Privacy Policy

IceTree Ltd ("IceTree", "we", "us", "our") is a company registered in England and Wales. We operate as a payment consultancy, connecting merchants with payment service providers (PSPs).

For the purposes of UK data protection law, IceTree Ltd is the data controller responsible for your personal data. Our registered address and contact details are available at icetree.co.uk.

We collect personal data in the following circumstances:

• Contact and enquiry data: name, email address, company name, phone number, and any information you provide when submitting a consultation request.
• Business data: transaction volume ranges, business sector, website URL — provided voluntarily to help us match you with appropriate PSPs.
• Usage data: IP address, browser type, pages visited, and time spent on our website, collected via cookies and analytics tools.
• Communication data: emails, phone call records, and notes from consultations.

We use your personal data to:

• Respond to your enquiries and provide payment consultancy services
• Match you with appropriate PSPs from our network
• Communicate updates about your application or account status
• Comply with our legal and regulatory obligations
• Improve our website and services through analytics
• Send relevant industry information (with your consent)

We process your personal data under the following legal bases (UK GDPR Article 6):

• Contract performance: processing necessary to provide our consultancy services
• Legitimate interests: improving our services and communicating with prospective clients
• Legal obligation: compliance with applicable UK laws and regulations
• Consent: for marketing communications and non-essential cookies

We share your data with third parties only where necessary and on a lawful basis:

• PSP partners: We share relevant business information (not your personal data beyond what is necessary) with shortlisted PSPs as part of the matching process, with your explicit consent.
• Service providers: Email platforms, analytics tools, and CRM software we use to operate our business — all bound by data processing agreements.
• Legal authorities: Where required by law, court order, or regulatory requirement.

We do not sell your personal data to third parties.

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Specifically:

• Enquiry and contact data: 3 years from last contact
• Client records: 7 years (for tax and legal compliance)
• Analytics data: retained per LinkedIn's data retention policy (typically 90 days for pixel data)
• Marketing preferences: until you withdraw consent

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of the data we hold about you
• Right to rectification: request correction of inaccurate data
• Right to erasure: request deletion of your data (subject to legal obligations)
• Right to restrict processing: request we limit how we use your data
• Right to data portability: receive your data in a machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to withdraw consent: withdraw consent for marketing at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Our website uses browser storage and third-party tracking tools. We categorise these as follows:

• Strictly necessary (no consent required): We store your cookie preference in your browser's localStorage under the key icetree_cookie_consent. This is required for our consent mechanism to function and does not track you.
• Analytics & marketing (consent required): The LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company) sets a first-party cookie (li_fat_id) and collects data about your visit to measure the effectiveness of our LinkedIn campaigns. This is only loaded after you accept cookies. LinkedIn's privacy policy is available at linkedin.com/legal/privacy-policy.

You can withdraw consent at any time by clicking Cookie settings in the footer of any page. You can also clear cookies via your browser settings — if you do, your preference will be reset and the banner will reappear on your next visit.

Where we transfer data outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK ICO, or transfers to countries with an adequacy decision.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encryption in transit (TLS), access controls, and regular security reviews.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO website: ico.org.uk
ICO helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns directly first. Please contact us at [email protected].

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new "last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.