AATCC

Privacy Policy

How Colour Index International handles personal data — what we collect, the legal basis for processing, retention periods, and your rights as a data subject.

Draft template — Society of Dyers and Colourists to confirm before launch. The text below is a plain-language placeholder shaped to UK GDPR / DPA 2018 requirements. The SDC editorial board should review and amend before this notice becomes binding on visitors.

This Privacy Policy explains how the Society of Dyers and Colourists (“SDC”, “we”, “us”) handles personal data collected through Colour Index International (“the Service”). It applies to visitors of www.colour-index.com, registered subscribers, and manufacturers who submit product records for inclusion in the Index.

Last revised: 16 May 2026.

Data controller

The data controller is the Society of Dyers and Colourists, a registered charity in England and Wales (No. 212331), based at Perkin House, 82 Grattan Road, Bradford BD1 2JB, United Kingdom. For privacy enquiries, contact info@colour-index.com.

What we collect

We collect three categories of personal data:

  • Account information — name, email address, organisation, professional role, and password (stored as a one-way hash). Collected when you register, edit your profile, or contact support.
  • Technical logs — IP address, browser user-agent, referring page, request timestamps. Collected automatically by our hosting provider for security and abuse-prevention purposes.
  • Payment metadata — subscription tier, billing country, invoice references. Payment card details themselves are processed by our payment provider (Stripe) and never reach SDC servers.

We do not collect special-category data (health, race, religion, political opinion) through the Service. If you provide such data in correspondence, please do so only when strictly necessary.

Legal basis for processing

We rely on three legal bases under UK GDPR Article 6:

  • Contract — processing necessary to deliver the subscription you signed up for (Article 6(1)(b)).
  • Legitimate interest — security logging, fraud prevention, service improvement, and abuse-prevention measures (Article 6(1)(f)).
  • Consent — optional editorial updates and marketing communications from the SDC (Article 6(1)(a)). You may withdraw consent at any time.

Retention

Account information is retained for the duration of your subscription and for six years thereafter (to satisfy UK tax-record obligations). Technical logs are retained for ninety days. Payment metadata is retained for seven years (UK Companies Act requirements). Anonymised aggregate analytics are retained indefinitely.

Who we share data with

We share data only with the following categories of processor, each bound by a written data-processing agreement:

  • Our hosting provider (Cloudflare, Supabase) — infrastructure, storage, and content delivery.
  • Our payment provider (Stripe) — subscription billing.
  • Our analytics provider — aggregate page-view counts only; no personally-identifying information is shared.
  • Our email-delivery provider — transactional notices (sign-in confirmations, receipts) and optional editorial updates.

We do not sell personal data to third parties under any circumstances.

Cookies

We use a small number of cookies to keep you signed in and to measure aggregate usage. See the Cookies Policy for the full list and instructions on managing them.

International transfers

Some of our processors operate servers outside the United Kingdom (notably in the European Union and the United States). Where personal data is transferred to a country without an adequacy decision, we rely on the UK’s International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) supplemented by the UK Addendum.

Your rights

Under UK GDPR you have the right to:

  • Request a copy of the personal data we hold about you (subject access).
  • Ask us to correct inaccurate or incomplete data (rectification).
  • Ask us to delete your personal data where there is no legitimate reason for us to retain it (erasure).
  • Ask us to restrict processing in certain circumstances (restriction).
  • Object to processing carried out under legitimate interest (objection).
  • Request that we transfer your data to another controller in a structured, machine-readable format (portability).
  • Withdraw consent for any processing that relies on consent.

To exercise any of these rights, email info@colour-index.com. We will respond within one calendar month.

Complaints

If you believe we have mishandled your personal data, please contact us in the first instance. You also have the right to complain to the UK Information Commissioner’s Office (ico.org.uk, 0303 123 1113).

Updates to this policy

We may update this policy from time to time. Material changes will be announced on the home page and notified by email to registered subscribers at least thirty days before they take effect. The current version always carries a “Last revised” date at the top.