Privacy Policy

1. Introduction

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This privacy policy explains how we collect, use, store, and protect your personal information when you use our website and services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

We are the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us using the details provided in our Contact Us page.

3. Information We Collect

• Personal identification information (name, email address, phone number, postal address)
• Payment information (processed securely through our payment providers)
• Order history and transaction details
• Account credentials (if you create an account)
• Communication preferences
• Device and browser information
• IP address and location data
• Cookies and similar tracking technologies (see our Cookie Policy)

4. How We Use Your Information

• To process and fulfil your orders
• To communicate with you about your orders and enquiries
• To send you marketing communications (with your consent)
• To improve our website and services
• To detect and prevent fraud
• To comply with legal obligations
• To personalise your shopping experience

5. Legal Basis for Processing

• Contract: Processing necessary to fulfil our contract with you (e.g., processing orders)
• Consent: Where you have given us explicit permission (e.g., marketing emails)
• Legitimate Interest: Where processing is necessary for our legitimate business interests
• Legal Obligation: Where we are required to process data by law

6. Data Sharing

• Payment processors to handle transactions securely
• Delivery partners to ship your orders
• Email service providers to send communications
• Analytics providers to help us understand website usage
• Legal authorities when required by law
• We do not sell your personal data to third parties

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption, secure servers, and regular security assessments. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Order information is typically retained for 7 years for tax and legal purposes. You can request deletion of your data at any time, subject to legal requirements.

9. Your Rights

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

10. Marketing Communications

We will only send you marketing communications if you have opted in to receive them. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. Please note that even if you opt out of marketing, we may still send you service-related communications about your orders.

11. International Transfers

Your personal data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO).

12. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and, where appropriate, by email.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: ico.org.uk

15. Contact Us

For any questions about this privacy policy or to exercise your data rights, please contact us through our Contact Us page or email us at support@xappiedirect.com.