Privacy Policy

Introduction

Xtron Bikewear Limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal information when you visit our website xtronbikewear.co.uk or make a purchase from us.

We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

Who We Are (Data Controller)

For the purposes of UK data protection law, the data controller is:

For any privacy-related questions, please contact us via our Contact page.

Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide to us

• Identity data: first name, last name, title
• Contact data: billing address, delivery address, email address, telephone number
• Account data: username, password, account preferences
• Transaction data: details of products you have purchased and order history
• Communications data: emails, customer service enquiries, reviews and feedback
• Marketing preferences: your choices about receiving marketing communications

Information we collect automatically

• Technical data: IP address, browser type and version, time-zone setting, device type, operating system
• Usage data: pages visited, products viewed, time spent on the site, referring URLs
• Cookies and similar technologies: see our Cookies section below

Payment information

We do not store your full payment card details on our servers. All payments are processed securely by our PCI-DSS compliant payment partners (such as Stripe, PayPal or our payment gateway provider). We only receive a confirmation that payment has been successful.

How We Use Your Personal Data

We use your personal data only where the law allows us to. Most commonly, we will use your data in the following circumstances:

• To process and deliver your order — including managing payments, delivery and refunds (Legal basis: performance of a contract)
• To manage your account — registration, login, password reset, order history (Legal basis: performance of a contract)
• To provide customer service — responding to enquiries, complaints and returns (Legal basis: legitimate interests)
• To send marketing communications — promotional emails, special offers and product updates, where you have opted in (Legal basis: consent)
• To improve our website and services — site analytics, user experience testing (Legal basis: legitimate interests)
• To prevent fraud and ensure security — identity verification, suspicious activity monitoring (Legal basis: legitimate interests and legal obligation)
• To comply with legal obligations — tax, accounting and consumer protection law (Legal basis: legal obligation)

Who We Share Your Data With

We never sell your personal data. We share it only with trusted third parties who help us operate our business, and only to the extent necessary. These include:

• Payment processors — e.g. Stripe, PayPal — to process your transactions
• Delivery couriers — e.g. Royal Mail, DPD, Evri — to deliver your order
• IT and hosting providers — to keep our website running securely
• Email service providers — to send order confirmations and (where opted in) marketing emails
• Analytics providers — e.g. Google Analytics — to understand how our site is used
• Review platforms — e.g. Trustpilot — if you choose to leave a review
• Professional advisers — accountants, auditors, lawyers, where necessary
• Government bodies and regulators — where legally required

All third parties are contractually required to keep your data secure, use it only for the purposes we instruct, and treat it in accordance with UK data protection law.

International Transfers

Some of our service providers (for example, certain analytics or email tools) may transfer your data outside the United Kingdom. Where this happens, we ensure an adequate level of protection by relying on:

• UK adequacy regulations or European Commission adequacy decisions, or
• Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO), or
• Other lawful safeguards under UK GDPR

How Long We Keep Your Data

We only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including legal, accounting or reporting requirements.

• Customer accounts: for as long as your account remains active, plus a reasonable period after closure
• Order and transaction records: 6 years after the order date (HMRC requirement)
• Marketing data: until you unsubscribe, then removed from active marketing lists
• Customer service correspondence: typically up to 3 years after the last contact
• Website analytics: in line with our analytics provider’s default retention (usually up to 26 months)

Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

• Right to be informed — about how we collect and use your data (this policy)
• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to have inaccurate or incomplete data corrected
• Right to erasure — to ask us to delete your data (the “right to be forgotten”) where there is no good reason for us to continue processing it
• Right to restrict processing — to ask us to suspend processing in certain circumstances
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — particularly to direct marketing or processing based on legitimate interests
• Rights related to automated decision-making — we do not currently use any solely automated decision-making

To exercise any of these rights, please contact us. We will respond within one calendar month. There is normally no fee, although we may charge a reasonable fee or refuse a request that is clearly unfounded or excessive.

Marketing Communications

We will only send you marketing emails if you have opted in. You can withdraw your consent at any time by:

• Clicking the “unsubscribe” link at the bottom of any marketing email
• Updating your preferences in your account settings
• Contacting us directly

Please note that even if you opt out of marketing, we will still send you essential service emails such as order confirmations, shipping updates and account notifications.

Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse site traffic, and personalise content. Cookies fall into the following categories:

• Strictly necessary cookies — required for the site to function (e.g. shopping cart, login)
• Performance cookies — help us understand how visitors use our site
• Functional cookies — remember your preferences and choices
• Marketing cookies — used to deliver relevant adverts and measure their performance

You can control cookies through your browser settings or via our cookie consent banner. Disabling certain cookies may affect how the site works for you.

How We Protect Your Data

We take the security of your personal data seriously. We have put in place appropriate technical and organisational measures to prevent it from being accidentally lost, used or accessed in an unauthorised way, including:

• SSL/TLS encryption on all pages where personal data is entered
• Secure, password-protected systems with restricted access
• PCI-DSS compliant payment processing
• Regular software updates and security monitoring
• Staff training on data protection responsibilities

In the unlikely event of a personal data breach, we will notify you and the Information Commissioner’s Office where legally required to do so.

Children’s Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Third-Party Websites

Our website may contain links to other websites operated by third parties. This Privacy Policy applies only to xtronbikewear.co.uk. We are not responsible for the privacy practices of any third-party websites and encourage you to read their own privacy policies before providing any personal data.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational or regulatory reasons. The “Last updated” date at the top of this page indicates when it was most recently revised. We encourage you to review this page periodically.

Complaints & Contact

If you have any questions, concerns or complaints about how we handle your personal data, please contact us first — we’ll do everything we can to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), the supervisory authority for data protection issues in the UK:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk