Privacy Policy

Last updated: [DATE]

This Privacy Policy explains how [COMPANY NAME], a company registered in [COUNTRY] under registration number [COMPANY NUMBER], with its registered address at [COMPANY ADDRESS] (“we”, “us”, “our”), collects, uses, stores and protects personal data when you visit or use our website [WEBSITE URL].

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (the “EU GDPR”) and the United Kingdom General Data Protection Regulation as defined in the Data Protection Act 2018 (the “UK GDPR”) — together referred to in this Policy as the “GDPR” — as well as other applicable data protection laws. The UK GDPR and the Data Protection Act 2018 apply to individuals in the United Kingdom; the EU GDPR applies to individuals in the European Union and the European Economic Area.

1. Data Controller

The data controller responsible for the processing of your personal data is:

Company name: [COMPANY NAME]
Registration number: [COMPANY NUMBER]
Registered address: [COMPANY ADDRESS]
Email: [PRIVACY EMAIL]
Website: [WEBSITE URL]

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at [PRIVACY EMAIL].

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1. Account registration data

When you create an account on our website, we may collect:

full name;
email address;
phone number;
billing and delivery address;
login credentials;
account activity and order history.

2.2. Order and transaction data

When you purchase products from us, we may process:

purchased products;
order value;
payment status;
delivery information;
invoice details;
communication related to the order.

We do not store full payment card details unless explicitly stated. Payments may be processed by third-party payment service providers.

2.3. Contact form data

When you contact us through the website contact form, we may collect:

name;
email address;
phone number, if provided;
message content;
any other information you choose to provide.

2.4. Technical and usage data

When you visit our website, we may collect:

IP address;
browser type and version;
device type;
operating system;
pages visited;
time and date of visit;
referring website;
cookies and similar technologies.

3. Purposes of Processing

We process personal data for the following purposes:

to create and manage user accounts;
to process and deliver orders;
to issue invoices and payment confirmations;
to provide customer support;
to respond to contact form requests;
to improve website functionality and security;
to prevent fraud and misuse of our services;
to comply with legal, tax and accounting obligations;
to send service-related communications;
to send marketing communications, where legally permitted or where you have given consent.

4. Legal Basis for Processing

We rely on the following legal bases under GDPR:

Performance of a contract — when processing is necessary to create an account, process orders, deliver products, provide customer support or perform our services.
Legal obligation — when processing is necessary for accounting, tax, consumer protection or other legal requirements.
Legitimate interest — when processing is necessary to maintain website security, prevent fraud, manage customer relations and improve our services.
Consent — where required, for example for certain cookies, analytics tools or direct marketing communications.

The GDPR allows processing where there is a valid legal basis, such as contract performance, legal obligation, legitimate interest or consent.

5. Cookies and Similar Technologies

Our website may use cookies and similar technologies to ensure proper website functionality, improve user experience, analyze website traffic and support marketing activities.

Some cookies are necessary for the website to function properly. Other cookies, such as analytics or marketing cookies, may require your consent before they are placed on your device.

You can manage or withdraw your cookie consent through the cookie banner or your browser settings.

EU guidance states that certain cookies require user consent before they are used, especially where they are not strictly necessary for the website’s basic operation.

6. Sharing of Personal Data

We may share personal data with trusted third parties where necessary, including:

payment service providers;
delivery and logistics providers;
IT hosting and cloud service providers;
website analytics providers;
accounting, legal or compliance service providers;
public authorities, where required by law.

We only share personal data where there is a lawful basis to do so and only to the extent necessary for the relevant purpose.

7. International Transfers

If personal data is transferred outside the European Economic Area or the United Kingdom, we will ensure that appropriate safeguards are in place, such as European Commission adequacy decisions, UK adequacy regulations, Standard Contractual Clauses, the UK International Data Transfer Agreement (IDTA) or the UK Addendum, or other legally approved transfer mechanisms.

8. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods may include:

account data: for as long as your account remains active;
order and invoice data: for the period required by tax and accounting laws;
contact form messages: for as long as necessary to handle the request and any follow-up communication;
marketing data: until consent is withdrawn or the data is no longer needed;
technical logs: for a limited period necessary for security and maintenance.

After the applicable retention period expires, personal data will be deleted or anonymized.

9. Your Rights

Under GDPR, you may have the following rights:

the right to access your personal data;
the right to correct inaccurate or incomplete data;
the right to request deletion of your data;
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right to withdraw consent at any time;
the right to lodge a complaint with a supervisory authority — in the United Kingdom, the Information Commissioner’s Office (ICO, ico.org.uk); in the European Union, your local data protection authority.

You can exercise your rights by contacting us at [PRIVACY EMAIL].

The right of access and data portability are specifically recognised under both EU and UK data protection rules.

10. Account Deletion

If you have created an account on our website, you may request deletion of your account by contacting us at [PRIVACY EMAIL].

Please note that we may be required to retain certain information where necessary to comply with legal, tax, accounting or fraud-prevention obligations.

11. Marketing Communications

We may send marketing communications only where permitted by law or where you have given your consent.

You may unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us at [PRIVACY EMAIL].

Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.

12. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

These measures may include access controls, encryption, secure hosting, regular monitoring and internal data protection procedures.

13. Children’s Data

Our website and services are not intended for children under the age of [AGE, e.g. 16]. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will take steps to delete it.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices, content or security of such external websites. We recommend that you read their privacy policies before providing any personal data.