Privacy Policy

The Commercexchange privacy policy explains how we use any personal information that is uploaded about Clients and their Customers when using the Commercexchange system

In the interests of clarity to all Parties:

  • Commerecxchange provides internet-based software solutions.
  • Clients subscribe to the Commercexchange software for the purposes of running their own internet-based trading website typically referred to as an online ordering system, webstore, ecommerce solution, eprocurement solution.
  • The Client configures the Commercexchange software to function in the way it wishes to operate its trading website under its own Terms and Conditions and Privacy Policy.
  • Depending on how the Client has configured the software, the Client's Customers can either set up their own account on the trading website or request the Client to set up an account on their behalf.
  • In the case that the Customer creates their own account they are required to agree to the Client's Terms and Conditions and Privacy Policy at the point of account set up.
  • In the case that the Customer requests the Client to set up an account on their behalf, it is the responsibility of the Client to obtain and retain confirmation of the Customer's consent.
  • Customer accounts are created, and the Personal Information provided processed for the purposes of:
    1. The Customer ordering products and services from the Client and for the Client to process and fulfil these orders.
    2. The Customer and the Client to manage the ongoing relationship i.e. providing the customer access to previous order history and any customer specific commercial terms that may apply.
  • For the Customer data held and processed on the Commerecxchange platform, Commerecxchange is a Data Processor (as defined by the GDPR) and the Client is the Data Controller. This means that as a company Commerecxchange is responsible for handling Client data in line with the GDPR under the Terms of this Privacy Policy and the terms of the Data Processing Agreement between it and the Client.
  • Clients however, are ultimately responsible for ensuring they are GDPR compliant with respect to their Customer data. Whilst we are committed to building a platform that encourages good-practice in line with GDPR, Commercexchange cannot be held responsible for Client compliancy.

What information do we collect about you?

By signing up for and using the Commerecxchange software solutions, using our support services and contacting our support teams, sending us an email, or communicating with us in any way, you are voluntarily giving us information that we collect. That information may include either your or your Customer's name, email address, IP address, phone number, postal address, commercial information. In supplying this information, you consent to this information being collected, used, disclosed, transferred to Commercexhange contractors and stored by us, as described in our Terms and this Privacy Policy.

Safeguarding Your Information

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Commercexchange accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your account is sensitive, account passwords are encrypted, which means we cannot see yours or your customers passwords. We cannot resend forgotten passwords either. We will only reset them.

Third Party Sites and Systems

This Privacy Policy only covers websites maintained by us, Commercexchange does not cover other websites, systems or third-party services linked to Commercexchange by the Client.

The Client can electronically link and manually download and import personal information into third-party sites, services and systems outside of the control of Commercexchange. Furthermore, the Client can download end customer data for uses in its own internal company processes and systems.

Examples of third party and customer systems include, but are not limited to, email systems, direct mail, telemarketing, finance systems, ERPs systems, CRM systems, Quotation systems, Online transaction systems.

The Client (Data Controller) has the obligation to make such additional uses of personal data transparent in its own Privacy Policy and to add a copy of its policy to the Commercexchange system

No credit card information is entered or stored on the Commercexchange system. All stages of financial transactions are conducted on one of the integrated credit card processing vendors, which use security measures to protect your/your customer's information both during the transaction and after it is complete. All vendors are certified as compliant with card association security initiatives, including PCI DSS.

How will we use the information about you?

We use personal information to:

  • Supply, improve and support the services we provide;
  • Confirm your identity in using the Commercexchange platform;
  • Perform the obligations of our contract with you or applicable law (e.g. to enforce our terms, communicate with you and provide support);
  • Protect, investigate and deter against fraudulent, harmful, unauthorized or illegal activity;
  • Fulfil requests that you may make;
  • Bill you (e.g. to send you invoices, process payment, notices). Note that we use third parties for direct debit transaction processing, and we send billing information to those third parties to process your orders and payments.
  • Send service/product notifications about the platform;
  • Bring or defend legal proceedings, meet legal requirements (e.g. complying with court orders, enforcement actions, or other legally valid mechanisms) or respond to lawful requests by public authorities or law enforcement requests; and

No other 3rd parties have access to your personal data unless it is specifically required to meet either contractual obligations or the legitimate interests of the company as defined under Article 5 of the General Data Protection Regulation(GDPR).

How long your personal information will be kept

In providing services to you, we will hold personal information for as long as are providing you the services for or to comply with our legal obligations, enforce the terms of our contracts, resolve disputes or prevent abuse. Otherwise, we only hold personal information for as long as is necessary.

Reasons we can collect and use your personal information

In relation to Clients, the lawful basis for which we rely on to collect and process your data is typically performance of our contractual obligations.

Where is the information stored?

All the personal data we hold is processed by us using internal services hosted within the UK. Data is located on servers within the UK.

Access to information and correction

Clients and Client Customers have the right to request a copy of the information that we hold about them. This information can be viewed and modified by the Client and Customer by logging into their account on the system. Alternatively, if you are a Client, please email or write to us or if you are a Client Customer, please contact the Client that you have an account with. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.


Cookies are text files recorded by your browser onto your computer for the websites you are visiting. They act as a memory, where sites can store information about your visit in order to use it when you open the next page. Every site can only set or read their own cookies, and only when your browser allows it. Usually, browsers are set by default to allow cookies. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit or

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.

Log Files

When you and your customers visit your website, we collect statistics concerning the visit, which are stored in a log file. Log files allow us to record visitors' use of the site. This information is only used for the purpose of supporting our contractual obligations in supporting and maintaining the service.

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 25th May 2018.

Your rights

If at any point you believe the information we process on you is incorrect you can request to see this information, and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, Gary Evans, at who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner's Office (ICO) who may be contacted at or telephone at 0303 123 1113 or other channels as updated at

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:

by email:

Contact Us

Please contact us for further information.

01784 770677

Alternatively, you can click here to email us