Legal · No. 01

Privacy Statement

Discretion is the foundation of Private Sellers Club. This notice explains, in plain English, what personal data we collect about you, why we collect it, how long we keep it, who we share it with, and the rights you have under the UK GDPR and the Data Protection Act 2018.

Last updated · 26 April 2026Applies to · privatesellersclub.com & all sub-domains

1. Summary

Private Sellers Club is an invitation-only marketplace for off-market UK businesses and properties. Confidentiality is a feature of the product, not a bolt-on. We collect the minimum personal data needed to verify members, match buyers with sellers, send transactional notifications, and operate the service safely and lawfully.

  • We do not sell, rent or trade your personal data. Ever.
  • We do not run third-party advertising trackers on this site.
  • Listings are anonymised by default. Identifying details are released only after a buyer is verified and a non-disclosure agreement is signed.
  • You can ask us to access, correct, export or delete your data at any time.

2. Who we are

The data controller for personal data processed through this site is Private Sellers Club Ltd ("Private Sellers Club", "the Club", "we", "us"), a company registered in England & Wales. We are registered with the UK Information Commissioner's Office (ICO) as a data controller.

For any privacy-related question, our point of contact is the Data Protection lead at privacy@privatesellersclub.com.

3. Data we collect

We collect the following categories of personal data:

3.1 Information you give us

  • Membership applications: full name, email address, what you're primarily interested in (buying / selling / both), and your indicative investment or transaction band.
  • Account profile: name, contact details, professional background, buyer or seller designation, and any optional preferences you set.
  • Listings (sellers only): trading details, financial summaries, location, asking price and supporting documents. These are anonymised when published and only revealed to verified, NDA-bound buyers.
  • Verification data: identity documents, proof of funds, source of funds, and corporate records where required by anti-money laundering rules.
  • Communications: messages you send through the platform, NDAs you sign, and any correspondence with our team.

3.2 Information we collect automatically

  • Technical data: IP address (truncated where possible), device type, browser, operating system, language, and approximate geolocation derived from IP.
  • Usage data: pages viewed, listings opened, search filters used, timestamps, and referring URL.
  • Security data: login attempts, OTP requests, suspected bot activity, and abuse signals.

3.3 Information from third parties

  • Identity & AML providers for KYC checks on buyers and sellers.
  • Companies House and equivalent corporate registries for verification of business sellers.
  • Email deliverability providers to confirm bounces, spam reports and successful delivery of transactional email.

3.4 Special category data

We do not deliberately collect special category data (such as health, religion or political views). If such data is incidentally included in documents you upload, we treat it with the same confidentiality as the rest of your file and only access it when strictly necessary.

4. How we use your data

  • To create and operate your account and verify your eligibility for membership.
  • To match buyers with relevant off-market opportunities and to facilitate anonymised first contact.
  • To send transactional emails: confirmation codes, NDA notifications, listing updates and security alerts.
  • To prevent fraud, abuse, money laundering and unauthorised access.
  • To comply with legal, regulatory and tax obligations.
  • To improve the platform — reliability, performance, search relevance and the quality of curation.
  • With your separate consent, to send occasional editorial updates from the Founders.

5. Lawful bases for processing

Under UK GDPR Article 6, we rely on the following lawful bases:

  • Contract: to provide the membership service you have requested and to perform our obligations to buyers and sellers.
  • Legitimate interests: to keep the platform secure, prevent abuse, develop and improve our service, and run a confidential matching network for verified members. We have weighed these interests against your rights and freedoms.
  • Legal obligation: for anti-money laundering checks, tax reporting, responding to lawful requests from authorities, and retention required by law.
  • Consent: for optional marketing or editorial emails, and for non-essential cookies. You can withdraw consent at any time.

6. Who we share data with

We share personal data only with parties who need it to deliver the service or who we are legally required to share it with.

  • Other Club members — only after explicit acceptance, NDA signing, and within the deal context. Sellers' identifying information is not shared with buyers until both parties consent.
  • Service providers we have contracted, acting as data processors under written agreements: cloud hosting, database, transactional email, identity verification, and error monitoring.
  • Professional advisers (lawyers, accountants, auditors) under duties of confidentiality, where strictly necessary.
  • Authorities and regulators where we are legally required to disclose information, for example to HMRC, the National Crime Agency, the ICO or a court order.
  • Successors in the event of a merger, acquisition or asset sale, in which case the receiving party will be bound by this notice or one no less protective.

We never sell or rent personal data, and we do not share it with third-party advertisers.

7. International transfers

Our primary infrastructure is hosted in the United Kingdom and the European Economic Area (EEA). Some of our processors are located outside the UK/EEA. Where personal data is transferred outside the UK, we rely on:

  • UK adequacy regulations, where the destination country has been recognised by the UK government as providing equivalent protection;
  • the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum; and
  • supplementary technical measures such as encryption in transit and at rest.

You can request a copy of the safeguards we use for any specific transfer by emailing privacy@privatesellersclub.com.

8. How long we keep data

We keep personal data only for as long as we need it for the purpose it was collected, or to meet legal and regulatory obligations. Indicative retention periods:

  • Membership applications that don't proceed: 24 months from last contact.
  • Active member accounts: for the lifetime of the account, plus 6 years after closure for tax, audit and AML purposes.
  • Listings & deal correspondence: 6 years after the deal completes or is withdrawn.
  • KYC / AML records: 5 years after the end of the business relationship, as required by the Money Laundering Regulations 2017.
  • Server and security logs: 30 to 180 days, depending on the log type.

When the retention period ends, data is deleted or fully anonymised.

9. Security

We treat security as part of the product, not a back-office function. Measures we take include:

  • encryption in transit (TLS 1.2+) for all network traffic;
  • encryption at rest for the production database and all uploaded documents;
  • row-level access control on our database, with least-privilege defaults;
  • multi-factor authentication for staff with administrative access;
  • per-email rate limiting, honeypot and timing checks on public forms;
  • independent third-party penetration testing on a recurring basis; and
  • a documented incident response process with notification of the ICO and affected individuals where required.

No system can be 100% secure. If you believe your account has been compromised, email security@privatesellersclub.com immediately.

10. Your rights

Under the UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data, where we no longer have a lawful basis to keep it.
  • Restrict our processing in certain circumstances.
  • Object to processing based on our legitimate interests.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time for any processing based on consent.
  • Lodge a complaint with the ICO (see Section 16).

To exercise any of these rights, email privacy@privatesellersclub.com. We respond within one calendar month and will not charge a fee unless your request is manifestly unfounded or excessive.

11. Cookies & similar technologies

We use a deliberately small number of cookies. None of them serve advertising or cross-site tracking.

  • Strictly necessary: session cookies that keep you signed in, remember your role (buyer / seller / admin) and protect against CSRF.
  • Functional: remembers preferences such as theme, language and whether you've dismissed a banner.
  • Analytics (only with consent): aggregated, IP-truncated usage statistics so we can improve the service. You can decline these without losing access to any feature.

Most browsers let you refuse or delete cookies. Disabling strictly-necessary cookies will prevent you from signing in or completing transactions on the platform.

12. Marketing communications

We use email sparingly. Operational messages — confirmation codes, NDA notifications, new matched listings and account alerts — are part of the service and cannot be switched off while your account is active.

Editorial updates from the Founders are opt-in. You can unsubscribe at any time using the link at the foot of any such email, or by emailing us directly.

13. Automated decisions & profiling

We use lightweight automated systems to score listings, prioritise matches and detect suspicious activity. None of these decisions produce legal or similarly significant effects on you without human review. Membership decisions are always made by a real member of the curation team.

14. Children

The Club is intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please email privacy@privatesellersclub.com and we will delete it.

15. Changes to this notice

We may update this notice from time to time. The "Last updated" date at the top of the page will always reflect the latest version. Material changes will be notified by email to active members at least 14 days before they take effect.

16. Complaints

We hope you'll come to us first so we can put things right. If you remain unhappy, you have the right to complain to the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
ico.org.uk · 0303 123 1113

17. Contact us

For any question about this notice or how we handle your data, write to:

Private Sellers Club Ltd
Data Protection Lead
privacy@privatesellersclub.com

For security incidents only: security@privatesellersclub.com.

Quietly yours, The Founders.