Privacy Policy

1 Privacy Policy

1.1 KJ Enterprises Holdings Ltd T/A AutoPostcode, referred to as (“AutoPostcode”, “we”, us”, “our”) takes its responsibilities under data protection legislation seriously.

1.2 This Privacy Policy aims to provide users of our services (“Users”, “you”, “your”) with a clear summary of how we use information that is provided to us and how AutoPostcode complies with applicable data protection laws, covering the following areas:

Section 2: Categories Of Users

Section 3: Purposes of Collection and Disclosure for Each Category of Users

− Company

− Agency

Section 4: Marketing and Analytics

Section 5: Security and Storage

Section 6: Disclosures Overseas

Section 7: Export outside the EEA

Section 8: Contacting Us and Your Rights

Section 9: Cookies

Section 10: Changes to this Privacy Policy

2 Categories of Users

2.1 There are 2 categories of Users:

(a) Company (i.e. Companies who sign up to AutoPostcode in order to use the API calls for their own website);

(b) Agency (i.e. companies who register as agency users in order to administer API calls and manage their clients.)

3 Purposes of Collection and Disclosure

3.1 In this section, we set out first the personal information we collect relating to all Users which we are the data controller in respect of (i.e. which AutoPostcode determines how to use within the scope of this Privacy Policy). We then set out the information we collect as a data processor on behalf of the users. In relation to both categories we set out:

  • The personal information we collect;
  • How we collect the personal information; and
  • The purposes for which we use and disclose personal information.

Please note that this does not describe the Agency’s use of personal information of their clients which the Agency is responsible for providing its own privacy notice or policy in respect of.

3.2 Under European Data Protection Law, we are required to identify the “legal grounds” on which we rely to process the information and these are set out next to each purpose for which we are a data controller. More information on legal grounds can be found at Appendix A

3.3 Information we collect from all Users

(a) Personal information we collect

  • Contact Information: including your name, email address and other contact details
  • Our correspondence: if you contact us, we will typically keep a record of that correspondence
  • Website and communication usage: details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access
  • API records: details of your the postcodes entered by all users.

(b) How we collect personal information

We collect this personal information from you directly when you register.

(c) Purpose of use and disclosure

We process your personal information as a data controller for the following purposes:

  • To provide our services to carry out our obligations arising from any agreements between you, Royal Mail and us, to respond to your queries and otherwise communicate with you.

Legal bases: contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you)

  • To improve our services to make our services more valuable or useful (e.g. when you have provided us with feedback), including to make our websites function correctly and undertake analytics (please see section 4 below).

Legal bases: consent, legitimate interest (to enable us to provide better services and to provide anonymised aggregated insight to our clients)

  • To inform you of changes to notify you about changes to our services.

Legal bases: legitimate interests (to notify you about changes to our services)

  • To reorganise or make changes to our business in the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.

Legal bases: legitimate interests (in order to allow us to change our business)

  • To comply with legal or regulatory obligations we may process your personal information to comply with our legal and regulatory requirements, which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Legal bases: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)

  • To third parties under our control to assist us with service delivery we may disclose your personal information to our service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and other KJ Enterprise Holdings Ltd group companies that perform activities on our behalf always subject to suitable safeguards. Specifically, we may disclose contact information of users to third parties under our control where requested.

Legal bases: legitimate interests (in order to use specialist service providers and operate our business efficiently)

3.4 Agency Users

(d) Purpose of use and disclosure

We also process your personal information as a data controller for the following purposes:

For marketing purposes to send you offers and marketing materials about AutoPostcode and KJ Enterprise Holdings Ltd suppliers and partners’ products and services by email or SMS, and where required by law, we will ask for your consent before we conduct any of these types of marketing. If you wish to opt out from receipt of marketing materials sent by AutoPostcode at any time, please use the opt out mechanism in the marketing material, or contact the Privacy Officer to let us know.

Legal bases: consent, legitimate interest (to keep you updated with news in relation to our services)

3.5 Agency Users

(a) Personal information we collect

In addition to the information set out in the All Users section above we may collect the following additional information as a processor for the Agency.

  • API Calls: We keep a log of all API calls in order to track the usage for billing purposes of both yours and your clients accounts.
  • Sensitive Information: including information to assess company’s details.

(b) How we collect personal information 

We collect API call records when you use AutoPostcode as an agency but also your clients usage. The instance occurs when a user enters their postcode and a dropdown is displayed with a list of postcodes.

(c) Purpose of use and disclosure

Except as set out in the All Users section above, we process your information from your agency and your clients. In providing our services to the potential client, we will use your information to communicate with you, organize your application information, coordinate your API usage. We will need to disclose your information to Royal Mail who provides us with the address data from whom we have a contract with to pay Royal Mail royalties.

For marketing purposes We may use your name, email address and contact details to send you more information and marketing materials about AutoPostcode and AutoPostcode’s suppliers and partners’ products and services by email, phone or SMS, and where required by law we will ask for your consent before we conduct any of these types of marketing. If you wish to opt out from receipt of marketing materials sent by AutoPostcode at any time, please use the opt out mechanism in the marketing material or contact the Privacy Officer to let us know.

4 Marketing and Analytics

4.1 We may collect data about your activities that does not personally or directly identify you when you visit our website. This information may include the content you view, the date and time that you view this content, the products you purchase or your location information associated with your IP address. We use the information we collect to serve you more relevant advertisements (referred to as “Retargeting”). We collect information about where you saw the advertisements we serve you and what advertisements you clicked on. You may opt-out of the automated collection of information by amending your web browser controls. Most advertising networks also offer you the option to opt out of targeted advertising. For more information, visit or

4.2 We may use Users’ information for data analytics purposes, including to create insights, reports and other analytics to provide benchmarks to our clients, improve our services and to market our services. The output of our analytics will never identify a particular User or AutoPostcode client.

4.3 We use Stripe for some of our payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at

5 Security and Storage

5.1 We hold your personal information in electronic form. To ensure your personal information is secure we use certified security standards and your data is encrypted in transit and at rest. Service providers may process the information for us, but only ever for the sole purpose of providing our services. Where a service provider holds your information, we require them to adhere to our approved standards of security to ensure the continuing protection of your personal information. Only authorised employees are granted access to your personal information and our procedures ensure that your personal information is only made available to employees where necessary. We audit and monitor our employee’s access to and handling of personal information.

5.2 We will retain your personal and sensitive information as directed by the Employer, or where we are a data controller when we no longer require it for any purpose for which it was collected. AutoPostcode will comply with its obligations to destroy, erase, or de-identify your personal information as required by applicable law.

5.3 AutoPostcode protects the personal information in its custody or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. You should be aware that confidentiality and security are not assured when information is transmitted through e-mail or wireless communication.

5.4 AutoPostcode will not be responsible for any loss or damage suffered as a result of a breach of security or confidentiality when information is transmitted by e-mail or wireless communication.

6 Disclosures Overseas

In certain limited circumstances AutoPostcode may disclose your personal information to an entity overseas. Generally speaking this is in circumstances where we have engaged a third party to carry out operations on our behalf, for example the use of data sub-processors. In such cases, personal information, as defined in Section 3, may be disclosed to data sub-processors overseas.

7 Export outside the EEA

7.1 Your personal information may be accessed by Employers, Candidates, Referees and/or our service providers (as the case may be), and/or stored at, a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country. We will, in all circumstances, safeguard personal information as set out in this Privacy Policy.

7.2 Where we transfer personal information from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals (see the full list here), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

7.3 Please contact us as set out in the “Contacting Us” section below if you would like to see a copy of the specific safeguards applied to the export of your personal information.

8 Contacting Us and Your rights

8.1 You have the right to access personal information AutoPostcode holds on you and to have incorrect information corrected. If you would like to obtain a copy of the personal information that AutoPostcode holds on you or to request a correction to personal information held by AutoPostcode, please contact our designated Privacy Officer who is accountable for AutoPostcode’s compliance with this Privacy Policy. The Privacy Officer can be contacted as follows:

Address: KJ Enterprises Holdings Ltd T/A AutoPostcode, Moss Bridge House, Moss Bridge Road, Rochdale, OL16 5EA


Phone: +441706318200 

3.3, AutoPostcode is the controller and in relation to that information, you may have the right to require us to:

(a) provide you with further details on the use we make of your information;

(b) provide you with a copy of information that you have provided to us;

(c) update any inaccuracies in the personal information we hold;

(d) delete any personal information the we no longer have a lawful ground to use;

(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;

(f) to ask us to transmit the personal data you have provided to us and we still hold about you to a third party electronically;

(g) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

(h) restrict how we use your information whilst a complaint is being investigated.

8.3 Your exercise of these data subject rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

8.4 If you are not satisfied with our use of your personal information or our response to any exercise of these rights, you have the right to complain to your local data protection regulator. If you are in the European Economic Area (EEA) a list of data protection regulators and their contact details can be found here.

8.6 If you have a dispute about personal information held by AutoPostcode and covered by the policy, we will investigate and provide you with a formal written response, generally within 30 days. We will investigate and deal with your complaint in a fair, efficient and timely manner. You can contact us at:

Address: KJ Enterprises Holdings Ltd T/A AutoPostcode, Moss Bridge House, Moss Bridge Road, Rochdale, OL16 5EA


Phone: +441706318200

9 Cookies Policy

AutoPostcode’s website uses the following cookies:

sessionid: To store session data of the logged in user. This is how we identify who is logged when they request an action

Google Analytics: To track our visitor behaviour

10 Children’s Privacy

Our services are not directed at people under the age of 16 (“Minors”) and we do not knowingly collect personal information from Minors. If you believe that we have been provided with personal information of Minors, please contact us by using in the information in the “Contacting Us and Your Rights” section above, and we will take steps to delete such information.

11 Changes to our Privacy Policy and/or Cookies Policy

10.1 We may change the content of our websites and how we use cookies and consequently, our Privacy Policy and our Cookie Policy may change from time to time in the future. If we change this Privacy Policy or our Cookies Policy, we will update the date it was last changed below. If these changes are material, we will indicate this clearly on our Website.

10.2 This Privacy Policy was last updated on 8 October 2019: For previous copies of the AutoPostcode Privacy Policy please contact our Privacy Officer using the details provided above.

Appendix A: Legal grounds

Legal grounds to justify use of personal information

Under European Data Protection Law, we are required to identify the “legal grounds” on which we rely to process the information. Use of personal information under European Data Protection Law must be justified under one of a number of “legal grounds” and we have set out the grounds in respect of each use above. The explanations of the legal grounds that justify our use of your personal information are as follows:

Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use [and may withdraw your consent by contacting us as set out in the “Contacting Us” section).

Contract performance: where your information is necessary to enter into or perform our contract with you.

Legal obligation: where we need to use your information to comply with our legal obligations.

Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.