Privacy policy

It applies to charity shop managers, head-office teams, trustees, finance leads, authorised branch staff, and other representatives who visit the website, request a valuation, ask for a prepaid label, discuss a pilot, or communicate with Vintage Piggy about the service. It is written for organisational use rather than general consumer browsing, because the service itself is charity-only.

The information processed may include names, job titles, charity details, charity numbers, branch or head-office addresses, telephone numbers, WhatsApp contact details, email correspondence, parcel references, item photographs, valuation records, payment records, and governance paperwork. That information is used to assess whether the service is suitable, issue labels, manage valuations, produce written records, verify payment destination, and maintain an audit trail.

Processing will usually be carried out because it is necessary to take steps requested by the charity before a transaction, to perform the service once the charity chooses to proceed, and to meet legitimate interests in secure record keeping, fraud prevention, complaint handling, and business administration. Some processing may also be required to comply with legal, regulatory, tax, and accounting obligations.

The charity remains responsible for its own donor-facing decisions, internal policies, and governance records. Vintage Piggy handles the information needed to operate its valuation and buying route, including communication, parcel handling, reporting, and payment administration. In practice, that means both sides must take data protection seriously, but their roles are not identical and should not be treated as interchangeable.

Information may be shared only where that is operationally necessary and proportionate. That can include postal and delivery providers, payment and banking partners, professional advisers, IT and hosting suppliers, and authorities where disclosure is required by law or reasonably necessary for fraud prevention, complaint handling, or legal defence. Information is not supposed to move casually outside the service chain without a proper reason.

Information is kept for no longer than is reasonably necessary for the purpose for which it was collected, but some records must be retained for longer where accounting, tax, anti-fraud, dispute, or audit requirements make that necessary. A valuation enquiry that does not proceed may justify a shorter retention period than a completed transaction with reporting and payment records attached to it.

Depending on the circumstances, individuals may have rights relating to access, rectification, erasure, restriction, objection, and complaint. Those rights are not absolute, because some information may need to be retained to meet legal obligations or defend claims. If a request is made, the response should be tied to the specific record, purpose, and legal basis involved rather than answered in abstract terms.

Vintage Piggy uses direct communication channels because speed matters at the valuation stage, but speed does not remove the need for care. Messages, photographs, and related records may be retained where they form part of the valuation, reporting, or decision trail. Charities should avoid sending unnecessary personal information and should use official organisational contacts where possible when opening a new enquiry.

This route is not designed for members of the public, informal sellers, or charity teams that want to exchange sensitive information without any written operational framework. If a charity requires a negotiated data processing agreement, bespoke retention schedule, or special institutional review before first contact, that conversation should happen explicitly before operational use begins.