We protect your data as carefully as we craft jewellery. This policy explains how iTruWin Ltd (registered in England No. 16098669) collects, uses, and safeguards personal information when you visit itruwin.com, make purchases, or contact us. Under UK GDPR, you have rights to access, correct, or delete your data. We never sell customer information. For questions, contact our Data Protection Officer at support@itruwin.com. Updates take effect 30 days after posting.
Contact details, payment information, purchase history, IP address, and device data. Collected via orders, account registration, cookies, and customer service interactions. Required for contract fulfilment, shipping, and legal compliance.
Process orders, prevent fraud, personalise shopping, send service updates (not marketing), improve products, and comply with UK tax laws. Legal basis: contract performance, legitimate interests, and legal obligations.
- 01.Access: Request full data copy within 30 days. Email support@itruwin.com with proof of ID. No fee unless excessive requests.
- 02.Rectification: Update inaccuracies via your account or email request. We’ll correct within 14 days.
- 03.Erasure: Request data deletion where no legal retention applies (e.g., HMRC records).
- 04.Restriction: Limit processing during disputes. Valid challenges honoured within 21 days.
- 05.Portability: Receive machine-readable purchase history for transfer to competitors.
Essential Service Providers: Payment processors (Stripe), couriers (Royal Mail/DHL), and IT infrastructure partners access minimal required data under binding contracts. All comply with UK GDPR via Standard Contractual Clauses.
Legal Obligations: Disclose to HMRC for VAT, UK fraud prevention agencies, and law enforcement under court order. We notify customers unless prohibited.
Business Transfers: If acquired, customer data transfers per UK merger regulations. You’ll receive 30-day notice with opt-out rights for non-essential uses.
AES-256 encryption, PCI-DSS compliance, annual penetration testing, staff training, and pseudonymisation. Report breaches to ICO within 72 hours.
Order data: 6 years (UK tax law). Inactive accounts: 2 years. Enquiries: 18 months. Marketing opt-outs: indefinitely.
Essential Cookies: Session and checkout functionality. Cannot be disabled.
Analytical Cookies: Google Analytics (anonymised IPs). Opt-out via cookie banner.
Marketing Cookies: Used only with consent. Manage preferences anytime.
EU/EEA Transfers: Covered by UK adequacy regulations.
Global Partners: Legitimised via UK International Data Transfer Agreements.
Your Control: Request transfer restrictions via support@itruwin.com.