1. Overview

GADGYO is an online retailer selling to customers across the United Kingdom. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of UK data protection law, GADGYO is the data controller responsible for your personal data.

This policy applies to all personal data we collect through our website, email communications, and customer interactions.

2. What Data We Collect

We collect and process the following types of personal data:

2.1 Information You Provide

• Identification and contact details: Name, email address, phone number
• Delivery information: Shipping address, delivery instructions
• Payment information: Payment card details are processed securely by our payment providers (Stripe, PayPal). We do not store your full card details on our systems
• Account information: If you create an account, we store your login credentials and order history
• Communications: Any messages, enquiries, or feedback you send us

2.2 Information We Collect Automatically

• Device and browsing data: IP address, browser type, device information, operating system
• Usage data: Pages visited, products viewed, time spent on site, referral sources
• Cookies and tracking technologies: See Section 8 for details

3. How We Use Your Data

We use your personal data for the following purposes:

• Order processing: To process and fulfil your orders, including payment processing and delivery
• Customer service: To respond to enquiries, provide support, and handle returns or refunds
• Fraud prevention: To detect and prevent fraudulent transactions and protect our business
• Legal compliance: To comply with legal obligations, including tax and accounting requirements
• Analytics and improvement: To understand how customers use our website and improve our services
• Marketing communications: To send promotional emails about products and offers (only where you have provided explicit consent, and you may withdraw this consent at any time)

4. Legal Bases for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Contract: Processing is necessary to fulfil our contract with you (e.g., processing and delivering your order)
• Legal obligation: Processing is required to comply with legal requirements (e.g., tax records, fraud prevention)
• Legitimate interests: Processing is necessary for our legitimate business interests (e.g., analytics, fraud detection, improving our services), provided your rights are not overridden
• Consent: For marketing communications and non-essential cookies, we rely on your explicit consent, which you can withdraw at any time

5. Sharing of Data

We share your personal data only when necessary to provide our services or comply with legal obligations. We work with the following categories of third parties:

5.1 Service Providers

• E-commerce platform: Shopify (our website hosting and e-commerce platform)
• Payment processors: Stripe, PayPal, and other payment gateways to process transactions securely
• Fulfilment partners: Third-party warehouses and suppliers who store, pack, and dispatch products on our behalf. Some fulfilment partners may be located outside the UK
• Shipping carriers: Courier and postal services to deliver your orders
• Email and marketing tools: Services that help us send order confirmations, shipping updates, and marketing communications (where you have consented)
• Analytics providers: Tools such as Google Analytics to understand website usage and improve our services

5.2 Legal Disclosures

We may disclose your personal data if required by law, court order, or to protect our legal rights, prevent fraud, or ensure the safety of our customers and business.

Important: We only share the minimum data necessary for each purpose. Our service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6. International Transfers

Some of our service providers and fulfilment partners are located outside the United Kingdom. This means your personal data may be transferred to, stored, or processed in countries outside the UK.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the UK Information Commissioner's Office (ICO)
• Adequacy decisions recognising that the destination country provides adequate data protection
• Binding corporate rules or other approved transfer mechanisms

If you would like more information about international transfers and the safeguards we use, please contact us.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations.

• Order and transaction data: Typically retained for up to 7 years to comply with tax and accounting requirements
• Marketing data: Retained until you withdraw consent or request deletion
• Account data: Retained until you request account deletion
• Analytics and usage data: Typically retained in anonymised or aggregated form

After the retention period, we securely delete or anonymise your data.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your browsing experience and understand how our website is used.

8.1 Types of Cookies We Use

• Essential cookies: Necessary for the website to function (e.g., shopping cart, checkout, security). These cannot be disabled
• Analytics cookies: Help us understand how visitors use our website (e.g., Google Analytics). These collect anonymised or aggregated data
• Marketing cookies: Used to deliver relevant advertisements and track campaign performance. These require your consent

8.2 Managing Cookies

Non-essential cookies are only set after you provide consent through our cookie banner.

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may affect website functionality.

For more information about cookies and how to control them, visit www.aboutcookies.org.

9. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (subject to legal obligations)
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Request a copy of your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent: Withdraw consent for marketing communications or cookies at any time

To exercise any of these rights, please contact us at info@gadgyo.com. We will respond to your request within one month.

9.1 Right to Complain

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

10. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, or misuse.

Our security measures include:

• Secure hosting through Shopify's infrastructure
• Encryption of data in transit (SSL/TLS)
• Secure payment processing through PCI-DSS compliant providers
• Access controls and authentication for our systems
• Regular security reviews and updates

Important: While we use reasonable measures to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

11. Children's Privacy

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13.

If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will take steps to delete that information promptly.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. The 'Last updated' date at the top of this page indicates when the policy was last revised.

We encourage you to review this policy periodically. Continued use of our website and services after changes constitutes acceptance of the updated policy.

For significant changes, we may notify you by email or through a prominent notice on our website.