1. Who we are
Retail Refrigeration Direct (“we”, “us”, “our”) is a UK e-commerce business selling commercial refrigeration equipment. We are the data controller for the personal data we collect from you. You can contact us at hello@retailrefrigerationdirect.co.uk.
2. What data we collect
We collect the following personal data when you use our website:
- Account data: your name, email address, and password (stored securely via Supabase Auth).
- Order data: your delivery address, order items, and payment reference — stored within Stripe.
- Usage data: pages visited, browser type, and device information — collected anonymously via Google Analytics 4.
We do not store payment card details. All payment processing is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor.
3. How we use your data
We use your personal data to:
- Create and manage your account.
- Process and fulfil your orders.
- Send order confirmation emails with VAT breakdown.
- Respond to enquiries and support requests.
- Understand how the site is used and improve our service (via anonymised analytics).
4. Legal basis for processing
We process your personal data under the following legal bases:
- Contract performance: to fulfil orders you have placed with us.
- Legitimate interests: to operate, maintain, and improve our business.
- Consent: for analytics cookies where you have provided consent.
- Legal obligation: to maintain VAT records as required by HMRC.
5. Data sharing
We share your personal data with the following third parties only to the extent necessary:
- Stripe, Inc.: payment processing and order storage.
- Supabase: account authentication and user database.
- Resend: transactional email delivery.
- Our suppliers: your delivery address and order details, to fulfil your order.
- Google: anonymised analytics data via Google Analytics 4.
- Vercel: website hosting and infrastructure.
We do not sell your personal data to any third party.
6. Data retention
We retain your account data for as long as your account is active or as needed to provide services. Order data held within Stripe is retained in accordance with Stripe's data retention policies. We retain VAT records for a minimum of six years as required by HMRC.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (subject to legal obligations).
- Object to or restrict processing.
- Data portability.
- Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, contact us at hello@retailrefrigerationdirect.co.uk.
8. Cookies
We use cookies for analytics and to maintain your session. Please see our Cookie Policy for full details.
9. Changes to this policy
We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of the site following any changes constitutes acceptance of the updated policy.