Privacy policy

Our registered / trading address:

Unit 47, Cascades Shopping Centre, Portsmouth, PO14RL

We are the controller of your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What personal data we collect

We collect the following types of personal data:

Identity & contact information — name, billing/shipping address, email address, telephone number (when you place an order, create an account, contact us or sign up to our newsletter).

Order & payment information — products purchased, order details, payment method (we do not store full card numbers — these are handled securely by our payment processor).

Account information — username, password (hashed), order history (if you create an account on our website).

Communication data — messages, emails or chat enquiries you send us, and our replies.

Technical & usage data — IP address, browser type, device information, pages visited, time spent on site, referring site (collected via cookies & similar technologies — see our Cookie Policy below).

Marketing preferences — whether you have opted in to receive promotional emails / SMS.

We do not collect special category data (health, race, religion, etc.) or data about children under 16 without verifiable parental consent.

How we collect your data

Directly from you when you:

Place an order or check out as a guest

Create an account

Post a review (if enabled)

Automatically via:

Cookies, pixels and analytics tools on our website

Server logs

From third parties:

Our payment processor (e.g. Stripe / PayPal) confirms successful payment

Shipping carrier provides delivery updates (if you opt to track)

Why we process your data – lawful bases

We process personal data for the following reasons (and corresponding UK GDPR Article 6 lawful bases):

To fulfil your order, process payment and arrange delivery → contract (necessary to perform our sales contract with you)

To respond to your enquiries / customer service → contract or legitimate interests (running our business & providing support)

To comply with legal obligations (e.g. tax/accounting records, consumer rights under the Consumer Rights Act 2015) → legal obligation

To send you order updates, shipping notifications and essential service messages → contract or legal obligation

To send marketing emails / SMS (promotions, new binder designs, restocks) → consent (you can opt in at checkout / sign-up; we always provide an unsubscribe link)

To prevent fraud and protect our website → legitimate interests

Analytics to improve our site & product offerings → legitimate interests (we balance this against your rights and usually use anonymised/aggregated data where possible)

Who we share your data with

We share data only when necessary:

Payment processors (e.g. Stripe, PayPal) – for secure payment handling

Shipping / fulfilment partners (e.g. Royal Mail, DPD, Evri) – to deliver your binders

Email/marketing platforms (e.g. Klaviyo, Mailchimp) – if you opt in to marketing

Web hosting & analytics providers (e.g. Shopify, Google Analytics) – subject to strict processor agreements

Professional advisers (accountants, lawyers) when required

Law enforcement or regulators if legally required

We do not sell your personal data to third parties for their own marketing.

International transfers

Our website platform (Shopify) is based in Canada / USA and some tools (e.g. Google) are US-based. Where data is transferred outside the UK, we rely on UK-approved mechanisms such as International Data Transfer Agreements (IDTA) or the UK Extension to EU adequacy decisions where applicable.

How long do we keep your data

Order & tax records: 6 years (HMRC requirement)

Account data: until you delete your account (or 2 years after last login if inactive)

Marketing consent records: until you unsubscribe / withdraw consent

Enquiry/support tickets: 12–24 months

Analytics logs: usually 14–26 months (configurable in tools)

After these periods we securely delete or anonymise data unless required by law.

Your rights under UK GDPR

You have the following rights (subject to some exceptions):

Right to be informed (this notice)

Right of access – request a copy of your data

Right to rectification – correct inaccurate data

Right to erasure (“right to be forgotten”)

Right to restrict processing

Right to data portability

Right to object (especially to direct marketing or legitimate-interest processing)

Rights related to automated decision-making (we do not carry out profiling that produces legal effects)

To exercise any right, email us at [your email]. We will usually respond within one month (free of charge in most cases).

You can also complain to the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint or call 0303 123 1113.

Cookies & similar technologies

Our website uses cookies and similar tech for essential functions (cart, checkout), analytics (Google Analytics), and marketing pixels (if enabled).

We ask for your consent via a cookie banner before placing non-essential cookies. You can manage preferences at any time via our cookie settings or your browser.

See our separate Cookie Policy [link if you have one] for full details.

Marketing

We only send promotional emails/SMS if you explicitly opt in. Every message contains a clear unsubscribe link. You can withdraw consent at any time without affecting your previous orders.

Security

We take reasonable technical and organisational measures to protect your data (e.g. encryption in transit, secure hosting, access controls). However, no internet transmission is 100% secure.

Changes to this policy

We may update this notice from time to time (e.g. new tools or legal changes). The updated version will be posted here with a new effective date. We may also notify you by email of significant changes.

If you have any questions about this Privacy Policy or our data practices, please contact:

Post: Unit 47, Cascades Shopping Centre, Portsmouth, PO14RL

Email: robert@lpmportsmouth.co.uk