Privacy
Policy

2.1 MensayHub Ltd

MensayHub Ltd is a company incorporated in England and Wales, trading as ArtisansHub.org. As the Data Controller, we determine the purposes and means of processing your personal data in connection with the Platform.

2.2 ICO Registration

MensayHub Ltd is registered with the Information Commissioner's Office (ICO) as a Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our legal obligations under these frameworks seriously and have implemented appropriate policies, procedures, and safeguards to uphold your data rights.

To contact us about any data protection matter, please email: privacy@artisanshub.org

3.1 Identity and Contact Data

• Full name and display name or business name;
• Email address and telephone number;
• Physical or business address (for Artisans, used to power location-based search);
• Profile photograph or logo (where voluntarily uploaded).

3.2 Profile and Service Data

• Trade category, service descriptions, skills, and specialisms;
• Portfolio content including images, videos, and project descriptions;
• Professional qualifications, certifications, and licences (where provided);
• Availability, service area, and pricing information.

3.3 Transaction and Billing Data

• Subscription plan history and billing cycle records;
• Payment confirmation details (we do not store full card numbers — these are processed exclusively by our PCI-DSS compliant payment processor);
• Invoice and billing correspondence.

3.4 Technical and Usage Data

• IP address, browser type, and version;
• Device type, operating system, and screen resolution;
• Pages visited, time spent on the Platform, features accessed, and search queries;
• Referring URLs and exit pages;
• Cookie identifiers and session tokens (see our Cookie Policy for full details).

3.5 Communications Data

• Enquiry messages sent via the Platform's messaging system;
• Support correspondence submitted to our team;
• Notifications sent to you (and whether they were opened or acted upon);
• Review and ratings content submitted by Customers.

3.6 Data We Do Not Collect

We do not intentionally collect special category data (such as health, racial or ethnic origin, religious beliefs, or sexual orientation). We also do not knowingly collect data from children under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately at privacy@artisanshub.org.

4.1 Performance of Contract (Article 6(1)(b))

We process your data to provide you with access to the Platform, manage your Account, facilitate enquiries between Artisans and Customers, and process subscription payments. This processing is necessary to fulfil the contract we have with you as a registered User.

4.2 Legitimate Interests (Article 6(1)(f))

We process certain data based on our legitimate interests, which include:

• Improving, developing, and maintaining the Platform;
• Detecting and preventing fraud, abuse, and security incidents;
• Conducting analytics to understand how the Platform is used;
• Communicating relevant updates, product news, and operational notices.

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object to this processing — see Section 8.

4.3 Legal Obligation (Article 6(1)(c))

We may process your data where necessary to comply with a legal obligation, such as responding to lawful requests from regulatory authorities, law enforcement, or courts, or to meet our obligations under tax, financial reporting, or consumer protection law.

4.4 Consent (Article 6(1)(a))

Where we rely on your consent — for example, to send you marketing emails or to use non-essential cookies — we will always obtain your explicit consent before doing so. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6.1 Payment Processors

Subscription payments are processed by our third-party payment provider (currently Stripe or equivalent). When you subscribe, your payment details are transmitted directly to and stored by our payment processor. We receive only a transaction confirmation and billing token. Our payment processor operates under its own privacy policy and is required to comply with PCI-DSS standards.

6.2 Infrastructure and Technology Providers

We use cloud hosting, database, and email delivery services to operate the Platform. These providers process data on our behalf under Data Processing Agreements that bind them to strict confidentiality and security obligations consistent with UK GDPR.

6.3 Analytics Providers

We use analytics services to understand how Users interact with the Platform. Where possible, data shared with analytics providers is anonymised or pseudonymised. We have contractual arrangements in place to ensure these providers do not use your data for their own purposes.

6.4 Legal and Regulatory Disclosure

We may disclose personal data to law enforcement agencies, regulatory authorities, courts, or other public bodies where we are legally required or authorised to do so, or where we believe disclosure is necessary to protect the rights, property, or safety of MensayHub Ltd, our Users, or the public.

6.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or restructuring of MensayHub Ltd, personal data may be transferred to the acquiring entity as part of that transaction. We will notify affected Users before their data is transferred and becomes subject to a different privacy policy.

6.6 Public Profile Information

Artisan profile data — including name, service category, service area, portfolio, and ratings — is made publicly accessible on the Platform as part of its core functionality. By registering as an Artisan, you consent to this public display. You can manage what information appears on your profile through your Account settings.

7.1 Retention Periods

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our standard retention periods are:

• Account data: retained for the lifetime of the Account and for six (6) years following closure, in compliance with UK tax and commercial record-keeping requirements;
• Billing and transaction records: retained for seven (7) years in accordance with HMRC requirements;
• Support correspondence: retained for three (3) years from the date of the last interaction;
• Usage and analytics data: retained in aggregated or anonymised form indefinitely; raw log data retained for up to twelve (12) months;
• Marketing consent records: retained for three (3) years from the date consent was last confirmed or withdrawn.

7.2 Deletion on Request

You may request the deletion of your personal data at any time (see Section 8 — Your Rights). We will act on deletion requests promptly, subject to any legal retention obligations that require us to keep certain data for a fixed period.

7.3 Secure Disposal

When personal data is no longer required and there is no legal basis for retaining it, we ensure it is securely deleted or anonymised using industry-standard methods, so that it cannot be recovered or used to identify you.

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you (a 'Subject Access Request'). We will respond within one calendar month of receiving your request. There is no charge for this unless your request is manifestly unfounded or excessive.

8.2 Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to ask us to correct it. You can also update much of your information directly through your Account settings.

8.3 Right to Erasure ('Right to be Forgotten')

You have the right to request that we delete your personal data in certain circumstances — for example, where the data is no longer necessary for the purpose it was collected, or where you withdraw consent and no other legal basis applies. This right is subject to legal retention obligations.

8.4 Right to Restrict Processing

You have the right to ask us to restrict how we use your data in certain circumstances — for example, while you contest its accuracy, or where you have objected to processing and we are assessing whether our legitimate interests override your rights.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to have it transmitted to another Data Controller where technically feasible. This right applies where processing is based on consent or contract and is carried out by automated means.

8.6 Right to Object

You have the right to object at any time to the processing of your personal data based on legitimate interests (Article 6(1)(f)), including profiling based on those interests. You also have an absolute right to object to processing your data for direct marketing purposes at any time, with no exceptions.

8.7 Rights in Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you. We do not currently use fully automated decision-making of this kind, but if we do so in the future, we will notify you and provide the opportunity to request human review.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@artisanshub.org with your name, account email address, and a clear description of your request. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They allow the website to recognise your device on return visits and store preferences or session information. We use both first-party cookies (set by ArtisansHub.org) and third-party cookies (set by our service providers).

9.2 How We Use Cookies

We use cookies and similar technologies for the following purposes:

• Strictly necessary cookies: essential for the Platform to function (e.g., keeping you logged in, maintaining session state). These cannot be disabled.
• Functional cookies: remember your preferences such as region settings and display options.
• Analytics cookies: help us understand how Users interact with the Platform so we can improve it (e.g., pages visited, time on site). Data is aggregated and anonymised where possible.
• Marketing cookies: used to show you relevant content or advertisements, only where you have provided consent.

9.3 Managing Cookies

You can manage your cookie preferences at any time through the cookie settings panel on the Platform, or by adjusting your browser settings. Please note that disabling strictly necessary cookies will affect the Platform's functionality. For full details of the cookies we use, please see our Cookie Policy at artisanshub.org/cookie-policy.

10.1 Security Measures

• All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security);
• Passwords are stored using industry-standard one-way hashing algorithms and are never stored in plain text;
• Access to personal data is restricted on a role-based, need-to-know basis;
• Our systems undergo regular security assessments and vulnerability reviews;
• Payment data is processed exclusively through PCI-DSS compliant third-party payment processors — we do not store full card details.

10.2 Data Breach Response

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, MensayHub Ltd will notify the ICO within 72 hours of becoming aware of the breach, as required under UK GDPR Article 33. Where the breach poses a high risk to affected individuals, we will also notify those individuals without undue delay under Article 34.

10.3 Your Responsibilities

While we implement strong security measures, the security of your Account also depends on you. You are responsible for keeping your login credentials confidential and using a strong, unique password. Please notify us immediately at support@artisanshub.org if you suspect any unauthorised access to your Account.

11.1 Where We Process Data

We process data primarily within the United Kingdom. However, some of our third-party service providers (such as cloud hosting and analytics platforms) may be based in or transfer data to countries outside the UK.

11.2 Safeguards for International Transfers

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR Chapter V. These may include:

• Transfers to countries with an adequacy decision from the UK Secretary of State;
• Use of UK-approved International Data Transfer Agreements (IDTAs) or the UK Addendum to EU Standard Contractual Clauses;
• Binding corporate rules or other approved transfer mechanisms.

You may request information about the specific safeguards we apply to international transfers by contacting privacy@artisanshub.org.