Spirafix

PRIVACY POLICY

1. Who We Are

Spirafix Ltd (“we”, “us”, “our”) is a UK-based manufacturing company supplying products to both businesses and individual consumers.

For the purposes of data protection law, Spirafix Ltd is the data controller responsible for your personal data.
We are committed to protecting your personal data and respecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018.

2. Personal Information We Collect
We may collect and process the following personal data:

Customers and Enquiries
• Name
• Email address
• Telephone number
• Billing and delivery address

Business Customers (B2B)
• Contact name
• Company name and address
• Business contact details

Payments
• Payment details are processed securely by third-party providers (e.g. PayPal, Sage Pay). We do not store full card details.

Website Usage
• IP address
• Browser type and device information
• Website usage data collected via cookies

Recruitment
• CVs, cover letters, and related application information when applying for roles
 

3. How We Use Your Personal Information

We use your personal data to:
• Process and deliver orders
• Manage customer accounts and relationships
• Communicate with you regarding enquiries, orders, or services
• Process payments and maintain financial records
• Monitor and improve our products and services
• Investigate complaints or disputes
• Carry out credit checks (where applicable)
• Ensure website functionality and security
• Comply with legal and regulatory obligations

4. Legal Basis for Processing

We rely on the following lawful bases:
• Contract – to fulfil orders and provide goods/services
• Legal obligation – for tax, accounting, and compliance requirements
• Legitimate interests – to manage our business, customer relationships, and improve services
• Consent – for email marketing communications (where required)

5. Marketing

We may contact you about our products and services:
• By email – only where you have consented or where permitted under “soft opt-in” rules
• By phone or post – where permitted under legitimate interests

You can opt out of marketing at any time by:

• Email: sales@spirafix.com
• Phone: 0345 2962792
• Post: Spirafix Ltd, Building D, Unit D2 Chapel Farm Ind Est, Cwmcarn, NP11 7BH
 
6. Sharing Your Personal Information.

We only share your personal data where necessary, including with:

• Payment processors (e.g. PayPal, Sage Pay)
• Delivery and logistics providers
• Credit reference agencies (e.g. Credit safe)
• Professional advisors (accountants, auditors, legal advisors)
• IT and website service providers
• Authorities where required by law

All third parties are required to respect the security of your data and process it lawfully.

7. International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as UK-approved standard contractual clauses or equivalent legal mechanisms.

8. Data Retention

We retain personal data only for as long as necessary to:

• Fulfil the purposes it was collected for
• Comply with legal, tax, and regulatory requirements
• Resolve disputes and enforce agreements

Data is securely deleted when no longer required.

9. Cookies

Our website uses cookies to improve functionality and user experience.
This includes:

• Essential cookies (required for website operation)
• Analytics cookies (e.g. Google Analytics)
• Third-party content (e.g. YouTube videos, payment providers)

You can control or disable cookies through your browser settings. Where required, we will request your consent before placing non-essential cookies.

10. Automated Decision Making

We may use credit reference agencies (e.g. Credit safe) to assess creditworthiness when opening trade accounts.

This helps us determine whether we can offer credit terms. You have the right to request human review of any such decision.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption (SSL) and access controls.

While no system is completely secure, we take all reasonable steps to protect your information.

12. Your Rights

Under the UK GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Data portability
• Withdraw consent (where applicable)

To exercise your rights, please contact us using the details below.

13. Complaints

If you have concerns about how we handle your data, please contact us first.

You also have the right to lodge a complaint with the
Information Commissioner's Office (ICO).