Privacy policy

 Privacy Policy 

Last updated: 22/07/2025 

This Privacy Policy outlines how KANDY APPAREL UK LIMITED collects, uses, stores, and protects your personal data when you visit our website or interact with us. 

This policy is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). 

 

1. Who We Are 

KANDY APPAREL UK LIMITED 
 Company number: 15574159 
 Registered office: Gables House, 62 Kenilworth Road, Leamington Spa, CV32 6JX, United Kingdom 
 Incorporated in England and Wales 

Data Controller Contact: 
 Email: [Insert Contact Email] 
 Phone: [Insert Number, optional] 

 

2. What Personal Data We Collect 

We may collect and process the following personal information: 

  • Identity DataFull name, date of birth (if applicable) 

  • Contact DataEmail address, phone number, billing and shipping address 

  • Transaction DataPurchase history, payment method (no card details), order fulfilment records 

  • Technical Data – IP address, browser type, device ID, time zone, cookie data 

  • Usage DataClickstream data, interaction history, page views 

  • Marketing DataYour communication preferences and opt-in/out choices 

We do not collect or store any credit/debit card details. Payments are processed via secure third-party platforms (e.g., Shopify Payments, Stripe, PayPal). 

 

3. How we use your data 

  • We only process your personal data where there is a lawful basis to do so under the UK GDPR. This includes: 

  • To fulfil your orders and provide customer support 
     Legal basis: Contractual obligation 
     We use your data to process purchases, arrange delivery, manage returns, and respond to customer service enquiries. 

  • To detect and prevent fraud or misuse of our services 
     Legal basis: Legitimate interest / Legal obligation 
     We may use personal and technical data to identify suspicious behaviour, block fraudulent transactions, and protect our customers and business. 

  • To comply with legal, regulatory, and tax obligations 
     Legal basis: Legal obligation 
     We retain and process certain data to comply with requirements from HMRC and other authorities. 

  • To send you marketing communications 
     Legal basis: Consent or soft opt-in under PECR 
     With your consent, or where you are an existing customer, we may send relevant updates, offers, or product news. You can opt out at any time. 

  • To improve our website, products, and services 
     Legal basis: Legitimate interest 
     We analyse usage data to better understand user behaviour, improve functionality, and enhance your shopping experience. 

  •  

 

4. Fraud Prevention & Abuse Monitoring 

To protect our business and customers, we may use automated and manual systems to detect: 

  • Fake orders 

  • Return abuse or refund scams 

  • Suspicious account behaviour 

  • Chargeback fraud 

We may share relevant personal data with: 

  • Fraud prevention services 

  • Payment gateways 

  • Law enforcement agencies (where required) 

We reserve the right to cancel or block transactions that fail fraud screening. 

 

5. Identity Verification & Repeat Abuse 

In the case of suspicious behaviour or multiple claims, we reserve the right to request: 

  • Proof of identity (e.g., photo ID, address verification) 

  • Additional documentation for returns or refund claims 

Repeated or abusive behaviour may result in account restrictions, order cancellation, or refusal of service. 

 

6. Sharing Your Information 

We only share your data with third parties when necessary and under lawful processing agreements. These may include: 

  • Payment processors (e.g., Shopify Payments, PayPal, Stripe) 

  • Delivery couriers (e.g., Royal Mail, DPD, Evri) 

  • Customer service platforms 

  • Analytics and advertising services (e.g., Google Analytics, Meta Ads) 

  • Professional advisors and legal/regulatory authorities, where required 

We never sell your data. 

 

7. International Transfers 

Some of our third-party service providers operate outside the UK. When your data is transferred internationally, we ensure safeguards are in place such as: 

  • The UK government’s adequacy decisions 

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO) 

These measures ensure your data remains protected to UK standards. 

 

8. Data Security 

We implement appropriate security measures, including: 

  • SSL encryption 

  • Encrypted data storage 

  • Access control for internal systems 

  • Staff confidentiality agreements 

  • Regular security audits 

While we take every reasonable step, no system is completely immune to breaches. You are responsible for safeguarding your login information. 

 

9. Your Responsibilities 

You must keep your login credentials confidential. If you suspect your account has been compromised, contact us immediately. 

We are not liable for unauthorised access caused by your failure to secure your account. 

 

10. Data Retention 

We retain your personal data only for as long as necessary to: 

  • Complete your transactions 

  • Meet legal, tax, and accounting obligations 

  • Defend against legal or fraudulent claims 

Typically, transaction-related data is stored for 6 years to comply with HMRC requirements. 

 

11. Your Rights Under UK GDPR 

You have the right to: 

  • Request access to your personal data 

  • Correct or update inaccurate data 

  • Request erasure of your data (“right to be forgotten”) 

  • Restrict or object to processing 

  • Withdraw consent at any time (where consent is the basis for processing) 

  • Lodge a complaint with the ICO (Information Commissioner’s Office) 

To exercise these rights, please contact us at [Insert Contact Email]. 

 

12. Marketing Communications 

You will only receive promotional emails or messages if: 

  • You have opted in 

  • You are an existing customer (soft opt-in under PECR) 

You may unsubscribe at any time by clicking the unsubscribe link in emails or contacting us directly. 

We do not send unsolicited marketing or share your data with third parties for their marketing. 

 

13. Cookies & Tracking Technologies 

Our site uses cookies and tracking technologies for: 

  • Core website functionality 

  • Analytics (e.g., Google Analytics) 

  • Personalised advertising (e.g., Facebook Pixel, TikTok Pixel) 

These tools may collect anonymised or pseudonymised data to understand your preferences. 

You can manage or block cookies through your browser settings or refer to our separate [Cookie Policy]. 

 

14. Automated Decision-Making 

We use automated decision-making only for: 

  • Fraud detection 

  • Payment risk assessment 

No decisions with legal or significant effect on you are made without human involvement. 

If your transaction is declined or flagged, you may request a manual review by contacting us. 

 

15. Children's Privacy 

We do not knowingly collect or process data from anyone under the age of 16. If we learn that we have collected such data, it will be deleted promptly. 

 

16. Employee & Vendor Access Controls 

Access to personal data is limited to authorised employees, contractors, and service providers. All parties must agree to confidentiality obligations and undergo access control reviews. 

 

17. Changes to This Policy 

We may update this Privacy Policy from time to time to reflect changes in the law or our operations. Updates will be posted on this page with a newlast updateddate. 

 

18. Contact Us 

If you have questions about this policy or your rights, contact: 

KANDY APPAREL UK LIMITED 
 Email: [Insert Contact Email] 
 Registered Office: Gables House, 62 Kenilworth Road, Leamington Spa, CV32 6JX, United Kingdom 
 Company Number: 15574159