GlobalLine CDS
Legal

Privacy Policy

Last updated: 8 May 2026

GlobalLine CDS Ltd ("we", "us") is the controller of personal data collected through our marketing site and account system, and a processor of personal data you submit through customs declarations. We comply with the UK GDPR and the Data Protection Act 2018.

1. Data we collect

  • Account data: name, email, company, EORI, role, hashed password.
  • Usage data: IP address, browser, page views, feature interactions.
  • Customs data you upload: commercial invoices, packing lists, BOLs, party details. Processed as processor.

2. How we use it

  • To provide the Service and submit declarations to HMRC on your instruction.
  • To bill you and prevent fraud.
  • To send service announcements and (with consent) product updates.
  • To comply with legal obligations including HMRC record-keeping rules.

3. Legal bases

Performance of contract (account, billing, declarations); legitimate interest (security, analytics); legal obligation (HMRC retention); consent (marketing emails).

4. Sharing

We share data with HMRC (as you instruct), our infrastructure providers (Lovable Cloud / Supabase, Cloudflare, Stripe), and professional advisors. We do not sell personal data.

5. Retention

Customs declaration records are retained for 6 years to satisfy HMRC requirements. Account data is retained for the life of the account plus 1 year.

6. Your rights

You have rights of access, rectification, erasure, restriction, portability and objection. Email privacy@globalline.cds. You may also complain to the ICO.

7. International transfers

Data is hosted in the UK / EU. Where transfers outside the UK occur (e.g. Stripe US), we rely on the UK IDTA and Standard Contractual Clauses.

8. Security

Encryption in transit (TLS 1.3) and at rest, role-based access, immutable audit logs, annual penetration testing.

9. Contact

Data Protection Officer: dpo@globalline.cds