Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

• Contact Information: Name, email address, phone number, postal address
• Account Information: Username, password, account preferences
• Order Information: Billing and shipping addresses, payment information, purchase history
• Communication Data: Messages, inquiries, feedback, and customer service interactions
• Marketing Preferences: Newsletter subscriptions and communication preferences

1.2 Information We Collect Automatically

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent on pages, click-through rates, search queries
• Cookies and Tracking Data: As described in our Cookie Policy

1.3 Information from Third Parties

• Payment Processors: Transaction details and payment verification
• Delivery Partners: Shipping and delivery status updates
• Social Media: If you interact with us on social platforms

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Provision

• Processing and fulfilling your orders
• Managing your account and providing customer support
• Communicating about your orders, deliveries, and account
• Processing payments and preventing fraud

2.2 Business Operations

• Improving our website and services
• Conducting market research and analytics
• Managing inventory and supply chain
• Compliance with legal obligations

2.3 Marketing and Communications

• Sending newsletters and promotional materials (with your consent)
• Personalizing your shopping experience
• Recommending products based on your interests
• Conducting customer satisfaction surveys

3. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our contractual obligations for product sales and services
• Legitimate Interests: To improve our services, prevent fraud, and conduct business operations
• Consent: For marketing communications and non-essential cookies (where required)
• Legal Obligation: To comply with UK tax, accounting, and regulatory requirements

4. Sharing Your Information

We may share your personal information with:

4.1 Service Providers

• Payment Processors: For secure payment processing
• Shipping Companies: For order fulfillment and delivery
• IT Service Providers: For website hosting, maintenance, and security
• Marketing Partners: For email marketing and analytics (with appropriate safeguards)

4.2 Legal Requirements

We may disclose your information when required by law, court order, or to protect our legal rights and the safety of our users.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5. Data Retention

We retain your personal information for as long as necessary to:

• Provide you with our services
• Comply with legal, accounting, and regulatory requirements
• Resolve disputes and enforce agreements

Typical Retention Periods:

• Account Information: Until account deletion or 7 years after last activity
• Order Records: 7 years for tax and accounting purposes
• Marketing Data: Until you unsubscribe or withdraw consent
• Website Analytics: 26 months (Google Analytics default)

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us using the details in Section 10. We will respond within one month of receiving your request.

7. Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our cookie practices, please see our Cookie Policy.

Cookie Categories:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand website usage
• Marketing Cookies: Used for personalized advertising

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: SSL/TLS encryption for data transmission
• Access Controls: Restricted access to personal data on a need-to-know basis
• Regular Security Reviews: Ongoing assessment of security measures
• Staff Training: Regular data protection training for all employees
• Incident Response: Procedures for handling potential data breaches

While we strive to protect your personal information, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep your account information confidential.

9. International Transfers

Your personal data is primarily processed within the UK. When we transfer data outside the UK, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate data protection
• Standard Contractual Clauses: EU/UK approved contract terms
• Certification Schemes: Recognized data protection certifications

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):