Privacy Policy

Last updated: June 2026

1. Introduction

LoadLog ("we", "our", "us") is committed to protecting and respecting your privacy. This policy explains how we collect, use, disclose and safeguard your personal information when you use our website (loadlog.co.uk) and the LoadLog application (app.loadlog.co.uk), collectively referred to as the "Service".

This policy is issued by RDC IT Solutions Ltd, the data controller responsible for your personal data. We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Full name, organisation name, job title.
  • Contact Data: Email address, business address, telephone number.
  • Account Data: Username, password (hashed), account preferences, DEFRA API registration code.
  • Transaction Data: Details of your subscription plan, payment history and Direct Debit mandates processed via GoCardless.
  • Technical Data: IP address, browser type and version, device information, time zone setting, operating system.
  • Usage Data: Pages visited, features used, time spent on the Service, WTN submission activity.
  • Waste Transfer Data: EWC codes, waste descriptions, vehicle registrations, carrier details, and digital signatures as required for DEFRA compliance.

3. How We Use Your Information

We use your personal data for the following purposes:

  • To provide, maintain and improve the Service
  • To process your subscription payments via GoCardless Direct Debit
  • To submit Waste Transfer Notes to the DEFRA Digital Waste Tracking Service on your behalf
  • To communicate with you about your account, including service updates and support
  • To comply with our legal obligations, including those under environmental regulations
  • To detect and prevent fraud, unauthorised access and other misuse of the Service
  • To send you information about LoadLog that may be of interest (with your consent where required)

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases: performance of a contract (providing the Service you signed up for), legal obligation (compliance with environmental and tax legislation), legitimate interests (improving our Service and securing our platform), and consent (where you have explicitly agreed to marketing communications).

5. Data Storage and Security

Your data is stored on secure servers provided by Amazon Web Services (AWS) in the London region (eu-west-2). All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Access to personal data is restricted to authorised personnel and protected by multi-factor authentication. We maintain a comprehensive information security programme, conduct regular vulnerability assessments, and follow AWS security best practices.

We retain your personal data for as long as your account is active and for a period of six years thereafter to comply with legal obligations, including those under the Environmental Permitting Regulations and HMRC requirements.

6. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

  • DEFRA: Waste Transfer Note data submitted via the Digital Waste Tracking Service API
  • GoCardless: Payment processing and Direct Debit management
  • Amazon Web Services: Cloud infrastructure and hosting
  • Resend: Transactional email delivery

We do not sell your personal data to any third party. All third-party processors are subject to data processing agreements that comply with UK GDPR.

7. Your Rights

Under UK data protection law, you have the right to:

  • Request access to your personal data (subject access request)
  • Request correction of inaccurate or incomplete data
  • Request erasure of your personal data (right to be forgotten)
  • Object to processing of your personal data
  • Request restriction of processing
  • Request data portability
  • Withdraw consent at any time (where consent is the lawful basis)

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Our public website uses only essential cookies necessary for the operation of the site (such as session management). We do not use tracking or advertising cookies on our public website. The LoadLog application (app.loadlog.co.uk) uses essential cookies for authentication and session management.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email (to the address associated with your account) or by posting a notice on our website prior to the change becoming effective. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions about this privacy policy or our data protection practices, please contact us at:

Email: [email protected]
Data Protection Officer: RDC IT Solutions Ltd