Privacy Policy
This Privacy Policy explains how Electrical Wholesaler 365 UK Ltd (“we”, “us”, “our”), trading as electricalwholesaler.uk, collects and uses your personal data when you use our website, create an account, or place an order. We are the data controller responsible for your personal data under UK GDPR and the Data Protection Act 2018.
If you have any questions about this policy or how we use your data, please contact us.
1. Your Rights
You have the following rights over your personal data. To exercise any of them, contact us at [email protected] or via a support ticket.
| Right | What it means | Notes |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | We will respond within one month |
| Rectification | Ask us to correct inaccurate or incomplete data | You can update most account details directly in your profile |
| Erasure | Ask us to delete your personal data | We will delete what we can and explain what we are required to retain and why (e.g. invoices and transaction records required by HMRC — see section 7). We will respond within one month. |
| Portability | Receive your data in a structured, machine-readable format | Applies to data you provided, processed by automated means under consent or contract |
| Restriction | Ask us to limit how we use your data | Applies in specific circumstances, e.g. while accuracy is disputed |
| Object | Object to processing based on legitimate interests | We will stop unless we have compelling grounds to continue |
| Withdraw consent | Withdraw consent at any time where processing is consent-based | Does not affect the lawfulness of processing before withdrawal |
| Complaint | Lodge a complaint with the UK Information Commissioner’s Office (ICO) | ico.org.uk — we ask that you contact us first so we can try to resolve it |
2. What Personal Data We Collect
| Category | Data collected |
|---|---|
| Account data | Full name, email address, phone number, business name (optional), business registration number (optional) |
| Google sign-in data | Google account identifier, name, email address (when you register or sign in via Google) |
| Address data | Delivery addresses you add to your account |
| Order data | Items ordered, quantities, prices, order status, delivery details, order history, receipts and VAT invoices |
| Payment data | Transaction references and payment status. We do not store your card details — these are processed directly by our payment provider |
| Support data | Content of support tickets and communications between you and us |
| Marketing preferences | Whether you have opted in or out of marketing communications, and when |
| Cookie consent data | Your cookie preferences and consent choices (see our Cookie Policy) |
| Technical / security data | IP addresses recorded automatically in server logs for security purposes; approximate country inferred from your IP address at registration (only the country code is retained — see section 3.6) |
3. How and Why We Use Your Data
3.1 Fulfilling your order
What we do: Process your order, arrange delivery, handle returns and refunds, and issue receipts and VAT invoices. Receipts, invoices, and any credit notes are generated and sent to your email address via our payment provider.
Data used: Account data, address data, order data, payment data.
Legal basis: Performance of our agreement with you — necessary to process and fulfil your order.
3.2 Managing your account
What we do: Create and maintain your account, verify your email address, handle password resets, manage your address list and communication preferences.
Data used: Account data, Google sign-in data (where applicable), address data, marketing preferences.
Legal basis: Performance of our agreement with you — necessary to manage your account.
3.3 Transactional emails
What we do: Send order confirmations, shipping notifications, cancellation notices, and support ticket resolution emails. These emails are sent via Brevo from [email protected].
Data used: Name, email address, order data.
Legal basis: Performance of our agreement with you — necessary to keep you informed about your order.
Note: If you unsubscribe from transactional emails, you will no longer receive order confirmations, shipping notifications, or password reset emails. We strongly recommend keeping transactional emails active.
3.4 Marketing emails
What we do: Send you marketing communications about our products, promotions, and news, via Mailchimp. Your email address and name are synced with Mailchimp only if you opt in to marketing emails.
Data used: Name, email address, subscription status.
Legal basis: Your consent.
You can withdraw consent at any time via your profile page, by clicking “Unsubscribe” in any marketing email, or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
3.5 Website security and attack mitigation
What we do: Our web server automatically records IP addresses in security logs to detect and mitigate attacks, malicious bot activity, and other threats. These logs may be disclosed to law enforcement if required.
Data used: IP addresses. Logs are not linked to customer accounts or email addresses.
Retention: Logs are automatically deleted after 30 days.
Legal basis: Our legitimate interests in protecting the security of our systems and website visitors.
3.6 Country detection at registration
What we do: When you register, we use your approximate geographic location — inferred from your IP address via our content delivery and security provider — to pre-set your account region. This determines which market, pricing, and shipping options apply to your account. Only the resulting country code is stored; the raw IP address is not retained by us for this purpose. You can request a correction at any time via a support ticket.
Data used: IP address (processed to derive country code, then discarded); country code (stored on account).
Legal basis: Our legitimate interests in setting up your account accurately for the correct market, pricing, and shipping options. You have the right to object to this processing and request a correction at any time.
3.7 Website analytics
What we do: We use Google Analytics to measure website traffic and behaviour. Google Analytics is only loaded if you accept analytics cookies via our cookie consent banner.
Data used: Anonymised browsing data (if consented).
Legal basis: Your consent.
3.8 Cookie consent logging
What we do: We record your cookie consent choices to demonstrate compliance with our legal obligations. For signed-in users, we log your user ID, timestamp, choices made, and the version of the cookie banner shown. For anonymous visitors, we log an anonymous session identifier in place of a user ID.
Data used: User ID (signed-in) or anonymous session ID, timestamp, consent choices, banner/policy version.
Retention: 6 months by default.
Legal basis: Our legitimate interests in demonstrating compliance with our cookie consent obligations.
3.9 Live chat (Tawk.to)
What we do: Our website includes a live chat feature provided by Tawk.to. This feature only sets cookies and processes data if you accept Tawk.to’s cookies within the chat interface itself.
Legal basis: Your consent given within the Tawk.to interface.
3.10 Payment fraud detection
What we do: When you navigate to checkout, our payment provider (Stripe) collects device and browser signals to assess the risk of fraudulent transactions. Stripe loads only on the checkout page — it is not active when you are browsing the rest of the website.
Data used: Device identifiers, browser characteristics, and interaction patterns during the checkout process.
Legal basis: Our legitimate interests in preventing payment fraud and protecting customers from unauthorised use of their payment details.
3.11 Legal obligations and law enforcement
What we do: Retain data as required by UK law (e.g. financial and VAT records required by HMRC) and disclose data to law enforcement or regulatory authorities when legally required to do so.
Legal basis: Legal obligation — we are required by law to retain certain records and to cooperate with authorities when lawfully requested.
4. Who We Share Your Data With
We share your data with the following service providers, who act as processors under our instructions unless otherwise stated:
| Provider | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Stripe | Payment processing, fraud detection (checkout only), and financial document generation (receipts, invoices, credit notes) | USA | UK Addendum to EU SCCs |
| Brevo | Transactional emails | France (EU) | EU adequacy decision (valid to 2031) |
| Mailchimp (Intuit) | Marketing emails (opted-in users only) | USA | UK Addendum to EU SCCs |
| Analytics (if consented); Google Sign-In | USA | UK Addendum to EU SCCs | |
| Cloudflare | Content delivery, security, country detection | USA | UK Addendum to EU SCCs |
| Tawk.to | Live chat (if accepted in plugin) | USA | UK Addendum to EU SCCs |
| DigitalOcean | Website and data hosting infrastructure | UK (London) | No transfer — UK based |
| Royal Mail | Order dispatch and tracking | UK | No transfer — UK based |
Where we are legally required to disclose data (e.g. to HMRC, the Police, or the ICO), we will do so.
5. International Transfers
Some of our service providers are based in the United States. Where your data is transferred outside the UK, we ensure appropriate safeguards are in place. For US-based providers, we rely on the UK Addendum to the EU Standard Contractual Clauses as the transfer mechanism recognised by the UK Information Commissioner’s Office.
For EU-based providers (such as Brevo), data flows from the EU to the UK are covered by the EU adequacy decision for the UK, which was renewed in December 2025 and remains valid until 2031. Data flows from the UK to EU-based providers are permitted under UK adequacy regulations.
6. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. Our service providers are contractually required to apply equivalent standards.
Your card payment details are processed directly by our payment provider using encryption — we never see or store them.
No internet transmission is 100% secure. We can only protect data once we have received it.
7. Data Retention
We retain your data only for as long as necessary for the purpose it was collected, or as required by UK law.
| Data | Retention period |
|---|---|
| Security server logs (IP addresses) | 30 days — automatic deletion |
| Cookie consent logs | Up to 6 months — consent state expires after 6 months and you will be asked to confirm your preferences again |
| Marketing consent records | Up to 6 years from your last marketing interaction or withdrawal of consent — retained to demonstrate compliance and defend regulatory or legal claims |
| Marketing opt-out (suppression) | Email address and opt-out flag retained indefinitely to ensure you are not re-added to marketing lists |
| Account data — no orders placed | Up to 2 years from your last login or activity, then deleted. You may request earlier deletion at any time. |
| Account data — orders placed | Account profile retained for up to 6 years from your last order, in line with HMRC record-keeping requirements. You may request deletion of your account and marketing data at any time — order and invoice records required by HMRC will be retained for the remainder of the 6-year period even if your account is deleted. |
| Order and transaction records (invoices, receipts, VAT records) | 6 years from the end of the accounting period in which the transaction occurred — required by HMRC and UK company law |
| Support tickets — order or complaint related | Up to 6 years from resolution or last related order — to comply with consumer law and to defend legal claims |
| Support tickets — general enquiries (no order) | Up to 2 years from last contact, then deleted |
8. Marketing Communications
Marketing emails are sent via Mailchimp. You can opt in when registering or at any time via your profile page. You can opt out by:
- Clicking “Unsubscribe” in any marketing email
- Updating your preferences in your profile page
- Contacting us
Your marketing preferences are stored in your account. If you opted in, your name and email address are also held in Mailchimp; opting out removes you from Mailchimp. Opting out does not affect transactional emails (order confirmations, shipping notifications, etc.).
9. Transactional Emails
Transactional emails (order confirmations, shipping notifications, password resets, ticket resolutions) are sent via Brevo. These emails are part of our service to you and cannot be individually opted out of. You may unsubscribe from all emails via any transactional email, but doing so will also stop order confirmations, shipping notifications, and password reset emails from reaching you.
10. Cookies
For full details on the cookies we use and how to manage your preferences, see our Cookie Policy. Cookie preferences can be updated at any time via the cookie settings link in the footer of every page.
11. Changes to This Policy
We may update this policy from time to time. The current version is always available on this page with the “Last updated” date shown at the top. For significant changes that affect your rights, we will notify you by email where possible.
12. Contact Us
For questions about this policy, to exercise your rights, or to raise a concern:
Electrical Wholesaler 365 UK Ltd
34 – 36 Sydney Street, Aughnacloy, Co. Tyrone, BT69 6AE
Email: [email protected]
Phone: +44 (0)20 861 12712
Support tickets: /c/support-tickets
To complain to the UK Information Commissioner’s Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We ask that you contact us in the first instance so we can attempt to resolve your concern directly.