Legal

Privacy Policy

Effective date: 1 January, 2023Last updated: 15 December, 2025

1. Who We Are

Our website address is: https://www.marillionex.com

Marillion Exchange is a limited company registered in England under company number 14415715.

For any data protection enquiries, our contact details are:

Email: gdpr@www.marillionex.com
Telephone: +44 7502 687 737
Address: 78 St Johns Street, London, EC1M 4JA, United Kingdom

MarillionEx understands that your privacy is important and we respect how your personal data is used. We only collect and use personal data in the ways described in this Privacy Policy and in line with our obligations and your rights under applicable data protection law, including the UK GDPR and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data, and your rights in relation to that data.

2. What Information Do We Collect About You?

Depending on your relationship with us, we may collect some or all of the following:

  • Details about you: name, job title, email address, postal address, telephone number, and payment-related details.
  • Details about your company: company name, VAT number, and collection address for sale items (where applicable).
  • Your MarillionEx activity: registrations, preferences (e.g., alerts), interactions with our services, and other account-related actions.
  • How you interact with us: enquiries, comments, complaints, and (where applicable) CCTV footage from our office premises.
  • Website and device data: information your browser/device sends automatically such as IP address, device identifiers, browser type, referral source, pages visited, and similar usage data.

We do not intentionally collect special category data (sensitive personal data) unless we have a clear lawful basis to do so (for example, where required by law, to protect vital interests in an emergency, or with your explicit consent).

3. How We Collect Information About You

We collect information when:

  • you complete a registration form on our website or app (where applicable);
  • you sign up for emails or updates;
  • you contact us by email, phone, or other channels;
  • you visit our offices and are captured on CCTV;
  • you attend events we host;
  • you browse our website (via cookies and similar technologies);
  • we obtain publicly available contact details (e.g., from a company website) where relevant and lawful.

4. How We Use Your Information (Purposes and Lawful Bases)

We use personal data to:

Provide and operate our services (e.g., account access, processing transactions, delivering service communications)

contractual necessity and/or legitimate interests

Respond to enquiries and provide customer support

legitimate interests

Improve our services, site performance, and security

legitimate interests

Personalise your experience where appropriate

legitimate interests and/or consent (depending on the activity)

Send marketing communications (see Section 5)

consent and/or legitimate interests where permitted by law

Process job applications

legitimate interests and/or steps prior to entering a contract

Prevent and detect fraud, misuse, and unlawful activity

legitimate interests and/or legal obligation

Comply with legal obligations (e.g., court orders, regulatory requests)

legal obligation

5. Marketing

With your permission, and where permitted by law, we may contact you by email, telephone, or post with information, news, and offers related to our products and services. We do not send unlawful marketing or spam and we aim to comply with the UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

You can opt out at any time by:

  • using the unsubscribe link included in our marketing emails (where available), or
  • contacting our data protection contact using the details in Section 1.

Even if you opt out of marketing, we may still send service-related messages that are necessary (for example, account or security notifications).

6. Our Site and Cookies

We use cookies and similar technologies to operate and improve our Site, understand usage, and (where enabled) support marketing measurement.

We may collect information such as your IP address, approximate location, device information, browser type, referral source, pages viewed, visit duration, and interactions with the Site. This data may be collected by us and/or by analytics and marketing providers through cookies and similar tools.

For more information on what we use and how to manage your preferences, please refer to our Cookie Policy.

7. How Do We Share or Process Your Personal Information?

Where necessary to run our business and provide services, we may share personal data with:

Professional advisers and authorities

legal advisers, accountants, regulators, courts, and government agencies (where required).

Business successors

in the event of a merger, acquisition, restructuring, or sale of assets.

Service providers (processors)

IT hosting and infrastructure providers, software providers, payment processors, analytics providers, and marketing delivery platforms that support our operations.

Examples of service providers may include:

  • Stripe (payment processing)
  • Mailchimp (email delivery/marketing communications)

When we share data with service providers, we require them to apply appropriate security measures and only process data in line with our instructions and applicable law.

International transfers

If personal data is transferred outside the UK/EEA, we will put appropriate safeguards in place (such as adequacy decisions or standard contractual clauses) to help ensure your data remains protected.

8. How Can You Access Your Personal Information?

You can request details of the personal data we hold about you and request a copy of it. This is known as a Subject Access Request.

Requests should be made in writing to:

Email: gdpr@www.marillionex.com
Telephone: +44 7502 687 737
Address: 78 St Johns Street, London, EC1M 4JA, United Kingdom

There is not usually a fee. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.

We aim to respond within 30 days. If the request is complex, we may take longer (up to a maximum of three months) and will keep you informed.

9. Your Rights and How to Exercise Them

Under UK GDPR, you may have the right to:

  • access your personal data;
  • correct inaccurate or incomplete data;
  • request deletion of your data (in certain circumstances);
  • restrict processing;
  • object to processing (including certain marketing and legitimate interest uses);
  • data portability (in certain circumstances);
  • withdraw consent at any time where processing is based on consent.

We may retain certain information where necessary for record-keeping, legal compliance, or to defend legal claims (for example, maintaining a suppression list to ensure we do not contact you after you opt out).

If you have concerns about how we use your data, please contact us using the details above.

10. How We Look After Your Information

We maintain technical and organisational security measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Measures may include:

  • physical security controls for offices and systems;
  • access controls and least-privilege permissions;
  • encryption and secure communications (e.g., SSL/TLS);
  • password protection and security monitoring;
  • staff policies and confidentiality training;
  • encrypted backups and secure recovery processes;
  • limiting storage of sensitive payment information (e.g., card details handled by payment processors rather than stored by us).

No system is 100% secure, but we work to continuously improve our safeguards.

11. How Long We Keep Your Information

We keep personal data only for as long as reasonably necessary to:

  • provide services you request,
  • meet legal obligations,
  • support legitimate business needs (including resolving disputes and enforcing agreements).

Examples:

  • We aim to reduce paper records and securely destroy paper correspondence unless needed for legal or evidential purposes.
  • We may maintain an opt-out/suppression list indefinitely to ensure we respect your preferences.
  • We may retain unsuccessful job applications for up to 2 years (where appropriate) in case a suitable role becomes available.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time (for example, if laws change or our services change). Updates will be posted on this page and become effective when published.