Positive ID Labelling Ltd. Privacy Policy
Privacy Policy
Last Updated: April 2026
Effective Date: 29/04/2026
1. Introduction
Positive ID Labelling Ltd, trading as Positive ID Labels (“we”, “us”, or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services.
Data Controller: Positive ID Labelling Ltd 5 Loake Court Melbourne Derby DE73 8HB United Kingdom Phone: 01332 864895 Email: sales@pid-labelling.co.uk
We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We have assessed our data processing activities and confirmed that our use of personal data does not require us to pay a data protection fee to the Information Commissioner’s Office (ICO) under the Data Protection (Charges and Information) Regulations 2018. We continue to comply fully with our obligations under UK GDPR regardless of fee status.
2. Information We Collect
2.1 Information You Provide to Us
We collect information you voluntarily provide when you:
- Request a quote or enquiry – Name, email address, phone number, company name, postal address, and details about your label requirements
- Place an order – Billing and delivery addresses, purchase order numbers, payment information (processed securely by our payment provider)
- Contact us – Name, email address, phone number, and the content of your message
- Sign up for newsletters or updates – Email address and marketing preferences
- Submit a form on our website – Information varies by form, but typically includes name, email, phone, and message content
2.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Technical information – IP address, browser type and version, operating system, device type
- Usage information – Pages visited, time spent on pages, links clicked, referring website
- Location information – General geographic location based on IP address (country/region level)
- Call tracking information – When you call us from a phone number displayed on our website (with your prior consent to marketing cookies), the call may be associated with the marketing source that brought you to our site
This information is collected through:
- Cookies and similar technologies – Small text files and storage mechanisms placed on your device
- Google Analytics – Web analytics service (see Section 5.1)
- Google Tag Manager – Tag management infrastructure (see Section 5.1)
- HubSpot – Customer relationship and marketing platform (see Section 5.2)
- CallRail – Phone call tracking service (see Section 5.3)
- Server logs – Standard web server logging
2.3 Information from Third Parties
We may receive information from:
- Payment processors – Transaction confirmation and payment status
- Delivery partners – Delivery confirmation and tracking updates
- Google services – Analytics data, advertising performance data
- HubSpot – Customer engagement data, form submissions, email interactions
- CallRail – Call recordings (where applicable), call duration, source attribution
3. How We Use Your Information
3.1 Legal Basis for Processing
We process your personal data based on the following legal grounds:
Contract Performance – To fulfil orders and provide services you’ve requested:
- Processing and fulfilling your orders
- Communicating about your orders
- Providing customer support
- Managing returns and refunds
Legitimate Interests – For our business operations:
- Improving our website and services
- Fraud prevention and security
- Business analytics and reporting
- Internal record keeping
- Managing our customer relationships through our CRM
Consent – Where you’ve given explicit permission:
- Marketing communications (newsletters, promotional emails)
- Non-essential cookies (analytics and marketing)
- Phone call tracking and source attribution
- Collecting testimonials or reviews
Legal Obligation – To comply with laws and regulations:
- Tax and accounting requirements
- Responding to legal requests
- Health and safety obligations
3.2 Purposes of Processing
We use your information to:
- Process and fulfil your orders
- Provide quotes and respond to enquiries
- Send order confirmations and updates
- Provide customer support
- Improve our products and services
- Analyse website usage and trends
- Send marketing communications (with your consent)
- Track the effectiveness of our marketing activities
- Manage our sales pipeline and customer relationships
- Prevent fraud and ensure security
- Comply with legal obligations
- Maintain business records
4. Cookies and Tracking Technologies
4.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. We also use related storage technologies such as local storage and session storage. Together, these help us provide a better user experience and understand how our website is used.
4.2 Cookie Categories
We use three categories of cookies, matching the choices presented in our cookie consent banner:
Essential Cookies (always active, no consent required)
These cookies are necessary for the website to function and cannot be switched off. They are usually set in response to actions you take, such as filling in forms, setting your preferences, or recording your cookie consent choices. They do not store personally identifiable information.
Analytics Cookies (active only with your consent)
These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. They allow us to count visits, identify popular pages, and see how visitors move around our site.
Marketing Cookies (active only with your consent)
These cookies are used to make advertising more relevant to you, measure the effectiveness of our advertising campaigns, and track which marketing sources lead to phone calls and enquiries. They are set both by us and by our advertising and tracking partners.
4.3 Specific Tracking Services
When you grant the relevant consent, the following services may set cookies or similar identifiers on your device:
| Service | Category | Provider | Purpose |
|---|---|---|---|
| Google Analytics | Analytics | Google LLC (US) / Google Ireland Ltd (EU) | Website usage analytics |
| Google Tag Manager | Essential* | Google LLC (US) / Google Ireland Ltd (EU) | Tag management |
| Google Ads | Marketing | Google LLC (US) / Google Ireland Ltd (EU) | Advertising and remarketing |
| HubSpot | Marketing | HubSpot Inc (US) / HubSpot Ireland Ltd (EU) | Visitor tracking, form submissions, email engagement |
| CallRail | Marketing | CallRail Inc (US) | Phone call tracking and attribution |
*Google Tag Manager loads in a default-denied consent state. No tracking cookies are set by Google services until you grant the relevant consent.
4.4 Managing Cookies
You have several options for managing cookies:
Through our cookie banner – You can review and update your cookie choices at any time by reopening the cookie consent banner from any page of the website.
Through your browser – Most browsers allow you to refuse or delete cookies. The method varies by browser. Up-to-date guidance is available at aboutcookies.org or allaboutcookies.org
Please note: Blocking essential cookies may impact your experience on our website. Blocking analytics or marketing cookies will not affect site functionality but will prevent us from understanding your visit or attributing it to a marketing source.
Service-specific opt-outs:
- Google Analytics – Install the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout
- Google Ads – Manage personalised advertising at adssettings.google.com
- HubSpot – HubSpot tracking can be disabled by declining marketing cookies in our banner. HubSpot’s own privacy controls are at legal.hubspot.com/privacy-policy
- CallRail – CallRail tracking is disabled when marketing cookies are declined. CallRail’s privacy policy is at callrail.com/legal/privacy-policy
5. Third-Party Tracking and Marketing Services
5.1 Google Services
We use several Google services to operate and improve our website.
Google Analytics is used to understand how visitors use our website. Google Analytics collects information about your visit and reports website trends. With Google Consent Mode v2 implemented on our site, Google Analytics operates in a privacy-protective default state until you grant analytics consent.
- Information collected: pages visited, time spent, traffic sources, device and browser information, approximate geographic location
- Data retention: 26 months
- Provider: Google LLC (US) / Google Ireland Ltd (EU)
Google Tag Manager is the tag management infrastructure that loads other Google services on our site. It does not itself set tracking cookies.
Google Ads is used for advertising and remarketing. With your consent, this may show our ads on other websites you visit, track conversions from our ads, and create audience segments for targeting.
Google Fonts may be used to display fonts on our website. When loaded, your browser connects to Google servers, which may log your IP address.
Google reCAPTCHA is used to protect forms from spam and abuse. reCAPTCHA collects hardware and software information to determine whether the visitor is human.
Google’s Privacy Policy: policies.google.com/privacy
5.2 HubSpot
We use HubSpot as our customer relationship management (CRM) and marketing platform. HubSpot supports our sales pipeline, email marketing, contact forms, and visitor tracking.
What HubSpot does for us:
- Manages our customer and prospect database
- Sends marketing emails (with your consent)
- Powers contact and enquiry forms on our website
- Tracks website visits to identified contacts (with your consent)
- Records form submissions and email interactions
- Provides analytics on marketing campaign performance
Information HubSpot processes:
- Contact details you submit through forms
- Email addresses and engagement data (opens, clicks)
- Website pages visited (where consent has been granted)
- Phone numbers and call records (where applicable)
- IP address and browser information
Cookies set by HubSpot include:
__hstc– tracks visitors across sessionshubspotutk– identifies returning visitors who have submitted a form__hssc– tracks current session__hssrc– confirms whether the visitor’s browser has been restarted
Data location: HubSpot processes data in the United States and European Union, with EU data centres used for European customers where possible. Standard contractual clauses are in place for any international transfers.
HubSpot’s tracking is loaded only after you grant marketing cookie consent. If you decline marketing cookies, HubSpot tracking does not load on our site, although HubSpot will still process information you have explicitly submitted (such as contact form data) under our legitimate interest or contract performance basis.
HubSpot’s Privacy Policy: legal.hubspot.com/privacy-policy
5.3 CallRail
We use CallRail for phone call tracking and marketing source attribution. When you visit our website with marketing cookies enabled, CallRail may dynamically replace the phone number displayed on the page with a tracking number, allowing us to attribute your call to the marketing source that brought you to our site (such as a search engine, advertisement, or referring website).
What CallRail does for us:
- Tracks which marketing channels generate phone calls
- Provides call duration and timing information
- Associates calls with website sessions (where consent has been granted)
- Helps us measure the effectiveness of our marketing investments
Information CallRail processes:
- Phone numbers (yours and the tracking number)
- Call duration and timing
- Visitor session and source information (with consent)
- IP address and browser information
Important: Our standard published phone number (01332 864895) and our routine business operations remain unchanged. Whether CallRail loads or not, calls reach us in the same way. The only difference is whether the call is attributed to a marketing source.
Data location: CallRail processes data in the United States. Standard contractual clauses are in place for international transfers.
CallRail’s tracking is loaded only after you grant marketing cookie consent. If you decline marketing cookies, the standard phone number is displayed and no call tracking occurs.
CallRail’s Privacy Policy: callrail.com/legal/privacy-policy
6. How We Share Your Information
6.1 Third-Party Service Providers
We share information with trusted service providers who help us operate our business:
| Category | Purpose | Examples |
|---|---|---|
| Payment processors | Process payments securely | Stripe, PayPal |
| Delivery services | Fulfil orders | Royal Mail, DHL, courier networks |
| Email and CRM platform | Customer communications, sales pipeline, marketing | HubSpot |
| Phone call tracking | Marketing attribution | CallRail |
| Email infrastructure | Transactional and business email | Microsoft |
| Web hosting | Host our website | Krystal Hosting (UK) |
| Analytics | Understand website usage | Google Analytics |
| Advertising | Run marketing campaigns | Google Ads |
| Accounting software | Financial record keeping | Sage |
| Spam protection | Form security | Google reCAPTCHA |
All service providers are contractually required to:
- Process data only for specified purposes
- Implement appropriate security measures
- Comply with UK GDPR requirements
- Not use data for their own purposes
6.2 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal obligations or court orders
- Protect our rights and property
- Prevent fraud or security threats
- Cooperate with law enforcement
6.3 Business Transfers
If we sell or merge our business, customer information may be transferred to the new owner, subject to the same privacy protections.
6.4 With Your Consent
We may share information for other purposes with your explicit consent.
We never:
- Sell your personal data to third parties
- Share your data for others’ marketing without consent
- Transfer data outside the UK or EU without appropriate safeguards
7. International Data Transfers
Your data is primarily stored and processed in the United Kingdom. Some of our service providers process data outside the UK, including:
- Google services – Data may be processed in the United States and other regions, with safeguards under UK GDPR adequacy and standard contractual clauses
- HubSpot – Data is processed in the United States and European Union, with EU data centres used where possible. Standard contractual clauses apply to international transfers
- CallRail – Data is processed in the United States. Standard contractual clauses apply
For all international transfers, we ensure:
- Adequate protection under UK GDPR
- Standard contractual clauses are in place where required
- Appropriate technical and organisational security measures are implemented
8. Data Security
8.1 Security Measures
We implement appropriate technical and organisational measures to protect your data:
Technical measures:
- SSL/TLS encryption for all data transmission
- Secure password policies
- Regular security updates and patches
- Firewall and intrusion detection systems
- Secure backup systems
Organisational measures:
- Access controls and authentication
- Staff training on data protection
- Confidentiality agreements
- Regular security audits
- Incident response procedures
8.2 Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights, we will:
- Notify the Information Commissioner’s Office (ICO) within 72 hours
- Notify affected individuals without undue delay
- Take immediate action to contain and remedy the breach
8.3 Your Responsibility
Please help us keep your information secure by:
- Keeping login credentials confidential
- Using strong passwords
- Logging out after using shared computers
- Reporting any suspicious activity
9. Data Retention
We retain your personal data only as long as necessary for the purposes stated in this policy:
| Category | Minimum Retention Period | Reason |
|---|---|---|
| Order information | 7 years | Tax and accounting requirements |
| Quote requests | 2 years | Business records, potential future orders |
| CRM contact records | Until you request deletion or 5 years after last interaction | Customer relationship management |
| Marketing consent | Until withdrawn | Ongoing marketing activities |
| Website analytics | 26 months | Google Analytics default setting |
| Call tracking records | 12 months | Marketing attribution analysis |
| Customer support | 3 years | Service improvement, dispute resolution |
| Email correspondence | 2 years | Business records, reference |
After these periods, we may securely delete or anonymise your data unless we’re legally required to retain it longer.
10. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
10.1 Right to Access
Request a copy of the personal data we hold about you (Subject Access Request).
10.2 Right to Rectification
Request correction of inaccurate or incomplete data.
10.3 Right to Erasure (“Right to be Forgotten”)
Request deletion of your data in certain circumstances:
- Data no longer needed for original purpose
- You withdraw consent
- You object to processing
- Data processed unlawfully
Note: Some data must be retained for legal obligations (e.g., tax records).
10.4 Right to Restrict Processing
Request that we limit how we use your data in certain situations.
10.5 Right to Data Portability
Request your data in a structured, machine-readable format to transfer to another provider.
10.6 Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
10.7 Rights Related to Automated Decision-Making
We do not use automated decision-making or profiling that significantly affects you.
10.8 How to Exercise Your Rights
To exercise any of these rights, contact us:
Email: sales@pid-labelling.co.uk Phone: 01332 864895 Post: Positive ID Labelling Ltd, 5 Loake Court, Melbourne, Derby DE73 8HB, United Kingdom
We will respond within one month of receiving your request (may be extended by two months for complex requests).
Proof of identity: We may request identification to verify your identity before processing requests.
11. Marketing Communications
11.1 How We Use Your Data for Marketing
With your consent, we may send you:
- Promotional emails about products and services
- Special offers and discounts
- Company news and updates
- Industry insights and tips
Marketing emails are sent through HubSpot. Each email contains an unsubscribe link.
11.2 Opting Out
You can opt out of marketing communications at any time by:
- Clicking “unsubscribe” in any marketing email
- Contacting us at 01332 864895
- Emailing us at sales@pid-labelling.co.uk
Important: Opting out of marketing does not affect:
- Transactional emails (order confirmations, invoices)
- Service-related communications
- Response to your enquiries
12. Children’s Privacy
Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children under 18.
If we discover we’ve collected data from a child under 18, we will delete it immediately. If you believe we’ve collected data from a child, please contact us immediately.
13. Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or business operations.
When we make changes:
- We update the “Last Updated” date at the top
- Significant changes will be prominently notified on our website
- Continued use of our services constitutes acceptance of changes
We recommend: Review this policy periodically to stay informed about how we protect your information.
15. Contact Us and Complaints
15.1 Contact Information
For questions, concerns, or to exercise your rights:
Positive ID Labelling Ltd 5 Loake Court Melbourne Derby DE73 8HB United Kingdom
Phone: 01332 864895 Email: sales@pid-labelling.co.uk
We aim to respond to all enquiries within 5 working days.
15.2 Making a Complaint
If you’re unhappy with how we’ve handled your data, please contact us first so we can resolve your concerns.
You also have the right to complain to the supervisory authority:
Information Commissioner’s Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Phone: 0303 123 1113 Website: ico.org.uk Report online: ico.org.uk/make-a-complaint
16. Definitions
Personal Data – Any information relating to an identified or identifiable individual.
Processing – Any operation performed on personal data (collection, storage, use, disclosure, deletion).
Data Controller – The organisation that determines purposes and means of processing personal data (Positive ID Labelling Ltd).
Data Processor – An organisation that processes data on behalf of the controller (our service providers).
Consent – Freely given, specific, informed agreement to processing.
UK GDPR – UK General Data Protection Regulation (retained EU law in UK).
Cookie – A small text file placed on your device by a website you visit.
Tracking pixel/beacon – A small graphic or code element used to track website visits or email opens.
17. Cookie Policy Summary
For detailed information about cookies, see Section 4 above.
Essential cookies: Always active (required for site functionality)
Analytics cookies: Google Analytics (consent required, can be withdrawn)
Marketing cookies: Google Ads, HubSpot, CallRail (consent required, can be withdrawn)
Manage cookies: Use our cookie consent banner at any time, or your browser settings.
Document Version: 2.0
Effective Date: 29/04/2026
Previous Version: 1.0 (December 2025)
Next Review: 29/04/2027
See our complete Legal range.