Log in

Cart

Your cart is currently empty.

Continue shopping
Total
£0.00

UK GDPR

1. Scope

This policy applies to the processing of personal data of UK and EU users.

It covers providing services or goods to UK or EU users, or monitoring their behavior, even if the data processing occurs outside the EU.

Applies to both electronic and structured paper-based data storage.

Processing in purely personal or household contexts is not covered.

2. Basic Principles

All personal data processing activities shall adhere to the following principles:

  • Lawful, Transparent, and Fair: Ensure data processing complies with legal requirements and users clearly understand the process.

  • Purpose Limitation: Data is used only for providing services or fulfilling legal obligations.

  • Data Minimization and Accuracy: Only necessary personal data is collected and maintained accurately.

  • Limited Storage Duration: Data is retained only for as long as necessary to fulfill its purpose.

  • Data Security and Confidentiality: Appropriate technical and administrative measures are taken to prevent unauthorized access or data breaches.

3. User Rights

Under UK GDPR, users have the following rights:

  • Right to be informed, access, and correct their data.

  • Right to deletion (“right to be forgotten”): Users may request deletion of personal data where applicable.

  • Right to restrict processing and object to certain processing activities.

  • Right to data portability: Users can obtain their personal data and transfer it to another service provider.

  • Right to withdraw consent: Users may withdraw previously given consent without violating legal requirements.

For users under 16, parental or guardian authorization is required for data processing.

4. Obligations of Third-Party Processors

Third parties cooperating with us (e.g., logistics, customer service, hosting providers) must:

  • Process data according to written instructions.

  • Implement appropriate technical and security measures.

  • Assist in responding to user data requests.

  • Report any data breach incidents promptly.

  • Maintain records of data processing activities.

  • Appoint a Data Protection Officer (DPO) and report to the ICO (Information Commissioner’s Office, UK) if necessary.

5. Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we ensure protection through:

  • Adequacy decisions by the UK government.

  • Standard Contractual Clauses (SCC).

  • Supplementary measures such as encryption and access control to ensure data security.

6. Supervision and Penalties

The UK Information Commissioner’s Office (ICO) may inspect, suspend, or prohibit data processing activities that violate data protection regulations and impose fines up to £20 million or 4% of global annual turnover (whichever is higher).

7. Compliance Measures

We commit to:

  • Ensuring users maintain control over their personal data.

  • Providing transparent and responsible data processing practices.

  • Implementing technical and organizational measures to reduce privacy risks and ensure data security.

8. Contact Information

If you have any questions regarding this privacy policy or wish to exercise your rights, please contact us:

Address: 1380 N MERION WAY #101, FAYETTEVILLE, AR 72704-6413, US

Phone: +1 (781) 698-8264

Email: vente@sofetra.com

Business Hours: Monday to Friday 9:00–12:30 / 14:00–18:00 (CET)

9. UK GDPR Article 27 Representative

We have appointed a UK representative specifically to handle requests related to data access, correction, or deletion.