Privacy Policy
Last updated: April 13, 2026 β Version 2.0
1. Data Controller
GeraMarket is operated by Gera Systems (registered in England and Wales), an e-commerce marketplace. We are the data controller under the UK GDPR and Data Protection Act 2018.
- Website: geramarket.com
- Data Protection: privacy@gera.services
2. What Personal Data We Collect
2.1 Identity and Contact Data
Full name, email address, phone number, delivery addresses.
2.2 Transaction and Order Data
Order history, items purchased, delivery addresses, payment type and last four digits, invoice data, returns and refund history.
2.3 Seller Data
Business name, registered address, VAT number, bank account details for payouts, product listings, sales history, and reviews received.
2.4 Browsing and Behavioural Data
Products viewed, search queries, wishlist items, cart abandonment, and purchase intent signals for personalisation.
2.5 Location Data
Delivery address; GPS location via mobile app for delivery tracking when you grant permission.
2.6 Usage and Technical Data
IP address, browser type, device identifiers, crash logs.
3. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account and order management | Contract (Art. 6(1)(b)) |
| Processing purchases and seller payouts | Contract (Art. 6(1)(b)) |
| Sharing address with seller/courier | Contract (Art. 6(1)(b)) |
| Fraud prevention and chargebacks | Legitimate Interests (Art. 6(1)(f)) |
| Tax compliance (VAT, seller reporting) | Legal Obligation (Art. 6(1)(c)) |
| Personalised recommendations | Legitimate Interests (Art. 6(1)(f)) |
| Marketing emails | Consent (Art. 6(1)(a)) |
4. Data Retention
- Order and transaction records: 6 years (HMRC)
- Account data (after closure): 2 years
- Seller payout records: 6 years (HMRC)
- Analytics data: 13 months rolling
- Support communications: 3 years
5. Who We Share Your Data With
We do not sell your data. We share only as necessary:
- Marketplace sellers β delivery address and order details to fulfil purchases
- Delivery couriers β name, address, contact number for delivery
- Stripe β payment processing
- Railway, Neon, Vercel β infrastructure
- PostHog (EU, anonymised); Sentry (EU, errors)
- HMRC β seller reporting as required
- Legal/regulatory authorities β when required by law
6. Your Rights
Access, rectify, erase, restrict, port, or object to your data. Email privacy@gera.services β response within one calendar month. Complaints to the ICO.
7. Security
TLS 1.2+ in transit, AES-256 at rest, MFA on admin, regular audits. ICO notified within 72 hours of qualifying breach.
8. Cookies
Essential, functional, and (with consent) analytics cookies. See our Cookie Policy.
9. Contact
- Data Protection: privacy@gera.services
- Support: support@geramarket.com