Privacy Policy
1. Introduction
Apple and Blackcurrant Limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and share your personal data when you visit gadgetora.co.uk (the “Website”) or purchase products from us.
This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully. By using our Website, you acknowledge that you have read and understood this policy.
2. What Personal Data We Collect
Full name, email address, phone number, billing address, shipping address.
Products purchased, order values, order history, delivery preferences, returns and refund records.
Payment is processed securely via our payment provider. We do not store your full card number, CVV or PIN on our systems.
Username, encrypted password, wishlist, saved addresses and preferences (if you create an account).
IP address, browser type and version, device identifiers, pages visited, time spent, referring URLs, operating system.
Emails, support messages or enquiries you send us, and our responses.
3. How We Collect Your Data
We collect personal data in the following ways:
- Directly from you — when you place an order, create an account, contact us, subscribe to marketing or fill in forms on our Website;
- Automatically — through cookies and similar technologies as you browse the Website (see our Cookie Policy);
- From third parties — such as payment processors or fraud prevention services, where permitted by law.
4. How and Why We Use Your Data
We only process your personal data where we have a lawful basis to do so. The table below sets out our purposes and the legal basis for each:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your order, including payment and delivery | Performance of a contract |
| Managing your account and providing customer support | Performance of a contract / Legitimate interests |
| Fraud prevention, security and risk management | Legitimate interests / Legal obligation |
| Sending order confirmations, shipping updates and service notifications | Performance of a contract |
| Sending marketing emails and promotional offers (where opted in) | Consent |
| Improving our Website and user experience through analytics | Legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
| Resolving disputes and enforcing our Terms & Conditions | Legitimate interests / Legal obligation |
5. Marketing Communications
We will only send you marketing emails or promotional materials if you have given your consent to receive them. You may withdraw your consent and unsubscribe at any time by:
- Clicking the “unsubscribe” link in any marketing email;
- Emailing us at info@gadgetora.co.uk.
Withdrawing your consent will not affect the lawfulness of processing carried out before withdrawal.
6. Sharing Your Data
We do not sell your personal data. We may share it with trusted third parties only where necessary and for the purposes described in this policy:
- Payment processors — to securely process card transactions;
- Delivery and logistics providers — to fulfil and ship your order;
- IT and hosting providers — for website hosting, email and infrastructure services;
- Analytics providers — to understand how our Website is used (data is anonymised or pseudonymised where possible);
- Fraud prevention and security services — to detect and prevent fraudulent transactions;
- Professional advisers — including legal, financial and compliance advisers where required;
- Regulatory authorities and law enforcement — where required by law or court order.
All third-party service providers are required to handle your data securely and in accordance with applicable data protection law.
7. International Data Transfers
Some of our service providers may process personal data outside the UK or European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including:
- UK International Data Transfer Agreements (IDTAs);
- Standard Contractual Clauses (SCCs) approved by the relevant authority;
- Transfers to countries with an adequacy decision from the UK or European Commission.
8. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law:
| Data Type | Retention Period |
|---|---|
| Order and transaction records | 6 years (HMRC and tax compliance requirements) |
| Customer support communications | Up to 24 months from last contact |
| Account data (active accounts) | Duration of account plus 12 months after closure |
| Marketing preferences and consent records | Until you unsubscribe or withdraw consent |
| Technical/usage data (logs) | Up to 12 months |
| Fraud prevention records | As required by our legal and regulatory obligations |
After the applicable retention period, data is securely deleted or anonymised.
9. Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or alteration. These include:
- SSL/TLS encryption for all data transmitted between your browser and our Website;
- Restricted access to personal data on a need-to-know basis;
- Secure, access-controlled systems for storing data;
- Regular security reviews and updates.
You are responsible for keeping your account password confidential. Please notify us immediately if you suspect any unauthorised use of your account.
10. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — to request a copy of the personal data we hold about you;
- Right to rectification — to request correction of inaccurate or incomplete data;
- Right to erasure — to request deletion of your data where there is no longer a lawful reason to retain it;
- Right to restriction — to request that we limit how we process your data in certain circumstances;
- Right to data portability — to receive your data in a structured, commonly used format;
- Right to object — to object to processing based on legitimate interests or for direct marketing purposes;
- Right to withdraw consent — where processing is based on consent, to withdraw it at any time.
To exercise any of these rights, please contact us at info@gadgetora.co.uk. We will respond within one month. We may need to verify your identity before processing your request.
11. Cookies
We use cookies and similar tracking technologies on our Website to enhance your browsing experience, remember your preferences and analyse usage. For full details of the cookies we use and how to manage them, please see our Cookie Policy.
12. Children’s Privacy
Our Website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at info@gadgetora.co.uk and we will delete it promptly.
13. Complaints
If you have concerns about how we handle your personal data, please contact us in the first instance at info@gadgetora.co.uk. We will do our best to resolve your concern promptly.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be published on this page with a revised “Last updated” date. We encourage you to review this policy periodically. Where changes are significant, we will make reasonable efforts to notify you directly.
Company: APPLE AND BLACKCURRANT LIMITED
Company number: 15969853
Registered address: Academy House, 11 Dunraven Place, Bridgend, United Kingdom, CF31 1JF
Phone: +44 7418 635497
Email: info@gadgetora.co.uk | b2b@gadgetora.co.uk