely on legitimate interests, we consider the necessity of the processing and balance our interests against your rights and expectations.

6. How we share personal data

We may share personal data only as reasonably necessary with:

  • other users, for example the information needed to complete a transaction, delivery, pickup or dispute;
  • hosting, cloud, security, analytics, communications and customer-support providers;
  • payment processors, banks, payout providers and fraud-prevention services;
  • identity, age and business-verification providers;
  • delivery companies, parcel lockers and pickup-point operators;
  • professional advisers, auditors, insurers and potential investors or acquirers subject to appropriate confidentiality obligations;
  • tax authorities, courts, regulators, law-enforcement bodies and other authorities where required or permitted by law.

We do not sell personal data as a commodity.

7. International transfers

Some service providers may process data outside the United Kingdom or European Economic Area. Where required, we will use recognised safeguards such as adequacy regulations or decisions, the UK International Data Transfer Agreement or Addendum, European Commission standard contractual clauses, and supplementary technical and organisational measures.

8. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, including legal, accounting, tax, security and dispute-resolution requirements.

  • Pre-launch enquiries are normally retained for up to 24 months after the last meaningful contact, unless a longer period is justified.
  • Account data is normally retained while the account is active and for a limited period after closure.
  • Transaction, accounting and tax records may be retained for the period required by applicable law, commonly six or more years.
  • Security and technical logs are normally retained for shorter periods unless needed to investigate misuse or a security incident.
  • Dispute and legal-claim records may be retained until relevant limitation periods expire.

We will refine and publish a detailed retention schedule before marketplace launch.

9. Your rights

Depending on your location and the applicable law, you may have rights to:

  • receive information about how we use your data;
  • access a copy of your personal data;
  • correct inaccurate or incomplete data;
  • request deletion of data in certain circumstances;
  • restrict or object to processing;
  • receive certain data in a portable format;
  • withdraw consent at any time where processing relies on consent;
  • complain to a data-protection authority.

Your right to object: where we process data on the basis of legitimate interests, you may object based on your particular situation. You may object to direct marketing at any time.

To exercise a right, email [email protected]. We may need to verify your identity before acting on a request.

10. Complaints

We would prefer to address your concern directly. You also have the right to complain to the UK Information Commissioner’s Office or, where EU law applies, the supervisory authority in the country where you live, work or believe an infringement occurred.

11. Security

We use proportionate technical and organisational safeguards designed to protect personal data, including access controls, encryption in transit, monitoring, backups and vendor reviews. No internet service can guarantee absolute security, and users must protect their passwords and devices.

12. Children

The pre-launch website is not directed to children. Before marketplace launch, Burtz will define and implement age requirements, parental-consent processes where applicable, and age-appropriate privacy information. We do not knowingly collect personal data from children through the current website.

13. Automated decisions and recommendations

The future service may use automated systems to rank books, recommend content, detect fraud or identify policy violations. We will provide additional information before using any solely automated decision that produces legal or similarly significant effects, together with applicable rights to human review.

14. Third-party links and services

The website or future app may link to third-party services. Their processing is governed by their own privacy notices. We are not responsible for third-party websites or services that we do not control.

15. Changes to this Policy

We may update this Policy as Burtz develops, when new providers or features are introduced, or when legal requirements change. The current version and effective date will be published on this page. Material changes will be highlighted where appropriate.

16. Contact

BURTZ LTD
Company number 17340350
71–75 Shelton Street
Covent Garden, London, WC2H 9JQ
United Kingdom
Email: [email protected]