Privacy Policy

ChipFlip is a trading name of Pyco Renew Ltd, the data controller for personal data collected through chipflip.co.uk and through our buying service.

• Company: Pyco Renew Ltd, registered in England (Company No. 16774881)
• VAT: GB505306526
• Registered office: Unit D13, Fieldhouse Industrial Estate, Rochdale OL12 0AA
• Contact for data requests: info@chipflip.co.uk

We only collect personal data we need to operate our buying service and to comply with our legal obligations.

We rely on three lawful bases under UK GDPR Article 6:

• Contract (Art 6(1)(b)) — to perform the buying transaction you've asked us to enter into
• Legal obligation (Art 6(1)(c)) — to comply with the Scrap Metal Dealers Act 2013, anti-money-laundering rules, tax law, accounting law, and waste regulations
• Legitimate interests (Art 6(1)(f)) — to operate, secure and improve our service, where this isn't overridden by your rights

We do not rely on consent for any core processing, so you do not need to give consent for us to operate your transaction. Marketing communications, if we ever send any, are opt-in only.

Different categories of data are kept for different periods, set by law:

• Identity and SMD Act records: 2 years from your last transaction with us (statutory minimum)
• Transaction records (sales, prices, payouts): 6 years (HMRC and Companies Act requirement)
• Waste Transfer Notes: 2 years (Environmental Protection Act 1990)
• Email correspondence: typically 2 years, then archived or deleted
• Quote-only enquiries (no transaction): 30 days, then deleted

We share personal data only when necessary to deliver the service or to meet a legal obligation:

• DPD (Geopost UK Ltd) — for pickup and delivery. Limited to your name, address and parcel reference.
• Our bank (NatWest Group) — for processing Faster Payments to you. Limited to your account details and payment amount.
• HMRC — VAT and corporation tax records when legally required.
• Police, regulators or courts — only if served with a lawful request (e.g. SMD Act inspection, court order).
• Our hosting and IT providers — under data-processor contracts that require equivalent protection.

We do not sell your data and we do not share it for marketing or advertising purposes.

Under UK GDPR you can ask us to:

• Access the data we hold about you
• Correct any inaccurate or incomplete data
• Erase data we no longer need to keep (note: we can't erase data we are legally required to retain — see Section 4)
• Restrict processing in certain circumstances
• Object to processing based on legitimate interests
• Receive your data in a portable format (where applicable)

To exercise any of these rights, email info@chipflip.co.uk. We respond within one calendar month.

You also have the right to complain to the Information Commissioner's Office (the UK supervisory authority) at ico.org.uk or 0303 123 1113.

We host and process all personal data within the United Kingdom. Where a service provider is based in the EEA, transfers are covered by the UK adequacy decision. We do not currently transfer personal data outside the UK or EEA.

We apply technical and organisational measures appropriate to the risk: encrypted connections (TLS), restricted access on a need-to-know basis, audit logging, and our staff are trained on data handling. Components delivered to us are stored in a security-monitored facility; SSDs are wiped to NIST 800-88 standard before any resale activity (see our Secure Disposal Statement).

chipflip.co.uk uses a small number of strictly necessary cookies. We do not use analytics or marketing cookies. See our full Cookie Policy.

We may update this policy as our service or the law evolves. The "Last updated" date at the top reflects the most recent change. Material changes will be notified to active customers by email.