ReFloat

Oh no, something went wrong. Please check your network connection and try again.

Privacy Policy

ReFloat Privacy Policy

Effective Date: 20/05/2025

Match Marine Ltd, trading as ReFloat (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring that your personal data is collected, processed, and stored in full compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other relevant UK privacy laws.

This Privacy Policy explains what personal data we collect, how we use it, your rights, and how you can contact us regarding your data when using the ReFloat platform.

Data Controller

Match Marine Ltd (trading as ReFloat) (“we,” “us,” or “our”) is the data controller responsible for determining how and why personal data is processed in relation to the ReFloat platform. As the data controller, we ensure that all personal data collected, stored, and processed through the ReFloat platform is handled in full compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable UK data protection laws.

Registered Company Name: Match Marine Ltd
Company Number: 16290055
Registered Address: 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, England, W1T 6EB
Contact Email: hello@refloat.co.uk

ReFloat is a trading name of Match Marine Ltd, registered in England and Wales under company number 16290055.

For all matters relating to data protection, privacy, and your rights under UK GDPR, you can contact us at the email address above. If you wish to exercise any of your data rights, such as requesting access, corrections, or deletion of your personal data, please refer to Section 7 – Your Data Protection Rights of this Privacy Policy.

While we control the processing of most personal data on our Platform, certain aspects—such as payment processing and financial transactions—are handled by third-party service providers, including Stripe Connect. In such cases, Stripe acts as an independent data controller for payment data, and their privacy policies govern the handling of financial information.

What Personal Data We Collect

Match Marine Ltd (Trading as ReFloat) collects and processes personal data to provide our services, facilitate user interactions, and comply with legal obligations. We ensure that all data processing activities comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The type of personal data we collect depends on how you use our Platform.

2.1 Clients Buying and selling Items

When you create an account to buy or sell items on ReFloat, we collect the following information to facilitate the service:

  • Full Name
  • Email address
  • Contact details (phone number)
  • Payment Details (handled directly by Stripe Connect; Match Marine does not store financial information)
  • Optional Profile Photo (users can upload a profile picture, but this is not required)

This information is essential to ensure that customers can buy & sell items on the platform.

2.2 Sensitive Personal Data

Match Marine Ltd (Trading as ReFloat) does not collect or process sensitive personal data as defined under Article 9 of UK GDPR (such as racial or ethnic origin, political opinions, biometric data, or health information).

Users have the option to upload a profile photo, but this is entirely voluntary and is not required to use our services.

2.3 Usage Data and Cookies

In addition to personal data provided by users, Match Marine Ltd (Trading as ReFloat) collects usage data to improve Platform functionality, ensure security, and enhance the user experience. This data is collected automatically when users interact with the Platform. When users access or use the ReFloat Platform, we may collect the following types of usage data:

  • IP Address – Used for security, fraud prevention, and geographical analytics.
  • Device Information – Including browser type, operating system, and device model.
  • Log Data – Records of interactions with the Platform, such as login attempts, search queries, and actions performed on the site.
  • Session Data – Including page views, navigation paths, and time spent on specific features.
  • Cookies and Tracking Technologies – Used for essential website functionality (see Section 8 for more details on our Cookies Policy).

How We Use Your Data

Match Marine Ltd (Trading as ReFloat) processes personal data only for lawful purposes in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We do not sell or share user data with third parties for advertising purposes.

  • Providing and Operating the Platform: We use personal data to facilitate buying and selling on the marketplace. This includes creating and managing user accounts, processing payments and payouts via Stripe Connect, enabling secure communication between users and providers, and providing customer support and dispute resolution.
  • Communications and Notifications: We process personal data to send transaction confirmations, invoices, and payment notifications. We may also send important service updates regarding policy changes, security alerts, and new platform features. Additionally, we facilitate communication between clients through the Platform.
  • Security, Fraud Prevention, and Legal Compliance: We process personal data to detect and prevent fraud, unauthorised access, and abuse of the Platform. Identity verification may be required to enhance security and compliance. We also retain financial data where necessary for tax and regulatory obligations, including keeping financial records for six years in compliance with UK tax laws.
  • Marketing and Promotions (Only with User Consent): If users provide explicit consent, we may send newsletters, promotions, and updates about new services. We may also invite users to participate in optional surveys and provide feedback to improve the Platform. Personalised promotions may be offered based on past interactions. Users may withdraw their consent for marketing communications at any time by selecting the unsubscribe option in emails or contacting hello@refloat.co.uk.
  • Analytics and Service Improvement: We use anonymised and aggregated data to analyse platform performance, identify areas for improvement, and enhance the user experience. This includes monitoring navigation patterns, tracking engagement with different features, and ensuring technical stability. Additionally, security data is analysed to detect and address potential vulnerabilities.
  • Legal and Regulatory Compliance: We may process personal data to comply with legal obligations, including responding to legally binding requests from regulatory authorities. This includes obligations related to fraud prevention, money laundering regulations, and enforcing our Terms and Conditions. If required by law, we may disclose personal data to law enforcement agencies, tax authorities, or courts.
  • Automated Decision-Making and Profiling: Automated processes may identify fraudulent activities or potential violations of platform policies. Personalised recommendations may be generated based on past searches and interactions. Users have the right to request human intervention if they disagree with an automated decision that affects them.
  • Change of Business Ownership: If Match Marine Ltd (Trading as ReFloat) undergoes a sale, merger, or acquisition, personal data may be transferred as part of the transaction. If this occurs, affected users will be notified in advance, and they may request deletion of their data before the transfer.

We may also process personal data for compatible purposes that align with the original purpose of collection, provided that such processing is fair, lawful, and does not override user rights. This may include internal administrative purposes, auditing and record-keeping, ensuring business continuity, responding to user inquiries outside of direct service provision, or assessing trends to improve operational decision-making. Where legally required, or if the new processing purpose differs significantly from the original purpose, we will notify users and, where necessary, obtain their consent.

Legal Basis for Processing Your Data

We process your personal data under the following lawful bases as defined by UK GDPR:

  • Contractual Necessity (Article 6(1)(b)) – When processing is required to provide the services you request (e.g., facilitating bookings, payments, and customer support).
  • Legitimate Interests (Article 6(1)(f)) – When processing is necessary for our business operations, such as fraud prevention, security monitoring, and platform analytics.
  • Legal Obligation (Article 6(1)(c)) – When we are required to retain data for tax, accounting, or legal compliance.
  • Consent (Article 6(1)(a)) – When you explicitly opt in to marketing communications or voluntarily upload profile information.

You have the right to withdraw consent for marketing communications at any time.

Data Sharing and Disclosure

Match Marine Ltd (Trading as ReFloat) values user privacy and does not sell or share personal data with third parties for marketing or advertising purposes. However, in accordance with UK GDPR, the Data Protection Act 2018, and other applicable laws, we may share personal data under the following legally permitted circumstances:

  • With other users – When users engage in platform transactions , relevant contact details and profile information may be shared to facilitate service delivery.
  • With third-party service providers – We use trusted third parties to help us operate our Platform, such as Stripe Connect for payment processing. These service providers act as data processors under strict confidentiality and security obligations.
  • For legal and regulatory compliance – We may share data if required by law, including responding to legally binding requests from:
    • Regulatory authorities such as the Information Commissioner’s Office (ICO) or HM Revenue & Customs (HMRC).
    • Law enforcement agencies when disclosure is necessary for preventing, detecting, or investigating criminal activity.
    • Government bodies for compliance with tax laws, anti-money laundering regulations, or fraud prevention.
    • Courts or legal representatives in response to a valid court order, subpoena, or legal proceeding.
  • To protect rights, safety, and security – We may disclose personal data if necessary to enforce our Terms and Conditions, prevent fraud, protect the safety of users, or address threats to the security of our Platform.
  • As part of a business transaction – In the event of a merger, acquisition, sale of assets, or business restructuring, personal data may be transferred to a new owner or entity as part of the transaction. If this occurs, affected users will be notified in advance, and they may exercise their data rights before the transfer.
  • With legal representatives and professional advisors – We may share data with lawyers, accountants, auditors, or other professional advisors when necessary for compliance, contractual enforcement, or legal defence.
  • With insurance providers – If a claim arises related to a service booked through the Platform, relevant data may be shared with insurance providers or underwriters for risk management purposes.
  • For emergency situations – If required to protect an individual’s vital interests, such as in a medical emergency or safety-related incident, we may share necessary data with relevant authorities or emergency responders.

All data sharing is conducted in accordance with UK GDPR Article 6 (Lawful Processing) and Article 9 (Special Categories of Data, where applicable). When legally required, we will notify users before disclosing their personal data unless doing so would obstruct law enforcement or regulatory investigations.

Data Retention

Match Marine Ltd (Trading as ReFloat) retains personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. We apply the following retention periods based on the type of data and the legal or operational requirements associated with it:

  • Active User Accounts: We retain user data for as long as the account remains active. If a user continues to use the Platform, their data will be stored to maintain account functionality and service access.
  • Inactive User Accounts: If an account is inactive but has not been deleted, we will retain data unless a user requests deletion. We periodically review inactive accounts and may delete them after extended inactivity if no legal obligations require retention.
  • Financial and Transactional Records: We retain financial records, including payment history and invoices, for six (6) years to comply with HM Revenue & Customs (HMRC) requirements and other applicable tax laws.
  • Messages and Reviews: Communications between users (such as messages and reviews) are retained even after account deletion to ensure dispute resolution, fraud prevention, and platform integrity. These records will only be kept for as long as necessary for these purposes.
  • Legal and Compliance Records: If a user has been involved in a dispute, investigation, or policy violation, relevant data may be retained for as long as required to comply with legal, regulatory, or law enforcement obligations. The exact retention period will depend on the nature of the case and applicable laws.
  • Backup and System Logs: We maintain system backups and logs for security, fraud detection, and business continuity purposes. These backups are retained for a limited period and deleted as per our data security policies.

Where possible, instead of deleting data entirely, we may anonymise personal data so that it can no longer be linked to an identifiable individual. This allows us to retain insights for statistical, security, or research purposes without compromising user privacy.

Your Data Protection Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, users have specific rights regarding their personal data. Match Marine Ltd is committed to ensuring that all users can exercise these rights in a fair and transparent manner.

  • Right to Access: Users have the right to request access to the personal data we hold about them. This includes details of how their data is processed, the categories of data collected, and any third parties with whom data has been shared. Users can request a copy of their personal data by contacting hello@refloat.co.uk.
  • Right to Rectification: Users have the right to correct inaccurate or incomplete personal data. If any information associated with an account is incorrect, users can update their details via their account settings or request corrections by contacting our support team.
  • Right to Erasure (“Right to Be Forgotten”): Users can request the deletion of their personal data where:
    • The data is no longer necessary for the purposes for which it was collected.
    • The user withdraws consent (where applicable).
    • The data has been unlawfully processed.
    • Deletion is required for compliance with legal obligations.
      We will respond to deletion requests within 30 days, subject to legal, regulatory, or security-related retention obligations. If immediate deletion is not possible, we will inform the user of the reason and the expected timeframe for compliance.
  • Right to Restrict Processing: Users may request a restriction on data processing if:
    • They contest the accuracy of their data.
    • They object to processing but do not wish for the data to be deleted.
    • Processing is unlawful, but the user prefers restriction over deletion.
    • The data is required for legal claims but is no longer needed for platform operations.
      During restriction, the data will not be actively processed but will be stored securely.
  • Right to Data Portability: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format. This allows users to transfer their data to another service provider, where technically feasible. Requests for data portability can be made via hello@refloat.co.uk.
  • Right to Object: Users may object to the processing of their data in certain situations, including:
    • When processing is based on legitimate interests (unless we demonstrate compelling grounds for continuing).
    • When data is used for direct marketing purposes (users can opt out at any time).
    • When data is used for automated decision-making or profiling.
  • Right to Withdraw Consent: Where processing is based on user consent, users have the right to withdraw their consent at any time. This includes opting out of marketing communications or revoking permission for optional data collection (e.g., profile photos). Users can withdraw consent via their account settings or by contacting hello@refloat.co.uk.
  • Right to Lodge a Complaint: If a user believes their data protection rights have been violated, they have the right to file a complaint with the UK Information Commissioner's Office (ICO):
    Website: www.ico.org.ukHelpline: 0303 123 1113

Users are encouraged to contact Match Marine Ltd (Trading as ReFloat) first to resolve any concerns before escalating to the ICO.

Security Measures

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure.

  • Encryption and Secure Data Storage: We use industry-standard encryption protocols to protect data during transmission and storage. Sensitive information, including login credentials and payment details processed by Stripe Connect, is encrypted using TLS (Transport Layer Security).
  • Access Controls and Authentication: Personal data is stored in secure systems with access restricted to authorised personnel only. We implement role-based access controls (RBAC) to ensure that employees, contractors, and service providers only have access to data necessary for their duties. Multi-factor authentication (MFA) is used where applicable.
  • Regular Security Audits and Monitoring: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and mitigate risks. Suspicious login attempts and unusual activity are monitored in real time to detect and prevent unauthorised access.
  • Data Minimisation and Anonymisation: We collect and retain only the minimum amount of personal data necessary for the stated purposes. Where possible, personal data is anonymised or pseudonymised to enhance privacy and reduce risk.
  • Backup and Disaster Recovery: We maintain secure backups of critical data to ensure business continuity and disaster recovery. Backups are encrypted and stored in secure locations, with retention periods aligned with our Data Retention Policy.
  • Incident Response and Data Breach Procedures: In the event of a data breach, we have an incident response plan in place to identify, contain, and mitigate the breach. If a breach is likely to result in a high risk to users' rights and freedoms, we will notify affected users without undue delay and report the breach to the UK Information Commissioner’s Office (ICO) within 72 hours, in accordance with UK GDPR Article 33.
  • Third-Party Security Compliance: We ensure that all third-party service providers (such as Stripe Connect for payment processing) meet UK GDPR security requirements. We conduct due diligence on vendors before engaging with them and require data protection agreements where applicable.

While we take all reasonable steps to protect personal data, no online system can be completely secure. Users are responsible for safeguarding their account credentials, passwords, and devices. If users suspect any unauthorised access to their account, they should report it immediately to hello@refloat.co.uk.

Changes to This Privacy Policy

Match Marine Ltd (Trading as ReFloat) reserves the right to update this Privacy Policy as necessary to comply with legal requirements or improve transparency. Users will be notified of any material changes, and continued use of the Platform constitutes acceptance of the updated policy.

Contact Information

For any questions regarding this Privacy Policy or to exercise your data rights, please contact:

📧 Email: hello@refloat.co.uk

By using Match Marine Ltd's (Trading as ReFloat) services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your data as described.

Cookies Policy

Effective Date: 20/05/2025

Match Marine Ltd, trading as ReFloat (“Match Marine,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring transparency in how we use cookies and similar technologies on our website. This Cookies Policy explains what cookies are, which types we use, and how you can manage your cookie preferences.

For more information on how we process personal data, please refer to our Privacy Policy.

What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They help websites function properly, enhance user experience, and provide analytics to improve website performance. Some cookies are essential for website functionality, while others help us understand user behaviour without personally identifying visitors.

What Types of Cookies Do We Use?

Match Marine Ltd (trading as ReFloat) uses the following types of cookies on our website:

Essential Cookies

These cookies are strictly necessary for the website to function and cannot be disabled. They enable core features such as security, accessibility, and navigation.

Analytical Cookies (Plausible Analytics – No Consent Required)

We use Plausible Analytics, a privacy-friendly analytics tool that does not track individual users or store personal data. It helps us understand website traffic and user behaviour while staying fully compliant with UK GDPR and PECR (Privacy and Electronic Communications Regulations). These cookies do not require user consent, as they involve no tracking identifiers or third-party cookies.

Advertising Cookies

We do not use advertising cookies, nor do we engage in any third-party ad tracking (e.g., Google Ads or Facebook Pixel).

Other Cookies

At this time, we do not use any other optional cookies. If we introduce cookies that do require consent, we will implement a full consent management system.

Do We Use a Cookie Consent Banner?

Currently, we do not display a cookie consent banner, as our cookie use does not require user consent under UK GDPR and PECR. If we introduce cookies that require consent in the future, we will implement a cookie banner that allows users to manage their preferences.

Can Users Opt Out of Non-Essential Cookies?

As we currently don’t use non-essential cookies, no opt-out is required. If optional cookies are added in the future, users will be able to:

  • Accept or reject them via a consent banner
  • Adjust their cookie preferences at any time
  • Delete or block cookies via browser settings

How to Manage Cookies

Even though no action is needed right now, users can still manage or delete cookies using their browser settings:

Please note:

  • Disabling essential cookies may limit functionality or prevent access to secure areas.
  • Deleting cookies may reset your preferences or login sessions.
  • Opting out of future analytics cookies (if introduced) will not impact your ability to use the site but may limit how we optimise user experience.

Changes to This Cookies Policy

Match Marine Ltd (trading as ReFloat) may update this Cookies Policy to reflect:

  • Changes to our cookie practices
  • New legal requirements
  • The introduction of optional cookies

If changes are made that require consent, we’ll notify users and provide updated preference tools.

Contact Information

If you have any questions about this Cookies Policy or how we use cookies, please contact us at:

Email: hello@refloat.co.uk

By continuing to use our website, you acknowledge that you have read and understood this Cookies Policy.