Data Protection Policy
1. Introduction
Beach Towel Clips Ltd (“we”, “our”, “us”) is committed to protecting the personal data we process and ensuring it is handled securely and responsibly.
This Data Protection Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope
This policy applies to:
All personal data processed by Beach Towel Clips Ltd
All employees, contractors, and third parties acting on our behalf
All systems used to collect, store, or process personal data
3. Data Protection Principles
We adhere to the following principles:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
4. Types of Personal Data We Process
We may collect and process:
Customer Data
Name
Email address
Phone number
Billing and delivery address
Order and transaction details
Website Data
IP address
Browser type
Pages visited and usage data
Cookie-related data
Communications
Customer enquiries and support requests
We do not intentionally collect sensitive personal data.
5. Lawful Basis for Processing
We process personal data under the following lawful bases:
Contract – to fulfil orders and provide services
Legal obligation – for tax and accounting requirements
Legitimate interests – to improve our website and services
Consent – for marketing communications (where applicable)
6. How We Use Personal Data
We use personal data to:
Process and deliver customer orders
Manage payments and transactions
Provide customer support
Improve website functionality and user experience
Send order updates and service communications
Comply with legal and regulatory obligations
7. Data Sharing
We do not sell personal data.
We may share data with:
Payment processors and eCommerce platforms
Delivery and courier services
IT and hosting providers
Professional advisers (e.g. accountants)
Authorities where required by law
All third parties are required to handle data securely and in compliance with UK GDPR.
8. International Data Transfers
Some of our service providers may process data outside the UK.
Where this occurs, we ensure appropriate safeguards are in place, such as:
UK adequacy decisions
Standard contractual clauses
9. Data Security
We implement appropriate measures to protect personal data, including:
Secure website and payment systems
Encryption where appropriate
Access controls and password protection
Regular monitoring of systems
While we take security seriously, no system can be completely secure.
10. Data Retention
We retain personal data only as long as necessary:
Order and financial records: up to 6 years
Customer enquiries: up to 12–24 months
Marketing data: until consent is withdrawn
Data is securely deleted or anonymised when no longer required.
11. Data Subject Rights
Under UK GDPR, individuals have the right to:
Access their personal data
Correct inaccurate data
Request deletion
Restrict processing
Object to processing
Request data portability
To exercise your rights, contact us using the details below.
12. Data Breaches
In the event of a data breach, we will:
Assess the severity and risk
Notify the Information Commissioner’s Office (ICO) where required
Inform affected individuals if necessary
We maintain procedures to detect and respond to breaches promptly.
13. Staff Responsibilities
All staff and contractors must:
Handle personal data responsibly
Follow this policy
Report any suspected data breaches immediately
14. Third-Party Processors
We ensure that all third-party processors:
Act only on our instructions
Have appropriate security measures
Comply with applicable data protection laws
15. Monitoring and Review
We regularly review this policy to ensure compliance with:
Legal requirements
Business operations
Technological developments
16. Contact Us
If you have any questions about this policy or your personal data, please contact:
Beach Towel Clips Ltd
[email protected]