Norfolk & Suffolk
Trusted Traders
Trading Standards Approved and Vetted Trusted Traders
☰ Menu  |   Become a Trusted Trader
Print this page  |  
Trader Log-in
About Us  |  
News  |  
FAQs  |  
Become a Trusted Trader
HomePrivacy Policy

Cookie and privacy policy


    Trusted Trader is a website operated by Trusted Directory Services Ltd (TDS). This website hosts several Council operated Trusted Trader schemes.

    Last updated: April 2026

    Cookie data

  • TDS uses cookies to enhance your experience on this website. Cookies are small files that are placed on your computer by websites as you surf the internet. These files can help personalise your visit, for example by remembering the last time you visited, or what you searched for previously. Other cookies collect anonymous statistics, such as Google Analytics, which help websites like us improve the service we can offer to visitors.
  • Any cookies used on TDS are 100% anonymous and do not collect any personal information or information that can be used to identify an individual. We utilise first party cookies (originating from us, such as session IDs) and third party cookies (originating from partners such as Google and Facebook).
  • If you would like more information about third party cookies and would like to know your options in relation to not having this information used by these companies, then please visit this Google link.
  • If you want to opt out of Google Analytics tracking, then you can install a browser add-on which will block any Google Analytic traffic from any website: Google Analytics opt-out.
  • We are unable to offer a cookie-free version of our website, as this will affect the functionality and experience of your visit. If you do not want to receive any cookies, then the only option we can offer is not to use our website. To remove any cookies we may have already placed, empty the cookie cache on your browser by pressing Ctrl+Shift+Delete simultaneously and following the instructions. If this does not work, please consult your browser's help file.

    • Your personal data

  • TDS will be what's known as the 'Controller' of the personal data you provide to us.

    • Legal basis for processing personal data

  • Personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Depending on the activity, we rely on the following lawful bases: Performance of a contract – where processing is necessary to deliver services or meet contractual obligations, including obligations involving TransUnion; Legal obligation – where processing is required to comply with applicable laws, regulatory requirements, or statutory obligations; Legitimate interests – where processing is necessary for legitimate business purposes such as system security, fraud prevention, risk management, audit, and compliance, and where such interests do not override the rights and freedoms of individuals; Consent – where required by law, and where individuals have been provided with a clear choice and the ability to withdraw consent at any time.
  • Where legitimate interests are relied upon, appropriate assessments are conducted to ensure that the rights and freedoms of data subjects are protected. Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.

    • What we need and why we need it

  • For people signing up as a Trusted Trader member, we will collect certain data about you including name, address, email, business information and other contact details. This information will be used by TDS and Trading Standards in order to carry out the vetting of an applicant Trusted Trader. The full breakdown of the vetting activities can be seen here: Scheme Vetting Process
  • Trusted Trader applicants and members will receive email communications in order for the normal operation of their membership. This may include but is not limited to system emails such as password resets, consumer enquiries via trader contact forms and communications from TDS or Trading Standards in relation to their scheme membership. Members will also be able to opt in to regular newsletters containing important scheme updates and news. These newsletters can be opted out at any time.
  • Anybody leaving a review for a trusted trader, we will capture your name and telephone number to allow moderation and review verification. Except for your name which you can choose to hide or disclose, no personal details will be published or passed to any third party without your express permission. Published review content may be republished by the reviewed trader or other official sources as agreed by TDS.
  • For members of the public requesting the services of one of our members, if filling out a contact form, we will ask for your name, email address and first half of your postcode, so members have a rough idea of how far away you are. If you don't wish to leave this information, you can telephone the member directly from the telephone number on their profile.
  • For any other means of contact by either online, telephone or hardcopy, we may capture name, telephone number and email address to enable us to deal with the enquiry or problem.
  • Children under 13 years of age are required to have permission from their parent or legal guardian before disclosing any information on this website.

    • Credit reference and affordability checks

  • To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs). We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.
  • Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority. FCA Firm Reference Number: 742313.
  • TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority. FCA Firm Reference Number: 805757.
  • The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.
  • Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices: Creditsafe Transparency Notice; TransUnion CRAIN (Credit Reference Agency Information Notice); TransUnion Bureau Privacy Notice.

    • The source of personal data

  • We may collect personal data about you from: you directly; members of the public who contact traders or leave reviews through our website; publicly available sources (for example professional networking sites, business websites, and public records); credit reference agencies (CRAs) where required for identity, affordability or fraud prevention checks; and third party service providers used to support vetting, screening, and compliance processes.

    • What do we do with it?

  • All the personal data we process is processed by us in the UK however for the purposes of IT hosting and maintenance this information is located on servers within the UK. No third parties have access to your personal data unless the law allows them to do so. We will not share or sell your data to any third party.
  • We may share personal data with business partners, third-party service providers, regulators, or law enforcement bodies where required, and professional advisers. Where data is shared outside the UK, appropriate safeguards will apply.
  • We have a Data Protection regime in place to oversee the effective and secure processing of your personal data.

    • Provision of personal data

  • The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations. Personal data is required to: enter into and perform contracts with members, suppliers, or business partners; process applications, manage accounts, and deliver services; verify identity and prevent fraud; and comply with applicable legal, regulatory, accounting, and tax obligations.
  • If you choose not to provide the personal data we request: we may be unable to enter into a contract with you; we may be unable to provide services or process your application; we may be unable to conduct necessary verification, compliance, or fraud prevention checks; and as a result, our services may be delayed, restricted, or declined.
  • Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive services from us.

    • Non-automated decision making and profiling

  • We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management. These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.
  • The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement.

    • How long do we keep it?

  • For members, we will keep your personal data (name, address, contact details etc) whilst we are operating our business, until we cease trading or until you advise us that you no longer consent to us keeping your data. For members that have provided business documentation for review as part of the vetting process, any customer data, application and audit data is removed once your membership is approved or deleted.
  • For reviewers, we will keep your name, telephone and email if supplied, whilst we are operating our business, until we cease trading or until you advise us that you no longer consent to us keeping your data. This will allow us to provide a robust review system and allow us to automatically spot duplicate or suspicious reviews.
  • For any complaints data, contact details, emails and case notes are kept for up to two years. After this point data will be anonymised.
  • For any member work requests or general contact form enquiries, this data will be kept up to two years. After this point data will be anonymised.
  • Generic anonymised data is kept for as long as we are operating our business or until we cease trading to enable trends and data analysis to help form future decision making.

    • What are your rights?

  • If at any point you believe the information we process on you is incorrect you request to see this information and have it corrected or deleted, save in circumstances where we have a legal obligation or justification to retain data. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
  • In addition to the above, under UK data protection law you have the following rights in relation to your personal data: Right to restrict processing – you have the right to request that we limit how we use your personal data in certain circumstances; Right to data portability – you have the right to receive your personal data in a structured, commonly used, and machine readable format, and to request that we transfer it to another organisation where technically feasible; Right to object – you have the right to object to the processing of your personal data where we rely on legitimate interests or where data is used for direct marketing.
  • If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner's Office (ICO) - ico.org.uk
  • The Data Protection Officer for TDS is Steve Richardson who can be contacted on 0333 444 2198 or at info@trustedtrader.team. The TDS data protection registration number is ZA081479.
  • The Data Protection Officer for Norfolk County Council Trusted Trader can be contacted by letter to: DPO, Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2DH or by email to dpo@norfolk.gov.uk.
  • The Data Protection Officer for Suffolk County Council Trusted Trader can be contacted by letter to: Data Protection Team, Constantine House, 5 Constantine Road, Ipswich, Suffolk, IP1 2DH or by email to data.protection@suffolk.gov.uk.