GetBrent

Legal

Privacy Policy

Last updated: 21 April 2026

1. Who we are

GetBrent is a trading name of Fx Health Ltd, a company registered in England and Wales (company number available on request), which is operated under licence in the UK by Hall-McLean & De Watts (HM-D) Ltd. The getbrent.co.uk is a directory and marketplace connecting hirers and buyers with professional equipment hire and retail companies across the UK.

For the purposes of UK data protection law, Hall-McLean & De Watts (HM-D) Ltd is the data controller. If you have any questions about this policy or how we handle your data, contact us at hello@getbrent.co.uk.

2. What data we collect

From customers (hirers)

  • Name and email address when you submit an enquiry
  • The message content of your enquiry
  • Your hire dates and requirements if provided
  • IP address and browser information (analytics and security)

From vendors (hire companies)

  • Name, email address, and password (stored securely via Supabase Auth)
  • Company name, description, location, phone number, and website
  • Categories of equipment or services offered
  • Payment information - processed by Stripe; we do not store card details
  • Companies House number (if provided for verification)
  • Social media profile URLs (if provided)

Automatically collected

  • Cookies and similar tracking technologies (see our Cookie Policy)
  • Log data: IP addresses, browser type, pages visited, referrer
  • Usage data: search queries, clicks, time on site

3. How we use your data

  • Providing the service - passing enquiries to vendors, maintaining your account, processing payments.
  • Communications - sending enquiry confirmations, account notifications, and service updates.
  • Security - detecting fraud, preventing abuse, and protecting the integrity of the platform.
  • Improving GetBrent - analysing usage to improve search, listings quality, and user experience.
  • Legal compliance - meeting our obligations under UK law.
  • Marketing - only with your consent, or where we have a legitimate interest (e.g. notifying vendors of relevant platform updates).

4. Legal bases for processing

Under UK GDPR, we process your data on the following bases:

  • Contract - processing necessary to provide services you have requested (vendor accounts, enquiry forwarding).
  • Legitimate interests - platform security, fraud prevention, product improvement, and direct marketing to existing customers.
  • Consent - where we ask for it explicitly (e.g. marketing emails to hirers).
  • Legal obligation - where required by law.

5. Who we share your data with

  • Vendors - when you submit an enquiry, your name, email, and message are shared with the vendor you contacted.
  • Supabase - our database and authentication provider. Data stored within the EU.
  • Stripe - payment processing. Stripe is PCI DSS compliant.
  • Resend - transactional email delivery.
  • Anthropic - AI-powered features (enquiry summaries, vendor description generation). Data processed under Anthropic's enterprise terms.
  • Vercel - hosting and infrastructure. Data processed in accordance with Vercel's DPA.

We do not sell your personal data to third parties.

6. Data retention

  • Vendor accounts and listings: retained while the account is active, and for 2 years after deletion.
  • Enquiry data: retained for 2 years.
  • Payment records: retained for 7 years (legal requirement).
  • Log data: retained for 90 days.

7. Your rights

Under UK GDPR you have the right to:

  • Access - request a copy of the personal data we hold about you.
  • Rectification - ask us to correct inaccurate data.
  • Erasure - request deletion of your data in certain circumstances.
  • Restriction - ask us to limit how we process your data.
  • Portability - receive your data in a structured, machine-readable format.
  • Object - object to processing based on legitimate interests.
  • Withdraw consent - where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email hello@getbrent.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies to operate the platform and analyse usage. For full details see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your data - including encrypted connections (HTTPS), hashed passwords, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to this policy

We may update this policy from time to time. We will notify registered vendors of material changes by email. The current version is always available at this URL with the date it was last updated.