DIY Toolshare

DIY Toolshare - Privacy Policy

Last updated: 21 May 26

What changed in this update (21 May 2026):

  • Section 3: Added hashed contact identifiers to the list of personal data we collect for advertising audience matching.
  • Section 4: Clarified that we use personal data to run advertising campaigns, including uploading hashed details to platforms like Google Ads.
  • Section 7: Updated the legitimate interests basis to explicitly cover cost-effective advertising and audience matching.
  • Section 9: Expanded the list of data recipients to include advertising and marketing platforms (such as Google Ads and Meta), with detail on what's shared and how.
  • Section 13: Added an explicit opt-out mechanism for advertising data sharing.
  • Section 14: Clarified the distinction between our privacy-friendly first-party analytics and our use of advertising platforms.

This Privacy Policy explains how DIY Toolshare Ltd (“DIY Toolshare”, “we”, “us”) collects, uses and shares personal data when you use our website, mobile application and related services (the “Platform”). We use UK English spelling and expand acronyms on first use for clarity.

1. Who we are

DIY Toolshare Ltd (company number 16526986). VAT (Value Added Tax): GB 501 7911 17. Contact: support@diy-toolshare.co.uk. We currently operate in the United Kingdom only.

2. Scope

This Policy applies to lenders and borrowers, visitors to our site/app, and any person contacting support or participating in promotions.

3. Personal data we collect

  • Account and profile data: name, email, phone, address/postcode, profile photo, verification status.
  • Identity verification data (for lenders and borrowers): ID document images, selfie checks, address checks, metadata and verification outcomes (processed via our provider, e.g., Stripe Identity).
  • Booking and transaction data: listings, prices, deposits, payouts, booking timestamps, delivery preferences, chat messages, reviews/ratings.
  • Payment data: tokenised card details and payout details (processed by our payments provider, e.g., Stripe). We do not store full card numbers.
  • Device/usage data: IP (Internet Protocol) address, device and browser info, app version, log files and event data.
  • Media and evidence: photos/video of tool condition at handover/return, and (for theft) police crime reference numbers.
  • Marketing and campaign data: UTM (Urchin Tracking Module) parameters such as utm_source, utm_medium, utm_campaign and utm_content; creator/influencer identifiers.
  • Advertising and audience matching identifiers: hashed (one-way encrypted) versions of your email address and, where available, phone number and postcode, which we share with advertising platforms to find similar audiences and measure campaign effectiveness.
  • Support communications and feedback.

4. How we use personal data

  • To operate the Platform and provide marketplace services (create accounts, host listings, process bookings and payments, communicate between users).
  • To perform identity and address checks for lenders and borrowers (fraud prevention and community safety).
  • To collect our fees and remit payouts, manage deposits, process adjustments and handle chargebacks.
  • To enforce on‑platform payments and anti‑circumvention rules by analysing transactional and behavioural signals.
  • To provide tool‑only Protection (if shown) and to manage claims/disputes using booking timestamps, chat logs, photos/video and deposit records; for theft, to process police crime reference numbers.
  • To provide privacy‑friendly analytics and measure campaign performance (including UTM parameters) and to improve the Platform.
  • To run advertising campaigns, including uploading hashed contact details to advertising platforms (such as Google Ads and, where applicable, Meta) for audience matching, lookalike modelling and conversion measurement. You can opt out of this processing at any time (see Section 13).
  • To comply with legal obligations (accounting/tax, law enforcement requests) and to protect our rights.
  • To send service messages; with consent, to send marketing communications (you may opt‑out at any time).

5. Fees, payments and VAT (Value Added Tax)

We process payment and payout information to collect fees, deposits and charges, and to pay lenders. Our commission is 20% (minimum £0.50) and may be subject to VAT where applicable. Any VAT on rentals (if due) is the lender’s responsibility.

6. Tax responsibilities (lenders)

Lenders are responsible for determining and meeting any tax obligations on income earned through the Platform, including reporting to HMRC (His Majesty’s Revenue and Customs). In the UK, the £1,000 trading allowance may apply; if your total income from such activities exceeds this, you must declare it via Self‑Assessment. We do not provide tax advice and do not withhold or remit tax on your behalf.

7. Lawful bases under UK‑GDPR (United Kingdom General Data Protection Regulation)

  • Contract: to provide the Platform (accounts, bookings, payments, verification where required).
  • Legitimate interests: to prevent fraud, secure the Platform, improve services, measure creator performance, enforce our Terms, and to operate cost-effective advertising (including audience matching using hashed identifiers with advertising platforms such as Google Ads and Meta), balanced against your interests and rights. You have the right to object to processing for advertising purposes at any time.
  • Legitimate interests: to prevent fraud, secure the Platform, improve services, measure creator performance and enforce our Terms (balanced against your interests and rights).
  • Legal obligation: accounting/tax records; responding to lawful requests.
  • Consent: optional marketing or non‑essential cookies (where used).

8. Automated decision‑making and profiling

We use limited automated processing (e.g., risk flags, verification outcomes, reputation signals) to protect users and the Platform. Where required by law, you may request human review of a decision.

9. Sharing personal data

We share personal data with: (a) service providers who process data on our behalf (e.g., payments and verification providers such as Stripe; hosting and infrastructure providers); (b) advertising and marketing platforms (such as Google Ads, and where applicable Meta) — in this case, we share only hashed (one-way encrypted) versions of contact identifiers such as your email address, phone number and postcode, so these platforms can match you to an existing account, build audience segments and measure the performance of our campaigns. The platforms cannot reverse the hash to recover your raw details, and we do not authorise them to use this data for their own independent marketing; (c) analytics providers (such as Plausible) for privacy-friendly, aggregated usage measurement; (d) other users when necessary to complete a booking (names and relevant profile elements, reviews); (e) law enforcement or regulators where legally required; and (f) professional advisers (legal/accounting). We do not sell personal data.

10. International data transfers

Where data is transferred outside the UK, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as appropriate, and supplementary measures where required.

11. Data retention (summary)

  • Account data: retained while your account is active; certain records kept for up to 6 years for accounting/tax.
  • Identity verification data: retained up to 5 years after last account activity for fraud prevention and compliance.
  • Booking/payment records and communications: generally up to 6 years for accounting/tax and dispute handling.
  • Marketing preferences: retained until you opt‑out or your account is deleted, then limited suppression records kept to honour your choice.

12. Security

We implement technical and organisational measures appropriate to risk, including encryption in transit, access controls, and regular review of permissions. No method is 100% secure; we encourage you to use strong passwords and keep them confidential.

13. Your rights

You have rights under UK data protection law, including the rights to access, correct, delete, restrict or object to processing, and data portability. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. To exercise your rights, contact support@diy-toolshare.co.uk.
You can object to our use of your data for advertising audience matching at any time by emailing support@diy-toolshare.co.uk. We will then suppress your hashed identifier from future uploads to advertising platforms. Note that you may still see our ads, but they will not be specifically targeted to you based on our customer data.

14. Cookies and privacy‑friendly analytics

We use privacy friendly first-party analytics (e.g., Plausible) to understand site usage without traditional third-party advertising cookies on our own site. Separately, we may use advertising platforms (such as Google Ads and Meta) for our marketing campaigns, which involves sharing hashed customer identifiers for audience matching (see Section 9) and may involve their tracking pixels on our site for conversion measurement, where you have consented via our cookie banner. We also process campaign parameters (UTM) embedded in links to measure creator performance. See our Cookies notice for details on the specific cookies and pixels in use.

15. Children

The Platform is not intended for children. You must be 18 or over to create an account or make a booking.

16. Complaints and contact

If you have concerns, contact us at support@diy-toolshare.co.uk. You can also complain to the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/ or by calling 0303 123 1113.

17. Changes to this Policy

We may update this Policy to reflect changes in law or our services. We will post the new version with an effective date and, where appropriate, notify you through the Platform.