Privacy Policy | BusinessShop

Privacy Policy

BusinessShop.com  |  Operated by Ulist Pty Ltd T/A Uleads Digital
Level 2/89 McLachlan St, Fortitude Valley QLD 4006, Australia
Last updated: April 2026

This policy applies to users in all regions we operate. Jump to your region:

πŸ‡¦πŸ‡Ί Australia πŸ‡¬πŸ‡§ United Kingdom πŸ‡¨πŸ‡¦ Canada πŸ‡ΊπŸ‡Έ United States

Contents

  1. Who We Are
  2. Definitions
  3. Our Services
  4. How Our Services Work
  5. What Personal Information We Collect
  6. How We Use Your Information
  7. Legal Basis for Processing
  8. Contacting You (Calls, SMS, AI)
  9. Sharing Your Personal Information
  10. International Transfers
  11. Data Retention
  12. Cookies and Tracking
  13. Service Providers
  14. Security
  15. Children's Privacy
  16. Your Rights by Region
  17. Changes to This Policy
  18. Contact Us

1. Who We Are

BusinessShop.com is operated by Ulist Pty Ltd T/A Uleads Digital ("we", "us", "our"), a company registered in Australia. We operate a comparison and lead generation platform that connects individuals and businesses with relevant third-party providers across insurance, finance, and other verticals.

We operate across Australia, the United Kingdom, Canada, and the United States. Depending on your location, different privacy laws apply to how we handle your personal information. See Section 16 for your region-specific rights.

2. Definitions

  • Service: The BusinessShop.com website and platform operated by Ulist Pty Ltd T/A Uleads Digital.
  • Personal Data / Personal Information: Any information relating to an identified or identifiable individual.
  • Usage Data: Data collected automatically from your use of the Service (e.g. pages visited, time spent, IP address).
  • Cookies: Small files stored on your device to help us operate and improve our Service.
  • Data Controller: The entity that determines the purposes and means of processing personal data. We are the Data Controller for personal data collected through our Service.
  • Data Processor / Service Provider: A third party that processes data on our behalf under our instructions.
  • Lead: A record created when you submit an enquiry through our platform.
  • Provider: A third-party company (e.g. insurer, lender) to whom we may pass your enquiry details.

3. Our Services

We provide services including:

  • Connecting users with providers for quotes, consultations, or services
  • Providing editorial content and comparisons
  • Sending offers, insights, and updates
  • Facilitating participation in surveys, promotions, or market research

4. How Our Services Work (IMPORTANT)

Our platform is designed to help you find relevant providers quickly. We use automated systems to score and prioritise leads and to match enquiries with providers.

If an automated decision has a legal or similarly significant effect on you (for example, a decision that materially affects your ability to obtain a service), you have the right to request a human review, to obtain an explanation of the decision, and to contest the outcome. To request a review contact [email protected]. We will acknowledge requests within 5 business days and respond substantively within 30 calendar days.

When you submit a form:

  • You provide your details and requirements
  • We assess your request (including automated processing where applicable)
  • We match you with relevant third-party providers
  • Your details are shared with those providers
  • Providers may contact you directly by:
    • Phone
    • Email
    • SMS or messaging apps (e.g. WhatsApp)

In some cases we may contact you first to confirm your details, or you may be redirected directly to a provider.

5. What Personal Information We Collect

a) Information you provide

  • Name, email address, phone number
  • Address or postcode
  • Product or service requirements
  • Business name, type, and size (where applicable)
  • Any additional information submitted relevant to the product or service

b) Automatically collected data

  • IP address
  • Device and browser information
  • Usage behaviour and pages visited
  • Cookies and tracking data

c) Additional data sources

  • Marketing partners
  • Data enrichment providers
  • Publicly available data

d) Lead generation-specific data

  • Partially completed form data
  • Lead scoring and profiling data
  • Disposition data (e.g. whether you purchased from a provider)

e) Call Recording

Some providers you are connected with through our platform may record calls for quality assurance, training, fraud prevention, and dispute resolution purposes. Please refer to the relevant provider's privacy policy for details on how they handle call recordings.

6. How We Use Your Information

We use your data for:

Core services

  • Matching you with relevant providers
  • Delivering quotes or recommendations

Lead distribution

  • Sharing your details with providers so they can contact you

Verification and fraud prevention

  • Ensuring submissions are genuine
  • Preventing duplicate or fraudulent leads

Communications

  • Responding to enquiries
  • Customer support and feedback

Marketing and advertising

  • Sending relevant offers
  • Creating custom and lookalike audiences
  • Measuring campaign performance

Service improvement

  • Analytics and user behaviour insights
  • Lead scoring and optimisation

7. Legal Basis for Processing

Our legal basis for processing depends on your region:

  • Australia: We collect and use personal information where it is reasonably necessary for our functions (APP 3), where you would reasonably expect it, or where you have provided consent.
  • UK / EEA: We process personal data on the basis of contract performance, legitimate interests, consent, or legal obligation under UK GDPR / EU GDPR.
  • Canada: We collect, use, and disclose personal information with your knowledge and consent, or where otherwise permitted under PIPEDA.
  • United States: We process data in accordance with applicable state privacy laws including CCPA/CPRA (California) and other applicable state frameworks.

Lawful basis and processing matrix:

Processing Activity Primary APPs (AU) UK/GDPR Basis Other Laws
Collecting form data to fulfil enquiriesAPP 3; APP 5; APP 1Contract; Legitimate interestsConsumer law obligations
Sharing leads with third-party providersAPP 6; APP 1Contract; Legitimate interestsContract law; consumer protection
Marketing communications (email, SMS, WhatsApp)APP 6; APP 5Consent; Legitimate interestsSpam Act 2003; CASL; CAN-SPAM; Do Not Call Register
Automated matching and lead scoringAPP 1; APP 3; APP 6; APP 5Legitimate interestsOAIC guidance; ICO guidance
Fraud prevention and verificationAPP 3; APP 6; APP 11Legitimate interests; Legal obligationCriminal law interfaces
Analytics and advertising measurementAPP 6; APP 11; APP 1Consent; Legitimate interestsAd platform policies
Cross-border transfersAPP 8Art. 46 UK GDPR safeguardsPIPEDA; International transfer rules
Data subject access, correction, deletionAPP 12; APP 11Art. 15–22 UK GDPROAIC; ICO; PIPEDA; CCPA
Backups and disaster recoveryAPP 11; APP 1Art. 32 UK GDPRN/A
DPIAs and Records of Processing We perform Data Protection Impact Assessments (DPIAs) for high-risk processing activities including profiling, automated decision making, and large-scale cross-border transfers. We maintain a Record of Processing Activities (RoPA) documenting categories of personal data, purposes, recipients, retention periods, and safeguards. Summaries are available on request from [email protected].

8. Contacting You (Calls, SMS, AI)

When you provide your contact details, we or the providers we connect you with may contact you via phone calls, SMS, messaging platforms (e.g. WhatsApp), and email. This may include manual contact by our team or automated and AI-assisted tools.

You can opt out at any time by following the unsubscribe instructions in any message or contacting us at [email protected].

We comply with applicable anti-spam and telemarketing laws in each region we operate, including Australia's Spam Act 2003 and Do Not Call Register Act, Canada's CASL, and the US CAN-SPAM Act. All marketing messages will clearly identify us and include a functional unsubscribe mechanism.

9. Sharing Your Personal Information

We may share your data with:

a) Service providers

(e.g. hosting, CRM, analytics providers, data enrichment or validation partners)

b) Third-party providers (key function)

When you submit an enquiry, your data is shared with relevant providers who may contact you directly. These providers may act as independent controllers of your data and have their own privacy policies.

c) Advertising platforms

(e.g. Google, Meta, TikTok). We may share pseudonymised data to measure campaign performance and build custom or lookalike audiences.

d) Business transactions

If Ulist Pty Ltd T/A Uleads Digital is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

e) Law enforcement

We may disclose your data where required by law or in response to valid requests by public authorities (e.g. a court or government agency), or where we believe disclosure is necessary to protect rights, property, or safety.

Processor and controller roles We will clearly identify, on request, which third parties act as independent controllers and which act as processors. Processor contracts require data processing terms consistent with applicable privacy laws, confidentiality and security obligations, and breach notification requirements. A current list of subprocessors is available on request from [email protected].

10. International Transfers

Your data may be transferred and processed outside your country of residence, including in Australia, the United States, and other countries where our service providers operate. We take appropriate steps to ensure your data is protected in accordance with applicable law, including standard contractual clauses, adequacy decisions, and equivalent contractual protections.

Contact [email protected] for information about safeguards used for a specific transfer.

11. Data Retention

We retain personal information only as long as necessary for the purposes collected and to meet legal obligations.

Data Type Retention Period
Lead/enquiry dataUp to 4 years
Marketing contact dataUntil opt-out or 12 months inactivity
Partial form data24 hours (backups up to 30 days)
Research dataUp to 4 years
Web analytics dataUp to 26 months

We securely delete or de-identify data when it is no longer required.

12. Cookies and Tracking

We use cookies, event tracking technologies, and advertising identifiers for website functionality, analytics, and advertising attribution. Cookie types include:

  • Session Cookies β€” to operate our Service
  • Preference Cookies β€” to remember your preferences and settings
  • Security Cookies β€” for security and fraud prevention
  • Analytics Cookies β€” to understand how visitors interact with our website

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our website. You can opt out of marketing communications at any time by contacting us at [email protected].

13. Service Providers

We work with third-party service providers who process data on our behalf. These providers only have access to your data to perform specific tasks and are contractually obligated not to use it for any other purpose.

Analytics: We use Google Analytics to monitor and analyse use of our Service. You can opt out by installing the Google Analytics Opt-out Browser Add-on. See Google's Privacy Policy for more.

Behavioural Remarketing: We use remarketing services including Google Ads and Meta (Facebook) to advertise to you on third-party websites. You can opt out of personalised Google advertising at google.com/settings/ads and manage Facebook advertising preferences at facebook.com/help.

We conduct security reviews before onboarding vendors and take reasonable steps to ensure third parties handle personal data appropriately.

14. Security

We implement appropriate technical, organisational, and physical measures to protect your data, including:

  • Encryption in transit (TLS 1.2 or higher) and at rest
  • Access controls and least-privilege authentication
  • Multi-factor authentication for administrative access
  • Firewall protections and anomalous access monitoring
  • Incident response procedures for detecting, reporting, and addressing data breaches

In the event of a data breach we will contain and remediate the incident promptly and notify affected individuals and relevant regulatory authorities as required by law in each jurisdiction. No method of transmission over the internet is 100% secure. If you believe your interaction with us is no longer secure, please notify us immediately at [email protected].

15. Children's Privacy

Our Service does not address anyone under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will take prompt steps to remove that information.

16. Your Rights by Region

Depending on where you are located, you may have specific rights regarding your personal information. Contact [email protected] to exercise any of the rights below. We will acknowledge requests within 5 business days and respond within 30 calendar days.

πŸ‡¦πŸ‡Ί Australia β€” Privacy Act 1988 (Cth) & Australian Privacy Principles

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Under Australian law you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate, incomplete, or outdated information
  • Opt out of direct marketing at any time
  • Make a complaint about how we handle your personal information

We are also subject to the Notifiable Data Breaches (NDB) scheme. If we become aware of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

If you are not satisfied with our response to a complaint, you may contact the OAIC:

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Mail: GPO Box 5218, Sydney NSW 2001

πŸ‡¬πŸ‡§ United Kingdom β€” UK GDPR & Data Protection Act 2018

For users in the United Kingdom, we act as a Data Controller under the UK GDPR and the Data Protection Act 2018. You have the right to:

  • Access your personal data (Subject Access Request)
  • Rectification of inaccurate or incomplete data
  • Erasure ("right to be forgotten") in certain circumstances
  • Restriction of processing
  • Data portability β€” receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests or direct marketing
  • Not be subject to solely automated decision-making with significant effects
  • Withdraw consent at any time where processing is based on consent

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

πŸ‡¨πŸ‡¦ Canada β€” PIPEDA & CASL

For users in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. You have the right to:

  • Access the personal information we hold about you
  • Challenge the accuracy and completeness of your information and have it corrected
  • Withdraw consent for the collection, use, or disclosure of your personal information at any time, subject to legal and contractual restrictions
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC)

We comply with Canada's Anti-Spam Legislation (CASL). We will only send commercial electronic messages where we have your express or implied consent, and all messages will include a clear and functional unsubscribe mechanism.

If you are not satisfied with our response to a complaint, you may contact the OPC:

πŸ‡ΊπŸ‡Έ United States β€” CCPA/CPRA & State Privacy Laws

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell
  • Delete your personal information
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of your personal information
  • Limit the use of sensitive personal information
  • Non-discrimination for exercising your rights

We honor browser and device-level opt-out signals, including Global Privacy Control (GPC). When we detect a valid GPC signal, we treat it as an opt-out of sale, sharing, and targeted advertising for that browser or device.

Other US States

Residents of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, and other states with applicable privacy laws may have rights to access, correct, delete, opt out of targeted advertising or sale, and appeal a denied request.

To exercise any US privacy rights, contact us at [email protected]. We will respond within the timeframe required by applicable law.

We comply with the CAN-SPAM Act for all commercial email communications. All marketing emails will clearly identify us, include our physical mailing address, and provide a functional opt-out mechanism.

17. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be published at businessshop.com/privacy-policy with a revised effective date. We encourage you to review this policy periodically.

18. Contact Us

For any privacy-related queries or to exercise your rights:

  • Email: [email protected]
  • Mail: Ulist Pty Ltd T/A Uleads Digital, Level 2/89 McLachlan St, Fortitude Valley QLD 4006, Queensland, Australia

We will acknowledge all requests within 5 business days and respond substantively within 30 calendar days.

BusinessShop.com is a free comparison and quote-matching service that helps business owners find and compare insurance and finance products. We are not an insurer, broker, lender, or credit provider, and we do not sell products or services directly. We may receive advertising fees or referral commissions from the providers we feature, which helps us keep this service free to use. These commercial relationships, along with our matching criteria and product availability, may influence how providers and products are presented on our site. We do our best to keep information up to date, but it may change at any time. Not all insurers, lenders, or business products available in the market are compared on this site.

Insurance Notice: BusinessShop.com is a comparison and lead-matching platform, not a licensed insurance provider, broker, or agent. Any quotes, coverage details, or policy terms you receive are provided solely by the licensed insurance providers you are connected with. All quotes are subject to the provider's own underwriting criteria and eligibility requirements. Coverage availability will depend on your business type, location, and individual circumstances.

Lending & Finance Notice: If you are using BusinessShop.com to explore business loans or commercial finance options, please note: we are not a lender or credit provider. Loan offers are provided solely by licensed lenders and finance providers. All loan terms, conditions, and approval criteria are determined by the provider. Not all lenders or commercial finance products in the market are compared, and availability will depend on your business circumstances and the provider's eligibility requirements.

Advertising Policy | Privacy Policy | Do Not Sell My Information | Work With Us | Privacy Notice for Californian Consumers