Polityka prywatności
Effective date: 24 February 2026
Last updated: 24 February 2026
Contents
- Scope
- Who We Are (Data Controller)
- Personal Data We Collect
- How We Use Personal Data
- Legal Bases for Processing
- Shopify Platform
- Payment Providers
- Marketing Communications (Klaviyo)
- Cookies, Analytics & Advertising
- AI Tools
- Data Sharing
- International Transfers
- Data Retention
- Security
- Automated Decision-Making
- Your Rights
- Children
- Changes to This Policy
Vintage Wholesale Supply Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting personal data collected through our website and services.
This Privacy Policy explains how we collect, use, share, store, and protect personal data when you visit our website, register an account, place orders, interact with our marketing, or contact us.
B2B and B2C Scope
Our services are provided to both business customers (B2B) and individual customers (B2C), including sole traders, resellers, and individuals who have not yet registered a company. We may process personal data relating to individuals acting on behalf of a business as well as individuals acting in their personal capacity.
For the purposes of UK GDPR, personal data relating to sole traders and individuals acting on behalf of a business is treated as personal data.
1. Who We Are (Data Controller)
Vintage Wholesale Supply Ltd is the data controller for personal data processed under this policy.
| Firma | Vintage Wholesale Supply Ltd |
|---|---|
| Company number | 14388171 |
| Registered office address | Osbaston House Farm, Lount Road, Nuneaton, England, CV13 0HR |
| support@vintagewholesalesupply.com |
2. Scope
This Privacy Policy applies to:
- Website visitors
- Registered account holders
- Buyers placing orders or enquiries
- Marketing subscribers
- Individuals who communicate with us
It does not apply to third-party websites or services linked from our website.
3. Personal Data We Collect
We may collect the following categories of personal data:
| Category | Examples |
|---|---|
| Identity data | Name, company name, VAT number (where applicable) |
| Contact data | Billing address, shipping address, email address, phone number |
| Transaction data | Order details, order history, returns, refunds, delivery details |
| Financial data | Payment confirmations, transaction references (we do not store full card details) |
| Communications data | Messages sent to us, customer support requests, complaints, dispute communications |
| Technical data | IP address, device identifiers, browser type, operating system |
| Usage data | Pages viewed, interactions, time spent on pages, referral sources |
| Marketing & preference data | Email preferences, consent status, campaign interactions |
4. How We Use Personal Data
We use personal data to:
- Manage accounts and provide access to our services
- Process and fulfil orders, including delivery and returns
- Provide customer support and respond to enquiries
- Manage payments, refunds, disputes, chargebacks and claims
- Prevent fraud, protect website security, and reduce abuse
- Comply with legal and regulatory obligations
- Protect and enforce our legal rights
- Improve our website, services, and customer experience
- Send marketing communications where permitted
5. Legal Bases for Processing
We rely on the following legal bases under UK GDPR:
| Purpose | Legal basis |
|---|---|
| Order fulfilment, delivery, returns, refunds | Contract |
| Account management and customer service | Contract / Legitimate interests |
| Accounting, tax, statutory record-keeping | Legal obligation |
| Fraud prevention, security, dispute/chargeback handling | Legitimate interests / Legal obligation (where applicable) |
| Marketing emails (existing customers) | Legitimate interests (soft opt-in under PECR) |
| Marketing emails (new subscribers) | Consent |
| Website analytics and advertising measurement | Legitimate interests / Consent where required (via cookie banner/settings) |
6. Shopify Platform
Our store is hosted on Shopify Inc., which provides the e-commerce platform that allows us to sell our products and services. Your data may be stored through Shopify’s data storage, databases and general Shopify applications. Shopify stores data on secure servers behind a firewall.
7. Payment Providers
Payments are processed by third-party providers (for example, Shopify Payments and its supported processors, Stripe, PayPal, or Klarna where available). We do not store full card details. Payment providers process personal data in accordance with their own privacy policies.
8. Marketing Communications (Klaviyo)
We use Klaviyo to manage email marketing communications. We may send marketing communications to customers who have purchased from us (where permitted under PECR) and to individuals who have opted in to receive marketing. You can unsubscribe at any time using the unsubscribe link in our emails or by contacting us.
9. Analytics & Advertising Technologies
We use cookies, pixels and similar technologies for analytics and advertising measurement, including:
- Google Analytics
- Meta Pixel
- TikTok Pixel
- Shopify Analytics
These technologies may be used to measure and improve website performance, understand user interactions, and measure advertising effectiveness. Where required, we only enable non-essential cookies and pixels if you give opt-in consent via our cookie banner/settings.
10. AI Tools
We may use automated tools to help manage customer enquiries and operational workflows (for example, an AI support agent). Where used, these tools are intended to assist our team and improve response times. We apply appropriate safeguards and access controls.
11. Data Sharing
We may share personal data with trusted third parties, including:
- Payment processors and checkout providers
- Delivery, courier and logistics partners
- IT and hosting providers (including Shopify and related apps)
- Email marketing platforms (including Klaviyo)
- Analytics and advertising partners (where enabled and consented)
- Professional advisers (e.g. accountants, solicitors, insurers)
- Authorities or regulators where required by law
We do not sell personal data.
12. International Transfers
Some service providers may process data outside the UK. Where data is transferred internationally, we apply appropriate safeguards in accordance with UK GDPR, such as standard contractual clauses or other lawful mechanisms.
13. Data Retention
We retain personal data only for as long as necessary for contractual, legal and business purposes, including statutory retention requirements.
14. Security
We apply appropriate technical and organisational security measures to protect personal data. However, no system can be guaranteed to be completely secure.
15. Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.
16. Your Rights
You may have rights to:
- Access your personal data
- Correct inaccurate personal data
- Request deletion (in certain circumstances)
- Restrict processing (in certain circumstances)
- Object to processing (in certain circumstances)
- Withdraw consent (where processing is based on consent)
Requests can be made by contacting us using the details above. We may need to verify your identity before responding. We will respond within one month in accordance with UK GDPR.
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
17. Children
Our services are not intended for children and we do not knowingly collect personal data from children.
18. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website.