Privacy Policy

Introduction

At MaxFix Store we respect your privacy and we're committed to protect your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit maxfixstore.co.uk, place an order, or interact with our services. We comply with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018

Please read this policy carefully.

Information We Collect

How We Use Your Information

We use the personal data we collect for the following purposes:

• To process and fulfil your orders, including payment processing, delivery coordination, and order confirmation.
• To communicate with you regarding your purchases, delivery updates, returns, and customer service enquiries.
• To verify transactions, detect and prevent fraud, and protect our business and customers from unauthorised or suspicious activity.
• To manage your account (if applicable), including login access and order history.
• To improve our website, products, and customer experience through analytics and performance monitoring.
• To send marketing communications where you have provided consent. You may withdraw your consent at any time.
• To comply with legal, regulatory, tax, and accounting obligations.

We only process your personal data where we have a valid legal basis under UK data protection law.

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or disclosure.

• Secure Socket Layer (SSL) encryption across our website
• Secure hosting infrastructure with restricted access controls
• Encrypted payment processing via PCI-compliant providers
• Limited access to personal data on a need-to-know basis
• Monitoring systems designed to detect suspicious or fraudulent activity

While we implement reasonable safeguards in line with industry standards, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to continually improving our data protection practices.

Your Privacy Rights (UK GDPR)

Under UK data protection law, you have the following rights in relation to your personal data:

• The right to access the personal data we hold about you.
• The right to request correction of inaccurate or incomplete information.
• The right to request deletion of your personal data where there is no lawful reason for us to continue processing it.
• The right to object to certain types of processing, including direct marketing.
• The right to request restriction of processing in certain circumstances.
• The right to data portability, allowing you to receive your data in a structured, commonly used, machine-readable format.
• The right to withdraw consent at any time where processing is based on your consent.
• The right to opt out of marketing communications at any time.

To exercise any of these rights, please contact us at [email protected]. We may request verification of your identity before processing your request.

We will respond to valid requests within one month, in accordance with UK data protection law. In certain complex cases, this period may be extended where permitted by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Cookies

We use cookies and similar technologies to ensure our website functions properly, improve performance, analyse traffic, and enhance your browsing experience.

Cookies may include:

• Essential cookies – required for core website functionality, such as secure checkout and session management.
• Analytics cookies – used to understand how visitors interact with our website and improve performance.
• Marketing cookies – used to deliver relevant advertising and measure campaign effectiveness (where applicable).

Non-essential cookies are only placed with your consent via our cookie banner. You may withdraw or modify your consent at any time through our cookie settings.

You can also control cookies through your browser settings; however, disabling certain cookies may affect website functionality, including the checkout process.

Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases to process your personal data:

• Contract: Where processing is necessary to perform a contract with you, including order processing, payment handling, delivery coordination, and after-sales support.
• Legal Obligation: Where processing is required to comply with UK laws and regulations, including tax, accounting, and consumer protection obligations.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as fraud prevention, website security, service improvement, and customer support, provided these interests are not overridden by your rights and freedoms.
• Consent: Where you have given clear consent, such as for receiving marketing communications or accepting non-essential cookies. You may withdraw consent at any time.

Where we rely on legitimate interests, we ensure that appropriate balancing assessments are carried out in accordance with UK data protection law.

Information Sharing & International Transfers

We may share your personal data with trusted third-party service providers who assist us in operating our business and delivering our services. These may include:

• Payment processors (such as Stripe) to securely process payments.
• Courier and delivery providers (such as Royal Mail and DPD) to fulfil and deliver your orders.
• Hosting and infrastructure providers (such as DigitalOcean) to operate and secure our website.
• Email and communication providers to send order updates and customer service communications.
• Analytics providers (such as Google Analytics) to help us understand website usage and improve performance.
• Professional advisers including legal, accounting, and regulatory consultants where necessary.

We only share personal data that is necessary for the relevant service provider to perform their functions. We require all third parties to respect the security of your personal data and to process it in accordance with applicable data protection laws.

International Transfers

Some of our service providers may process personal data outside the United Kingdom, including but not limited to the United States and the European Economic Area (EEA).

Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK data protection law. These safeguards may include:

• Transfers to countries recognised by the UK Government as providing an adequate level of data protection.
• The use of the UK International Data Transfer Agreement (IDTA).
• The UK Addendum to the EU Standard Contractual Clauses (SCCs).
• Other legally approved transfer mechanisms where appropriate.

You may contact us at [email protected] if you would like further information about the safeguards we apply or a current list of our data processors.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, tax, and reporting requirements.

• Order and transaction data: Typically retained for up to 7 years in accordance with UK tax and accounting obligations.
• Customer account data: Retained while your account remains active. If you request account deletion, we will remove or anonymise personal data where legally permitted.
• Marketing data: Retained until you withdraw your consent or unsubscribe from communications.
• Fraud prevention and security records: Retained as necessary to protect our business and customers from unauthorised or fraudulent activity.

Where personal data is no longer required, we will securely delete or anonymise it in accordance with applicable data protection laws.

Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from anyone under 18 years of age.

If we become aware that we have inadvertently collected personal data from a minor, we will take appropriate steps to delete such information promptly. If you believe that a child has provided us with personal data, please contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services.

When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, provide additional notice.

Where required by law, we will seek your consent before implementing changes that affect how we process your personal data.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details below: