Privacy Policy

This Privacy Policy explains how we process personal data when you visit our website or use our services. Please replace placeholders with your company details.

Controller

Company Name Ltd. / GmbH
Example Street 1
12345 Example City
Country
📧 hello@example.com
☎️ +44 20 1234 5678
🌐 https://www.example.com
Data protection contact (if applicable): privacy@example.com

Personal data we process & purposes

We process data you provide and data collected automatically when using our services.

Categories of data

  • Contact data (e.g., name, email, phone)
  • Account data (e.g., login identifiers, preferences)
  • Order & payment metadata (no full card data on our servers)
  • Usage data (e.g., pages visited, device/browser information)
  • Support communications (tickets, emails)

Purposes

  • Provide and operate the website and services
  • Account creation and authentication
  • Order processing and customer support
  • Security, fraud prevention, and abuse detection
  • Analytics and product improvement
  • Legal compliance

Legal bases

We rely on the following legal bases under GDPR/UK GDPR:

  • Art. 6(1)(b) — performance of a contract or steps prior to entering a contract
  • Art. 6(1)(a) — consent (e.g., where explicitly requested)
  • Art. 6(1)(f) — legitimate interests (e.g., security, product improvement)
  • Art. 6(1)(c) — compliance with legal obligations

Processors & recipients

We use carefully selected processors and service providers under data processing agreements.

  • Hosting and infrastructure providers
  • Content delivery networks
  • Email and helpdesk systems
  • Payments: customers connect their own payment provider accounts; provider fees are paid directly to those providers

International data transfers

Where data is transferred outside the EU/UK, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and assess partner adequacy measures.

Retention

We retain personal data only as long as necessary for the purposes above or as required by law. Afterwards, we delete or anonymize it.

Cookies & analytics

We use essential cookies that are necessary for basic functions. Non-essential analytics are optional.

  • Essential cookies: strictly necessary to provide the service
  • Optional analytics: only activated with your consent (if enabled)

If enabled, we use privacy-friendly analytics with no cross-site tracking or personal profiles. IP addresses are not stored in full.

Your rights

Under GDPR/UK GDPR you have the following rights, subject to legal conditions:

  • Access to your data
  • Rectification of inaccurate data
  • Erasure (‘right to be forgotten’)
  • Restriction of processing
  • Data portability
  • Objection to processing based on legitimate interests
  • Withdrawal of consent at any time (where processing is based on consent)

You also have the right to lodge a complaint with a supervisory authority in your habitual residence or place of work.

Security

We use appropriate technical and organizational measures (TOMs) to protect personal data against unauthorized access, loss, or misuse.

Children’s privacy

Our services are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us.

Changes to this policy

We may update this policy from time to time. Material changes will be indicated on this page.

Contact

For questions about this policy or your rights, please contact:
Company Name Ltd. / GmbHhello@example.com

Effective date: YYYY-MM-DD