GDPR Compliance

Understanding your data protection rights under UK and EU GDPR regulations

Abstract illustration

This Data Protection & UK GDPR Compliance Policy (“Policy”) explains the standards and measures used by Compare A Price to meet data protection obligations in the United Kingdom, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. It is intended to provide transparency about how we approach data protection governance, security, and individual rights.

This Policy complements (and should be read alongside) our Privacy Policy and Cookie Policy, which provide specific information about how personal data is collected and used on the Website.


1. Who We Are

Compare A Price is a price comparison search engine that helps users explore and compare product listings, prices, and related information from third-party retailers and marketplaces.
Compare A Price is developed, operated, and owned by Worldwide Software Solutions.

For the purposes of data protection law, Worldwide Software Solutions is the data controller in relation to personal data processed through the Compare A Price Website, except where explicitly stated otherwise.

Contact for data protection enquiries:
Email: [email protected]
(Subject line: “Data Protection / UK GDPR”)


2. Our Commitment to Data Protection

We are committed to protecting personal data and handling it responsibly. We aim to:

  • process personal data lawfully, fairly, and transparently
  • collect only the data needed for defined purposes
  • keep personal data accurate and up to date where applicable
  • retain personal data only for as long as necessary
  • protect personal data using appropriate security measures
  • support individuals in exercising their data protection rights

This Policy describes the governance measures we apply to achieve these outcomes.


3. Scope

This Policy applies to:

  • the Compare A Price Website and related web services
  • personal data collected via contact forms, emails, subscriptions, and usage analytics
  • operational data such as security logs and fraud-prevention measures
  • third-party service providers acting on our instructions (processors)

This Policy does not replace legal or regulatory requirements, and it may be updated to reflect changes in law, technology, or business practices.


4. Key UK GDPR Principles We Follow

We align our compliance programme with the UK GDPR principles:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

We apply these principles when designing features, integrating tools (such as analytics and affiliate tracking), and selecting suppliers.


5. Lawful Bases for Processing

We only process personal data where we have a lawful basis under UK GDPR. Depending on the context, this may include:

  • Consent (e.g., where required for non-essential cookies or certain marketing emails)
  • Legitimate interests (e.g., improving the Website, analytics in permitted configurations, fraud prevention, security monitoring)
  • Legal obligation (e.g., responding to lawful requests from authorities)
  • Contract (where applicable to specific communications or services, though users typically do not create accounts)

Where we rely on legitimate interests, we aim to balance our interests against the rights and freedoms of individuals.


6. Transparency and Clear Information

We maintain public-facing notices to ensure transparency, including:

  • Privacy Policy – explains what personal data is collected and why
  • Cookie Policy – explains cookies, tracking, analytics, and affiliate attribution
  • Terms & Conditions – explains the nature of our service as a comparison engine

We aim to ensure these documents are:

  • written clearly and consistently
  • accessible from the Website footer
  • updated when our practices change materially

7. Data Minimisation and Purpose Limitation

Because Compare A Price does not offer user accounts, we minimise collection of personal data and focus on data required to operate the Website effectively.
We typically collect limited personal data such as:

  • device and browser information
  • IP addresses (where required for security/logging)
  • aggregated usage analytics
  • contact information only when users choose to contact us or subscribe

We do not seek to collect sensitive personal data (special category data) via standard Website use.


8. Cookies, Analytics, and Affiliate Tracking Governance

As a comparison search engine, Compare A Price uses technologies that may involve cookies or similar identifiers, including:

  • analytics tools (e.g., Google Analytics/GA4, Yandex Metrica, or similar tools depending on configuration)
  • affiliate networks and tracking links (to attribute referrals when users click to retailers)
  • performance and security tools

We implement cookie governance by:

  • using cookie banners and preference tools where appropriate
  • categorising cookies (strictly necessary, analytics, functionality, marketing/affiliate where applicable)
  • aiming to respect user preferences and consent signals
  • reviewing analytics configuration to reduce unnecessary data collection where feasible

Note: third-party retailers and affiliate networks have their own policies for cookies set on their domains. Our Cookie Policy explains this distinction.


9. Security Measures

We apply reasonable technical and organisational measures to protect personal data, which may include:

  • secure hosting and network protections
  • access controls and least-privilege permissions
  • encryption in transit (e.g., HTTPS) where applicable
  • monitoring for unusual activity and threats
  • regular software updates and patching practices
  • incident logging and security review processes

No online system can be guaranteed 100% secure. However, we aim to maintain safeguards appropriate to the nature of the data processed and the scale of our services.


10. Data Retention and Deletion

We retain personal data only as long as necessary for the purposes described in our Privacy Policy and for legitimate operational needs, such as:

  • responding to enquiries
  • maintaining security and preventing fraud
  • addressing technical issues
  • complying with legal requirements

Where data is no longer required, we aim to delete it or anonymise it in a secure manner.


11. Processor and Supplier Management

We may use third-party providers to support Website operations (for example, hosting, analytics, consent tools, and email providers). Where such providers process personal data on our behalf, we seek to:

  • select suppliers with appropriate security and privacy standards
  • put suitable contractual arrangements in place (including data processing terms where required)
  • restrict processing to documented instructions
  • periodically review supplier practices where appropriate

12. International Data Transfers

Because the Website is accessible internationally and may use global service providers, personal data may be transferred outside the UK in limited circumstances.
Where international transfers occur, we aim to implement appropriate safeguards, such as:

  • adequacy regulations where recognised
  • standard contractual clauses (or equivalent mechanisms)
  • risk-based assessments of transfer arrangements where appropriate

Details of transfers and categories of recipients are typically described in the Privacy Policy.


13. Individual Rights Requests (DSARs)

Individuals may have rights under UK GDPR, including:

  • the right to access personal data
  • the right to rectification
  • the right to erasure (in certain circumstances)
  • the right to restrict processing
  • the right to object (including to certain processing based on legitimate interests)
  • the right to data portability (where applicable)
  • the right to withdraw consent (where processing is based on consent)

We aim to respond to valid requests within statutory timeframes. To help us verify and process requests securely, we may ask for additional information to confirm identity.
To submit a request:
Email: [email protected]
Subject: “Data Request (UK GDPR)”


14. Children’s Data

The Website is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data via the Website, please contact us so we can take appropriate action.


15. Data Breach and Incident Management

We take security incidents seriously. If we become aware of a personal data breach, we will assess:

  • the nature and scope of the incident
  • the risk to individuals
  • whether notification is required to the Information Commissioner’s Office (ICO)
  • whether affected individuals should be informed

We aim to follow applicable legal requirements and best practices when responding to incidents.


16. Privacy by Design and Default

We aim to apply “privacy by design” and “privacy by default” principles when developing and improving the Website, including:

  • minimising data collection by default
  • limiting retention periods where feasible
  • reviewing third-party tool configurations
  • using consent mechanisms where required
  • applying appropriate access controls and monitoring

17. Training and Accountability

We recognise that compliance requires accountability. We aim to maintain appropriate internal practices, which may include:

  • documenting data protection responsibilities
  • keeping relevant policies up to date
  • applying access controls to reduce risk
  • reviewing changes to tracking or analytics tools
  • maintaining records to demonstrate compliance where appropriate

18. Complaints and the ICO

If you have concerns about how personal data is handled, you can contact us first so we can address your concerns. You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
(You can find their contact details on the ICO’s official website.)


19. Changes to This Policy

We may update this Policy from time to time to reflect changes to legal requirements, technology, or our practices. When changes are made, the “Last updated” date will be amended.


20. Contact Us

For data protection queries, rights requests, or concerns:

Compare A Price

Developed operated & owned by Worldwide Software Solutions
Website: www.compareaprice.co.uk
Email: [email protected]


Last updated: 02/02/2026