Privacy Policy

1. Who we are

Peach Data is a trading name of Meridian Interface Ltd, a company registered in England and Wales (Company No. 16150489). Our registered address is Park House, Wilmington Street, Leeds, LS7 2BP.

We operate a B2B data intelligence platform, collecting and supplying verified contact data about UK businesses to sales organisations.

For data protection enquiries, contact us at: privacy@peachdata.co.uk

2. What data we hold and where it comes from

Peach Data compiles business contact information about UK businesses from the following publicly accessible sources:

• Food Standards Agency (FSA): business name, address and food hygiene rating data published under statutory mandate (hospitality vertical)
• Companies House: director and founder names, registered company addresses, company status and incorporation dates published on the statutory public register
• Google Places: business name, address, phone number and category information voluntarily published by business owners
• Public Funding Announcements: funding round type, amount raised, lead investors and round date sourced from public disclosures (funded companies vertical)

The data we hold includes: business name, business address, postcode, city, phone number, owner or director name, email address (where publicly available), business category, funding round details (where applicable) and business registration details.

All data relates to individuals in their capacity as business owners, directors or founders of UK commercial enterprises. We do not collect or process consumer personal data, sensitive personal data or data relating to children.

3. Our legal basis for processing

We process personal data under Article 6(1)(f) of the UK GDPR: Legitimate Interests.

Our legitimate interests are: compiling accurate, publicly available B2B contact data to enable sales organisations to identify and contact relevant UK businesses efficiently, supporting commercial activity across hospitality and growth-stage companies.

We have conducted a Legitimate Interest Assessment (LIA) confirming that:

• Our purpose is genuine and relevant to lawful commercial activity
• Processing is limited to the minimum data necessary
• All data is sourced from public registers where business operators have a reasonable expectation of commercial use
• The processing does not override the rights and freedoms of data subjects, who are acting in a commercial capacity
• Safeguards are in place including opt-out mechanisms, suppression lists, and TPS/CTPS screening

A copy of our LIA is available on request at privacy@peachdata.co.uk.

4. How we use the data

We use the data we hold to:

• Compile territory-based lead packages for sale to B2B sales organisations (including POS vendors, payment processors, agencies and startup vendors)
• Provide downloadable datasets via our customer portal
• Maintain data accuracy through regular review and re-verification
• Operate our suppression list to honour opt-out requests

We do not use the data for consumer marketing, profiling, automated decision-making, or any purpose unrelated to B2B commercial outreach.

5. Who we share data with

We supply compiled business contact data to our customers, organisations that have entered into a data licence agreement with Peach Data. Each customer is an independent data controller responsible for their own use of the data in compliance with UK GDPR and PECR.

We do not sell data to third parties outside of formal licence agreements. We do not share data with advertisers.

Our data infrastructure runs on Supabase (PostgreSQL), hosted on Hetzner servers located within the European Economic Area. We use Companies House API, Google Places API and FSA API to enrich our dataset. All third-party processors are subject to appropriate data processing agreements.

6. TPS and CTPS screening

All phone numbers in our dataset are screened against the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS) prior to inclusion in customer downloads. We re-screen our database on a regular basis.

Customers are contractually required to conduct their own TPS/CTPS screening before making marketing calls and bear full responsibility for compliance with the Privacy and Electronic Communications Regulations (PECR).

7. How long we keep data

We retain enriched lead records for a maximum of 12 months from the date of last verification, after which records are reviewed for accuracy and either updated or removed.

Suppression list entries (opt-outs) are retained indefinitely to prevent re-collection of opted-out individuals' data.

8. Your rights

As a data subject, you have the following rights under UK GDPR:

• Right to be informed: you have the right to know that we hold your data, which this policy fulfils
• Right of access: you may request a copy of any personal data we hold about you
• Right to rectification: you may request that inaccurate data be corrected
• Right to erasure: you may request deletion of your data. Where deletion is not possible (e.g. where data is sourced from public registers), we will add you to our suppression list to prevent re-collection and future sharing
• Right to object: you have an absolute right to object to processing for direct marketing purposes. We will action this within one month
• Right to restriction: you may request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at privacy@peachdata.co.uk. We will respond within one month. We will not charge a fee for reasonable requests.

9. How to opt out

To remove your details from the Peach Data database and all future customer exports, email privacy@peachdata.co.uk with the subject line "Opt Out Request" and include your name and the phone number or email address you wish to suppress.

We will process your request within 5 working days and add your details to our permanent suppression list.

10. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. This includes encryption of data in transit and at rest, access controls, and audit logging. Access to the Peach Data database is restricted to authorised personnel only.

11. Changes to this policy

We review this policy annually and following any significant change to our processing activities. The current version date is shown at the top of this page.

12. Complaints

If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:

We would appreciate the opportunity to address your concerns directly before you contact the ICO. Please email privacy@peachdata.co.uk first.