Lotu.uk

 - UK Property Auctions

About

Articles

Privacy Policy

Last updated: July 2025

Welcome to Lotu.uk ("we", "us", or "our"). We are a UK property auction discovery platform that aggregates auction listings from auction houses across the United Kingdom. This privacy policy explains how we collect, use, and protect your personal information when you use our website and services.

We are committed to protecting your privacy and being transparent about our data practices. This policy outlines what personal data we collect, why we collect it, how we use it, and your rights regarding your data under UK GDPR.

Data Controller: Gradiente Ltd, registered office at 1 Transom Close, SE16 7FH, London. Company Registration No. 14584210

What We Do

Lotu.uk is a property auction discovery platform. We are not an auction house ourselves. Instead, we aggregate and display property auction listings from various UK auction houses, making it easier for buyers, investors, and homebuyers to find auction properties in one place. We also help auction houses by giving visibility to their auctions and sending potential buyers their way. Our platform includes houses, flats, commercial properties, and land across England, Scotland, Wales, and Northern Ireland.

Information We Collect

Information You Provide Directly

When you create an account or use our services, you may provide:

  • Account Information: Name, email address, and password when you register
  • Profile Information: Any additional information you choose to add to your account
  • Communications: Information you provide when contacting our support team
  • Preferences: Saved auction properties, saved searches, and other customization preferences

Information Collected Automatically

When you visit our website, we automatically collect:

  • Technical Information: IP address, browser type and version, operating system, device information, and screen resolution
  • Usage Information: Pages visited, time spent on pages, click patterns, search queries, and navigation paths through our site
  • Performance Data: Page load times, errors encountered, and other performance metrics

Payment Information

We use Stripe to process subscription payments. We store your Stripe customer ID and subscription details, but we do not store or have access to your payment card details. All payment information is handled securely by Stripe in accordance with their privacy policy and PCI DSS compliance standards.

Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Authentication tokens to keep you logged in and ensure site functionality
  • Analytics Cookies: Google Analytics to understand how our website is used and improve our services
  • User Experience: Microsoft Clarity to analyze user interactions and improve website usability

How We Use Your Information

We process your personal data for the following purposes:

  • Service Provision: To provide access to our auction discovery platform and maintain your account
  • Personalization: To save your preferred searches and auction watchlists
  • Communication: To send account verification emails, password reset instructions, and respond to support inquiries
  • Payment Processing: To manage subscription payments and billing
  • Security: To verify your identity, prevent fraud, and maintain platform security
  • Analytics: To understand website usage, improve our services, and fix technical issues
  • Legal Compliance: To comply with legal obligations and protect our legitimate interests

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide our services and manage your subscription
  • Consent: For non-essential cookies and marketing communications (where applicable)
  • Legitimate Interests: For website analytics, security monitoring, and service improvement
  • Legal Obligation: For compliance with accounting, tax, and other legal requirements

Third-Party Services

We use the following third-party services that may process your personal data:

  • Stripe (Ireland/US): Payment processing and subscription management
  • Google Analytics (US): Website usage analytics and performance monitoring
  • Microsoft Clarity (US): User behavior analytics to improve website experience
  • Sentry (US): Error monitoring and performance tracking
  • Resend (US): Email delivery for account verification and notifications
  • Vercel (US): Website hosting and content delivery

Some of these services are based outside the UK/EEA. Data transfers to these countries are protected by appropriate safeguards such as adequacy decisions, standard contractual clauses, or the service provider's certification under approved transfer mechanisms.

Data Retention

We retain your personal data for the following periods:

  • Account Data: Until you delete your account, plus up to 30 days for backup purposes
  • Payment Records: For 7 years as required by UK accounting and tax regulations
  • Analytics Data: Up to 26 months in Google Analytics, or until you opt out
  • Support Communications: Up to 3 years for quality assurance and training purposes
  • Security Logs: Up to 12 months for fraud prevention and security monitoring

We may retain anonymized or aggregated data indefinitely for statistical and analytical purposes.

Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security monitoring and vulnerability assessments
  • Staff training on data protection and security best practices
  • Incident response procedures for data breaches

While we take security seriously, no internet-based service can be guaranteed to be 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct any inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Limit how we use your personal data in certain situations
  • Right to Data Portability: Receive your personal data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw your consent for processing where we rely on consent

To exercise any of these rights, please contact us at support@lotu.uk. We will respond to your request within one month.

Complaints

If you have concerns about how we handle your personal data, please contact us at support@lotu.uk. We take all privacy concerns seriously and will investigate and respond to any issues you raise.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator:

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Children's Privacy

Our services are not intended for children under 18 years old. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us and we will delete such information.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "Last updated" date at the top of this policy.

For material changes that affect your rights, we will provide additional notice, such as sending an email notification to your registered email address.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

  • Email: support@lotu.uk