General Data Protection Regulation (GDPR)

1. Purpose

To explain how Scale 3PL collects, uses, and protects personal data in line with UK GDPR and EU GDPR requirements.

This policy is designed to:

• ensure transparency in how customer data is handled

• protect personal data across all services

• demonstrate our commitment to data security and compliance

2. Scope

This applies to all customers, partners, and individuals whose data is processed by Scale 3PL across both UK and EU operations.

It covers:

• customer and delivery information

• communication data

• order and shipment details linked to individuals

3. Responsibilities

Scale 3PL

• acts as a responsible data controller or processor (depending on the service)

• ensures data is handled securely and in compliance with UK and EU GDPR

• implements appropriate technical and organisational safeguards

Our Team

• handle personal data with care and confidentiality

• only access data necessary to perform their role

• ensure customer data is used appropriately

4. Procedure Principles

1. Lawful & Fair Processing

We only use personal data where there is a valid legal basis, including:

• fulfilling customer orders and logistics services

• communicating with customers

• meeting legal and regulatory obligations

2. Data Minimisation

• we only collect the data necessary to provide our services

• we do not use data for unrelated purposes

3. Transparency

• we are clear about how and why data is used

• we only use data in line with the services we provide

4. Data Security

We take appropriate measures to protect personal data, including:

• secure systems and controlled access

• restricted data handling based on roles

• ongoing monitoring and improvement of security processes

5. Data Retention

• we retain personal data only for as long as necessary

• data is securely deleted or anonymised when no longer required

6. Data Sharing

• data is only shared where necessary to deliver services (e.g. carriers, partners)

• all third parties are required to meet data protection standards

• we do not sell personal data

7. International Data Transfers

Where data is transferred between the UK and EU or to other countries:

• appropriate safeguards are in place

• transfers comply with UK and EU data protection requirements

8. Your Rights

Under UK and EU GDPR, individuals have rights including:

• access to their data

• correction of inaccurate data

• deletion of data where applicable

• restriction or objection to processing

Requests can be made at any time and will be handled in line with legal requirements.

9. Use of Technology & AI

• we may use technology, including AI, to improve efficiency and accuracy

• AI supports our processes but does not replace human oversight

• Scale 3PL remains fully responsible for all services and decisions

5. Additional Controls

• data protection practices are regularly reviewed

• staff are trained in data protection responsibilities

• systems are monitored to ensure ongoing compliance

6. Related Articles

• AI Usage Statement

• Client Operational Playbook

7. Version Control

Version | Date | Author | Change
1.0 | 20 March 2026 | Nick Coleman | Initial version