Privacy Policy
How ZwipKart protects your personal data under UK GDPR and the Data Protection Act 2018.
Introduction
ZwipKart Ltd is committed to protecting your privacy under the UK GDPR and Data Protection Act 2018. This Privacy Policy explains what data we collect, how we use it, and your rights as a data subject.
This policy applies to all users of the ZwipKart website and mobile app, whether customers, sellers, or visitors.
Data Controller
Company Number: 15545167
ICO Registration: C1907400
593F Atlas Road
Harrow, HA9 0JH
United Kingdom
Email: privacy@zwipkart.com
Phone: 07450 870864
ZwipKart Ltd (Company No. 15545167) is the Data Controller responsible for your personal data. If you have any questions or concerns about this Privacy Policy, please contact us at the details above.
Data We Collect
We collect various types of personal data to provide and improve our services:
Identity and Contact Data
- Name and title
- Email address and phone number
- Postal address and billing address
- Date of birth (if applicable)
Transaction Data
- Order history and purchase amounts
- Products viewed and wishlisted
- Returns and refund requests
- Warranty claims
- Payment method and transaction history
Technical Data
- IP address and geolocation data
- Browser type and version
- Device type and operating system
- Pages visited and time spent on site
- Cookies and similar tracking technologies
Usage Data
- Search queries and filters used
- Product ratings and reviews
- Communication preferences
- Account activity and login history
Payment Data
- Card type and expiry month/year
- Payment status and transaction records
Important: We do not store full credit card or debit card numbers. Payment processing is handled by Stripe (PCI-DSS Level 1 compliant). Card data is encrypted and transmitted securely; we only retain the last 4 digits and card type for reference.
Legal Basis for Processing
We process your personal data under the following legal bases:
Contract Performance (Article 6(1)(b))
- Processing your orders, payments, and delivery
- Managing returns, refunds, and warranty claims
- Providing customer support
Legal Obligations (Article 6(1)(c))
- Compliance with tax and VAT regulations
- Fraud prevention and AML/KYC requirements
- Retention of transaction records
Legitimate Interests (Article 6(1)(f))
- Preventing fraud and securing our systems
- Analysing site usage to improve services
- Marketing and personalising your experience
- Enforcing our terms and protecting rights
Consent (Article 6(1)(a))
- Marketing emails and communications (opt-in)
- Non-essential cookies and analytics
- Third-party data sharing
How We Use Your Data
To Process and Fulfil Orders
- Processing payments and confirming orders
- Arranging delivery and tracking shipments
- Managing returns and issuing refunds
- Handling warranty claims and support
To Communicate With You
- Order confirmations and delivery updates
- Customer support and query resolution
- Warranty and returns information
- Account security alerts
To Detect and Prevent Fraud
- Verifying identities and payment methods
- Detecting suspicious account activity
- Protecting against unauthorised transactions
- Working with payment providers for security
To Improve Our Services
- Analysing usage patterns and site behaviour
- Improving website speed and functionality
- Testing new features and services
- Analysing customer feedback and reviews
For Marketing (Consent-Based)
- Sending promotional emails and newsletters
- Personalised product recommendations
- Alerts for items in your wishlist
- Special offers and early access to sales
You can opt out of marketing emails at any time by clicking the unsubscribe link in any email or updating your account preferences.
Data Retention
We retain personal data for as long as necessary to fulfil the purposes outlined in this policy:
- Account Data: Retained for the duration of your account and for 3 years after account closure for legal/tax purposes
- Transaction Data: Retained for 6 years (UK tax law requirement)
- Order-Related Data: Retained for the duration of the order process and warranty period (minimum 1 year)
- Marketing Data: Retained until you unsubscribe
- Technical/Analytics Data: Retained for 13 months (Google Analytics default)
- Cookie Data: Varies by cookie type (see Cookie Policy)
After the retention period expires, we securely delete or anonymise your data. If deletion is not possible due to legal obligations, we will anonymise the data and restrict its use.
Sharing Your Data
We do not sell your personal data. However, we may share data with:
Essential Service Providers
- Stripe: Payment processing (PCI-DSS Level 1)
- Royal Mail / Courier Partners: Delivery and tracking
- Customer Support Platforms: Support ticket management
- Email Providers: Transactional and marketing emails
Third-Party Sellers (Marketplace)
For marketplace orders, we share your delivery address and contact details with the seller to fulfil the order. Sellers are bound by our data protection terms.
Legal Requirements
- Law enforcement and regulatory authorities if required by law
- Courts and legal representatives in legal proceedings
- Fraud prevention partners to protect against financial crime
Analytics and Advertising
- Google Analytics: Website usage (anonymised)
- Facebook Pixel: Advertising (anonymised)
- Algolia: Search functionality
All third parties are contractually bound to process data securely and only for agreed purposes.
International Data Transfers
We primarily store data in the UK and EU. Some service providers (e.g., Google, Stripe) may process data in the USA or other countries outside the UK. Where data is transferred outside the UK, we ensure:
- Appropriate safeguards under UK GDPR (Standard Contractual Clauses, Binding Corporate Rules)
- Your data receives equivalent protection to UK standards
- Compliance with the UK Data Protection Act 2018
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right to Access (Article 15)
You have the right to request a copy of your personal data that we hold. We will provide this within 30 days of your request.
Right to Rectification (Article 16)
You have the right to correct any inaccurate or incomplete data. You can update your account details directly in your account settings.
Right to Erasure (Article 17)
You have the right to request deletion of your personal data, subject to legal obligations. We cannot delete data required for:
- Fulfilling ongoing orders or delivering services
- Complying with legal obligations (tax, VAT, AML)
- Establishing, exercising, or defending legal claims
Right to Restrict Processing (Article 18)
You may request that we limit how we use your data while we investigate a dispute or accuracy claim.
Right to Data Portability (Article 20)
You have the right to receive your data in a structured, commonly used, machine-readable format (e.g., CSV) and transfer it to another organisation.
Right to Object (Article 21)
You can object to processing for marketing, analytics, or legitimate interest purposes. You can unsubscribe from marketing emails at any time.
Right to Withdraw Consent (Article 7)
If processing is based on your consent, you can withdraw it at any time without affecting the legality of prior processing.
Rights Related to Automated Decision-Making (Article 22)
You have rights regarding solely automated decisions (profiling, credit scoring). We do not carry out purely automated decisions that legally bind you.
How to Exercise Your Rights
To exercise any of the rights above, please contact us with:
- Your name and account email
- Details of your request
- Proof of identity (if required)
Email: privacy@zwipkart.com
Post: ZwipKart Ltd, 593F Atlas Road, Harrow, HA9 0JH
Response time: We aim to respond within 30 days. We may extend this by 2 months for complex requests.
Data Security
We take data security seriously and implement industry-standard measures:
- Encryption: HTTPS/TLS for data in transit; encryption at rest for sensitive data
- Access Controls: Role-based access; staff only access data when necessary
- Firewalls and Intrusion Detection: Network security and monitoring
- Secure Payment Processing: Stripe (PCI-DSS Level 1 certified)
- Regular Audits: Security assessments and penetration testing
- Staff Training: Data protection and information security training
- Incident Response: Procedures to detect, respond to, and report data breaches
Note: While we implement robust security measures, no system is 100% secure. We encourage you to protect your account password and notify us of any suspicious activity.
Data Breach Notification
If we discover a personal data breach, we will:
- Notify affected individuals within 72 hours (where required by law)
- Notify the Information Commissioner's Office (ICO) if the breach creates a high risk
- Provide information about the breach and steps you can take to protect yourself
Cookies and Tracking Technologies
ZwipKart uses cookies and similar technologies. For full details, see our Cookie Policy. We use:
- Strictly necessary cookies: Essential for site functionality (authentication, cart, checkout)
- Functional cookies: Remember your preferences and settings
- Analytics cookies: Help us understand site usage (Google Analytics)
- Marketing cookies: Show relevant adverts (Facebook Pixel, Google Ads)
You can manage cookie preferences via our cookie consent banner or your browser settings.
Third-Party Links
Our website contains links to third-party websites (sellers' websites, payment processors, social media). This Privacy Policy only applies to ZwipKart. We are not responsible for the privacy practices of third-party sites. Please review their privacy policies before providing personal data.
Children's Privacy
ZwipKart is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided data, we will delete it immediately.
Teens aged 13-18 may use ZwipKart with parental consent. Parents/guardians can contact us to review, update, or delete a teen's data.
Data Protection Complaints
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
United Kingdom
Phone: 0303 123 1113
Website: ico.org.uk
We encourage you to contact us first at privacy@zwipkart.com to resolve any concerns.
Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on this page
- Sending you an email if changes significantly affect your rights
- Obtaining your consent if required by law
Your continued use of ZwipKart after changes indicates your acceptance of the updated Privacy Policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
593F Atlas Road
Harrow, HA9 0JH
United Kingdom
Email: privacy@zwipkart.com
Phone: 07450 870864
Response time: We aim to respond to all data protection queries within 30 days.
This Privacy Policy is compliant with the UK GDPR and Data Protection Act 2018.