PRIVACY POLICY

 

LAST UPDATED: 19/06/2025

 

This Privacy Policy describes how Percalis ("we", "us", or "our"), as the Data Controller, collects, uses, and shares your Personal Information when you visit or make a purchase from https://www.percalis.co.uk/ (the "Site") and interact with our services. We are fully committed to protecting your privacy and handling your data in a transparent manner, in strict accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

For our international customers, while this policy is drafted under UK data protection law, we endeavour to meet the mandatory consumer and data protection laws of your country of residence where such laws apply to our processing activities. If the mandatory consumer or data protection law in your country provides you with more extensive rights, those rights will generally prevail.

 

WHO WE ARE (DATA CONTROLLER)

 

Percalis is the Data Controller responsible for your Personal Information. This means we determine the purposes and means of the processing of your data.

 

PERSONAL INFORMATION WE COLLECT

 

We collect various types of Personal Information from and about you through different means:

 

A. INFORMATION YOU PROVIDE TO US DIRECTLY (ORDER INFORMATION) When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you. This includes:

  • Your full name
  • Billing address
  • Shipping address
  • Payment information (including credit card numbers, expiry dates, CVVs – though these are processed by our secure payment gateway and not stored directly by us)
  • Email address
  • Phone number

We refer to this information as “Order Information.”

 

B. INFORMATION COLLECTED AUTOMATICALLY (DEVICE INFORMATION) When you visit the Site, we automatically collect certain information about your device and your interaction with our Site. This includes:

  • Information about your web browser (e.g., Chrome, Firefox).
  • Your IP address.
  • Time zone.
  • Some of the cookies that are installed on your device.
  • Information about the individual web pages or products that you view.
  • What websites or search terms referred you to the Site.
  • Information about how you interact with the Site (e.g., clicks, scrolling, mouse-overs).

We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

  • Cookies: Data files placed on your device or computer, often including an anonymous unique identifier. We use a cookie consent management platform (CMP) to obtain and manage your consent for non-essential cookies. For detailed information about the specific cookies we use and how to manage your preferences, please refer to our Cookie Consent Tool [or Cookie Policy, if separate and linked from the CMP].
  • Log Files: Track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • Web Beacons, Tags, and Pixels: Electronic files used to record information about how you browse the Site and track the effectiveness of marketing campaigns.

 

HOW WE USE YOUR PERSONAL INFORMATION (PURPOSES AND LEGAL BASES)

We use your Personal Information only when we have a valid legal basis to do so under the UK GDPR. The purposes for which we process your data and the corresponding legal bases are:

 

A. PERFORMANCE OF A CONTRACT (GDPR Article 6(1)(b)) We process your Personal Information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This includes:

  • To fulfil any orders placed through the Site (processing payment, arranging shipping, providing invoices/order confirmations).
  • To manage your account, if you create one.
  • To communicate with you regarding your orders, deliveries, or returns.
  • To provide customer support related to your purchases or inquiries.

 

B. OUR LEGITIMATE INTERESTS (GDPR Article 6(1)(f)) We process your Personal Information where it is necessary for our legitimate interests (or those of a third party), provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:

  • Fraud Prevention and Security: To screen our orders for potential risk or fraud, particularly using your IP address and other Device Information. Our legitimate interest is to protect our business and customers from fraudulent activity and ensure a secure environment.
  • Site Improvement and Optimisation: To understand how our customers browse and interact with the Site (e.g., through analytics) and to assess the success of our marketing and advertising campaigns. Our legitimate interest is to continuously improve our Site, products, and services to provide a better user experience and grow our business.
  • General Business Operations: For internal record keeping, analysis, and management of our business, including product development and operational efficiency.
  • Protecting Our Rights: To establish, exercise, or defend our legal rights, or to respond to legal claims.

 

C. YOUR CONSENT (GDPR Article 6(1)(a)) We process your Personal Information based on your explicit consent, which you provide through our cookie consent mechanism or other opt-in forms. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. This legal basis is typically used for:

  • Marketing Communications: Sending you promotional emails, newsletters, and special offers about our products or services (where you have explicitly opted in).
  • Non-Essential Cookies & Tracking Technologies: Collecting Device Information for analytics, personalisation, and targeted advertising (via cookies and similar technologies) where not strictly necessary for the Site's function.
  • Behavioural Advertising: Providing you with targeted advertisements or marketing communications we believe may be of interest to you, based on your online activity.

 

D. COMPLIANCE WITH A LEGAL OBLIGATION (GDPR Article 6(1)(c)) We process your Personal Information where it is necessary for compliance with a legal obligation to which we are subject. This includes:

  • To comply with applicable laws, regulations, or court orders (e.g., tax laws, consumer protection laws, anti-money laundering regulations).
  • To respond to a subpoena, search warrant, or other lawful request for information we receive from public or governmental authorities.

 

WHO WE SHARE YOUR PERSONAL INFORMATION WITH (RECIPIENTS)

 

We share your Personal Information with third-party service providers who assist us in operating our business and providing our services. These third parties act as "Data Processors" on our behalf and are legally bound by contract to protect your data and only process it according to our instructions.

 

Categories of recipients include:

  • E-commerce Platform Provider: Shopify, which powers our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
  • Payment Processors: Such as Stripe, PayPal, or other third-party payment gateways, to securely process your payments. We do not store full credit card details on our servers.
  • Shipping & Logistics Providers: To deliver your orders (e.g., Royal Mail, DHL, FedEx, etc.).
  • Analytics Providers: Such as Google Analytics, to help us understand how our customers use the Site. You can read more about Google's privacy practices here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
  • Marketing & Advertising Partners: Such as Facebook, Google Ads, or other advertising networks, to provide targeted advertisements and manage our marketing campaigns (only with your consent where required).
  • IT & System Providers: For hosting, maintenance, and technical support of our Site and systems.
  • Professional Advisors: Such as lawyers, accountants, or consultants, where necessary for legal, financial, or business advice.
  • Law Enforcement & Public Authorities: Where legally required or necessary to protect our rights, property, or safety, or that of others.

 

INTERNATIONAL DATA TRANSFERS

 

Your Personal Information may be transferred to, and stored at, a destination outside the United Kingdom and the European Economic Area (EEA), where data protection laws may differ from those in the UK/EEA. This includes transfers to countries like Canada and the United States, where some of our third-party service providers (e.g., Shopify, Google) are located or have servers.

When we transfer your Personal Information internationally, we implement robust safeguards to ensure that your data receives an adequate level of protection, in compliance with UK GDPR. These safeguards include:

  • Adequacy Decisions: Transferring data to countries deemed by the UK government (or the European Commission for EEA data) to provide an adequate level of protection for personal data (e.g., Canada).
  • Standard Contractual Clauses (SCCs): Utilising the latest Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or the European Commission, which contractually oblige the recipient to protect your personal data to UK/EU GDPR standards.
  • EU-US Data Privacy Framework: For transfers to certified organisations in the United States, relying on their certification under the EU-US Data Privacy Framework where applicable.

By using our Site and services, you acknowledge that your Personal Information may be transferred to these third countries under the aforementioned safeguards.

 

COOKIES AND SIMILAR TECHNOLOGIES

 

Our Site uses cookies and similar tracking technologies. We provide a dedicated cookie consent mechanism (often appearing as a banner or pop-up) that allows you to manage your preferences.

  • Required Cookies: These are essential for the basic functionality of our website and cannot be switched off in our systems. They enable core functions like secure login, adding items to your cart, and processing your checkout.
  • Non-Essential Cookies: These include cookies for personalisation, marketing, and analytics. We will only use these if you provide your explicit consent via our cookie consent tool. You have full control to accept all, decline all, or manage your preferences for these categories.

For detailed information about the specific cookies we use, their purposes, and their duration, please click "Manage Preferences" on our cookie consent banner.

 

YOUR DATA PROTECTION RIGHTS

 

Under the UK GDPR (and similar international laws), if you are a resident in the UK or European Union/EEA, you have significant rights regarding your Personal Information. These include:

  • The Right to Be Informed: To receive clear and transparent information about how we process your Personal Information (which this Privacy Policy aims to do).
  • The Right of Access: To request copies of your Personal Information that we hold about you.
  • The Right to Rectification: To request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure ('Right to be Forgotten'): To request that we erase your Personal Information, under certain conditions (e.g., data no longer necessary for the purposes for which it was collected, withdrawal of consent).
  • The Right to Restrict Processing: To request that we restrict the processing of your Personal Information, under certain conditions (e.g., if you contest the accuracy of the data).
  • The Right to Object to Processing: To object to our processing of your Personal Information, under certain conditions (e.g., processing based on legitimate interests or for direct marketing purposes).
  • The Right to Data Portability: To request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions (where processing is based on consent or a contract and carried out by automated means).
  • The Right to Withdraw Consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request without undue delay and in accordance with applicable data protection laws (usually within one month).

 

RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY

 

You have the right to lodge a complaint with a supervisory authority regarding our processing of your Personal Information.

 

  • In the UK, this is the Information Commissioner's Office (ICO). Their website is www.ico.org.uk.
  • For residents of the European Union/EEA, you can contact your local data protection authority.

 

DATA RETENTION

 

We will retain your Personal Information only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

 

  • Order Information: Generally kept for a minimum of 6 years after the transaction date due to tax and consumer law obligations.
  • Marketing Data: Retained for as long as you remain subscribed to our marketing communications or for a period consistent with your preferences, typically reviewed periodically.
  • Device Information/Analytics Data: Retained according to the settings of our analytics tools and your consent preferences, typically in an aggregated or pseudonymised form after a certain period.

We will securely delete or anonymise your Personal Information once it is no longer required for these purposes.

 

MINORS

 

The Site is not intended for individuals under the age of 16 years old. We do not knowingly collect Personal Information from children under 16. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us immediately, and we will take steps to remove that information and terminate the child's account.

 

CHANGES TO THIS PRIVACY POLICY

 

We may update this Privacy Policy from time to time to reflect, for example, changes to our practices, or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "LAST UPDATED" date. We encourage you to review this Privacy Policy periodically.

 

CONTACT US

 

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact our Data Protection Point of Contact by e-mail at: contact@percalis.co.uk