Data Protection and Privacy Policy

Scope and Purpose

This policy applies to all customers of our website and is designed to protect personal data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Our aim is to ensure the safety and security of all personal data we collect and process.

Data Collection

To fulfil orders efficiently, we collect only the essential personal data: name, email address, and shipping address. If an invoice is requested, we also collect the company name and address. This minimal information is necessary for the completion of any purchase through our website.

Lawful Basis for Processing

The collection of minimal data is necessary to fulfil the contractual obligations of sending purchased products to our customers. Without this information, we would be unable to complete orders.

Data Use

Collected data is used primarily for processing orders and customer service. For marketing purposes, communications will be sent no more than once a month and only with explicit consent from the customer.

Data Sharing and Disclosure

Personal data will be shared only with payment processors and delivery services to the extent necessary for completing and delivering orders. This sharing is crucial for the logistical aspect of our service.

Data Security

We ensure the security of personal data through the use of a professional hosting company, a unique, proprietary system, and two-factor authentication (2FA) for system access, safeguarding against unauthorised access, disclosure, alteration, or destruction of personal data.

Data Subject Rights

Although our system is secure, we will modify user data upon request, respecting the rights of individuals to access, correct, delete, or object to the processing of their personal data.

Data Retention

Personal data is retained as required by tax laws and to maintain service quality. This includes retaining customer and billing information and preserving issued invoices as mandated by law.

International Data Transfers

Our website is hosted in UK data centers, ensuring that we comply with UK data protection laws. We prioritise keeping our data within the UK and choose services and configurations that align with this commitment. However, the inherent nature of cloud computing means there could be scenarios where data is replicated across regions for redundancy and disaster recovery purposes. We ensure that any such data transfers are managed with the highest level of security and in compliance with applicable laws, making every effort to maintain data residency within the UK.

Cookies Policy

Our website uses cookies to enhance user experience and track website usage. We have a dedicated Cookies Policy page that details how you can manage your cookie preferences. For more information, please visit our Cookies Policy page.

Data Breach Notification Procedures

In compliance with UK laws, should there be any data breach that poses a risk to the rights and freedoms of individuals, we are committed to notifying the relevant supervisory authority within 72 hours of becoming aware of the breach. Affected individuals will also be informed in a timely manner if the breach is likely to result in a high risk to their rights and freedoms.

Age Restrictions

Our website and its content are designed to be appropriate for all ages. However, we do not specifically target children under a certain age, and we do not knowingly collect personal data from children without parental consent.

Third-Party Links Policy

Our website may contain links to third-party sites. Please be aware that we are not responsible for the privacy practices or content of these external sites. We encourage users to read the privacy policies of any website they visit.

Regular Policy Reviews

We regularly review our policies to ensure compliance with new and existing laws, reflecting changes in technology and the legal landscape. Updates to our policies will be posted on our website.

Policy Updates

The policy will be reviewed and updated as necessary, with the latest version immediately available on our website. Continuous notifications will not be sent due to the non-continuous nature of our service to customers.

Contact Information

For any data protection inquiries, please refer to the Contact page on our website.

Complaints and Enforcement

Complaints regarding data protection practices will be handled following UK standards. We are an ICO Registered Company, ensuring our adherence to high data protection and privacy standards.