🛠️ Build the Future, Sell the Past - List Your Gear, Keep Every Penny.

Support JNXPC Limited Business Discord
AEM Labs Marketplace Logo
All PCs
All Gaming PCs
Budget Builds - Under £500 Mid-Range - £700 to £1000 High-End Gaming Rigs Overkill Setups

Full Sync Media

Full Sync Introduction Video Advertisement

Looking for gaming and tech news and reviews? Find it all on Full Sync Media.

Full Sync Article

See the article Full Sync Media wrote about AEM Labs Marketplace

See the article Full Sync Media wrote about AEM Labs Marketplace.

Components
All Components
CPUs Motherboards GPUs Memory Storage Cases Power Supplies CPU Coolers Case Fans (Coming Soon)

The Lab Journal by AEM Labs

The Lab Journal by AEM Labs: Is Your PC Ready for Windows 11? The Truth Before Windows 10 Support Ends

Is Your PC Ready for Windows 11? The Truth Before Windows 10 Support Ends

The Lab Journal by AEM Labs

The Lab Journal by AEM Labs: 5 Reddit Horror Stories of Buying and Selling Pre-Owned PC Hardware (and how to avoid them)

5 Reddit Horror Stories of Buying and Selling Pre-Owned PC Hardware (and how to avoid them)

Peripherals
All Peripherals
Keyboards Mice Monitors Speakers Headsets External Storage (Coming Soon) Cameras (Coming Soon) Microphones (Coming Soon)

AEM Labs Seller Academy

AEM Labs Seller Academy Coming Soon

Our Seller Academy is coming soon! Stay tuned for more information.

Your Ad Here

Featured Builds

Your Ad Here

Other Electronics
All Electronics
Video Game Consoles Controllers (Coming Soon) Video Games (Coming Soon) Laptops (Coming Soon) Mobile Phones (Coming Soon) Tablets (Coming Soon)

AEM Labs Seller Academy

AEM Labs Seller Academy Coming Soon

Our Seller Academy is coming soon! Stay tuned for more information.

Your Ad Here

Featured Builds

Your Ad Here

Accessories
All Accessories
Cables & Sleeves (Coming Soon) Monitor Mounts & Stands (Coming Soon) Mouse Mats (Coming Soon) Ambient Lighting (Coming Soon) RGB Lighting (Coming Soon)

AEM Labs Seller Academy

AEM Labs Seller Academy Coming Soon

Our Seller Academy is coming soon! Stay tuned for more information.

Your Ad Here

Featured Builds

Your Ad Here

Creators
Creator Hub
How It Works Apply Now Creator Support Hub Sellers Academy (Coming Soon)

Green Lycan Reviews

Green Lycan Reviews Youtube Channel Advertisement

Green Lycan Reviews tests games, computer gear and accessories so you don't have to!

Green Lycan x Symphorix

Symphorix Steam Game Advertisement

Symphorix is a survivor-like roguelite that blends ambient music with strategic pre-planning.

The Lab Journal
The Lab Journal
Blog Forums (Coming Soon)

Intel & Nvidia’s $5B Deal: A Power Move in the U.S. - China Chip War

The Lab Journal by AEM Labs: Intel & Nvidia’s $5B Deal: A Power Move in the U.S. - China Chip War

Nvidia invests $5B in Intel to build x86+RTX SoCs - a U.S. chip alliance forged in the shadow of the escalating U.S. - China tech war.

The Hidden Value in Old PC Parts: Why Buyers Love Second-Hand Tech

The Lab Journal by AEM Labs: The Hidden Value in Old PC Parts: Why Buyers Love Second-Hand Tech

New PC prices rise every year, but older parts hold surprising value. Learn how hardware pricing cycles work and why buyers love second-hand tech.

Back to Policies

Privacy Policy

Last updated: January 2025

1. Introduction and Controller Information

AEM Labs Limited ("we", "us", "our") operates the AEM Labs Marketplace platform. We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, process, store, and protect your personal information when you use our marketplace platform. We are committed to protecting your privacy and ensuring compliance with UK data protection laws.

2. Information We Collect

2.1 Account and Registration Information

When you create an account, we collect:

  • Name: First name and second name (surname)
  • Email Address: Used for account identification and communication
  • Username: Your chosen username for the platform
  • Password: Stored in hashed format using secure cryptographic hashing (SHA-256)
  • Phone Number: Required for seller accounts and optional for buyer accounts
  • Account Type: Buyer, seller, or creator account designation
  • Referral Code: Automatically generated based on your username
  • Email Confirmation Status: Whether your email has been verified
  • Creation Date: Timestamp of account creation

If you register using Google OAuth, we collect your name and email from your Google account.

2.2 Payment and Transaction Information

When you make a purchase, we collect and process:

  • Billing Address: Full billing address including street, city, county, postcode, and country
  • Shipping Address: Delivery address for your orders
  • Payment Method Information: Processed securely through Stripe - we do not store full card details
  • Payment Intent IDs: Stripe payment intent identifiers for transaction tracking
  • Transaction Amounts: Order totals, shipping costs, and fees
  • Order Details: Products purchased, quantities, prices, and order status

Important: We do not store your full credit or debit card numbers. All payment card information is processed directly by Stripe, our PCI-DSS compliant payment processor.

2.3 Seller Account Information

If you register as a seller, we additionally collect:

  • Business Information: Business type, shop name, and shop description
  • Business Address: Full business address including multiple address lines, city, county, postcode, and country
  • Business Phone Number: Contact number for your business
  • Public Seller ID: Unique identifier for your seller profile
  • Shop Status: Approval and operational status

2.4 Shipping and Delivery Information

We collect shipping information to fulfill your orders:

  • Delivery Addresses: Full shipping addresses including recipient name, address lines, city, county, postcode, and country
  • Delivery Preferences: Selected shipping methods and delivery options
  • Tracking Information: Tracking numbers and carrier information for shipped orders
  • Shipping Label Data: Shipping label costs and URLs (for sellers using our shipping services)

2.5 Communication and Messaging Data

When you use our messaging system:

  • Messages: Encrypted messages sent between users (buyers and sellers)
  • Conversation Metadata: Conversation IDs, participant IDs, timestamps
  • Encryption Keys: Public and private encryption keys (private keys stored encrypted in our database and temporarily in Redis for active sessions)

All messages are encrypted using AES-GCM encryption before storage.

2.6 Usage and Interaction Data

We automatically collect information about how you interact with our platform:

  • Product Interactions: Product views, clicks, and purchase events with timestamps and duration
  • Session Data: Session identifiers, authentication status, and session fingerprints (IP address prefix and browser family)
  • Referral Tracking: Referral codes clicked, click IDs, attribution data, country, device type, source, and origin URL
  • IP Address: Hashed IP addresses for security and analytics purposes
  • User Agent: Hashed browser and device information
  • Geographic Data: Country code derived from IP address
  • Device Information: Device type (mobile, desktop, tablet)

2.7 Reviews and Ratings

When you leave reviews or ratings:

  • Review Content: Written reviews and ratings you submit
  • Product Ratings: Numerical ratings for products
  • Review Timestamps: When reviews were submitted

2.8 Support and Contact Information

When you contact our support team:

  • Support Tickets: Support requests, messages, and related correspondence
  • Contact Information: Name, email, phone number, and order details provided in support requests

3. How We Use Your Information

We process your personal data for the following purposes and legal bases:

3.1 Contractual Necessity

We process your data to perform our contract with you:

  • Create and manage your account
  • Process and fulfill your orders
  • Facilitate payments and transactions
  • Arrange shipping and delivery
  • Enable communication between buyers and sellers
  • Provide customer support
  • Manage seller accounts and marketplace operations

Legal Basis: Performance of a contract (Article 6(1)(b) UK GDPR)

3.2 Legitimate Interests

We process your data for our legitimate business interests:

  • Prevent fraud and ensure platform security
  • Analyze platform usage and improve our services
  • Personalize your experience and product recommendations
  • Track referral programs and creator partnerships
  • Send transactional emails (order confirmations, shipping updates)
  • Maintain platform security through session fingerprinting
  • Conduct analytics and business intelligence

Legal Basis: Legitimate interests (Article 6(1)(f) UK GDPR)

3.3 Legal Obligations

We process your data to comply with legal obligations:

  • Maintain records for tax and accounting purposes
  • Comply with consumer protection laws
  • Respond to legal requests and court orders
  • Comply with data protection regulations

Legal Basis: Legal obligation (Article 6(1)(c) UK GDPR)

3.4 Consent

We process certain data based on your consent:

  • Marketing communications (where you have opted in)
  • Non-essential cookies and tracking technologies
  • Analytics and performance monitoring

Legal Basis: Consent (Article 6(1)(a) UK GDPR)

You can withdraw your consent at any time by contacting us or adjusting your account settings.

4. Data Storage and Security

4.1 Data Storage

Your personal data is stored securely in:

  • Secure Databases: Primary data storage for:
    • User accounts, authentication data, and encryption keys
    • Products, orders, seller accounts, and reviews
    • Encrypted messages and conversation metadata
    • User interaction and analytics data
  • Temporary Cache Storage: Used for:
    • Session data and authentication state
    • Temporary encryption keys for active sessions
    • Platform performance optimization

All data is stored in secure, access-controlled environments with appropriate technical and organizational measures to protect your information.

4.2 Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption:
    • Passwords are hashed using SHA-256 cryptographic hashing
    • Messages are encrypted using AES-GCM encryption
    • Private encryption keys are encrypted before storage
    • Data in transit is protected using TLS/SSL encryption
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Session Security: Session fingerprinting to detect unauthorized access attempts
  • Secure Payment Processing: Payment data processed through PCI-DSS compliant Stripe
  • Database Security: Secure database connections and access controls
  • Regular Security Reviews: Ongoing assessment and improvement of security measures

While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

5. Third-Party Services and Data Sharing

We use the following third-party services that may process your personal data:

5.1 Payment Processing

  • Stripe: Payment processing, card payments, and payment method management
    • Data shared: Billing information, payment amounts, order details
    • Purpose: Process payments and manage transactions
    • Privacy Policy: stripe.com/gb/privacy

5.2 Shipping Services

  • ShipEngine: Shipping label creation and tracking
    • Data shared: Shipping addresses, recipient names, order details
    • Purpose: Generate shipping labels and provide tracking
    • Privacy Policy: shipengine.com/privacy-policy

5.3 Email Services

  • ZeptoMail: Transactional email delivery
    • Data shared: Email addresses, names, order information
    • Purpose: Send order confirmations, shipping updates, and account communications

5.4 Analytics and Advertising

  • Google Analytics: Website analytics and user behavior tracking
    • Data shared: Anonymized usage data, page views, interactions
    • Purpose: Analyze website usage and improve user experience
    • Privacy Policy: policies.google.com/privacy
  • Google Ads: Advertising and conversion tracking
    • Data shared: Conversion events, anonymized user data
    • Purpose: Measure advertising effectiveness

5.5 Authentication

  • Google OAuth: Social login functionality
    • Data shared: Name, email address (with your consent)
    • Purpose: Enable Google account login
    • Privacy Policy: policies.google.com/privacy

5.6 Infrastructure Services

  • Redis: Session and cache storage (hosted infrastructure)
  • Kafka: Message queue for chat service (hosted infrastructure)

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for up to 7 years after account closure for legal and accounting purposes
  • Order and Transaction Data: Retained for 7 years to comply with tax and accounting obligations
  • Messages: Retained while your account is active; deleted upon account closure
  • Session Data: Retained temporarily in Redis; automatically deleted when sessions expire
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely for business intelligence
  • Support Tickets: Retained for 3 years after resolution for customer service purposes

You can request deletion of your data at any time, subject to our legal obligations to retain certain records.

7. Your Rights Under UK GDPR

As a data subject under UK GDPR and the Data Protection Act 2018, you have the following rights:

7.1 Right of Access (Article 15)

You have the right to request copies of your personal data. We will provide this information within one month of your request, free of charge (unless the request is manifestly unfounded or excessive).

7.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data. You can update much of your information directly through your account settings.

7.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Note: We may be required to retain certain data for legal compliance (e.g., transaction records for tax purposes).

7.4 Right to Restrict Processing (Article 18)

You have the right to request restriction of processing when:

  • You contest the accuracy of the data
  • The processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

7.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

7.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Currently, we do not use fully automated decision-making for such purposes.

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with:

  • Your full name and email address associated with your account
  • Clear description of the right you wish to exercise
  • Any relevant account information to help us locate your data

We will respond to your request within one month. If we need more time, we will inform you and explain why.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

8. International Data Transfers

Some of our third-party service providers may process your data outside the UK and European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the UK government
  • Adequacy decisions where applicable
  • Appropriate technical and organizational measures

By using our platform, you consent to the transfer of your data to these service providers as necessary for the operation of our services.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about the cookies we use, please see our Cookie Policy.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child under 18 has provided us with personal information, please contact us immediately at [email protected], and we will take steps to delete such information.

11. Data Breaches

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes (where we have your email address)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

AEM Labs Limited
Data Protection Officer
Email: [email protected]

We aim to respond to all inquiries within 30 days.