1. Who we are
This website is operated by AP Brands Ltd, a company registered in England and Wales. References to “we”, “us” and “our” in this policy mean AP Brands Ltd.
2. What we collect, and why
We collect personal data when you place an order, register an account, sign up to our newsletter, or contact us. The types of data we collect, and the reasons we collect them, are:
- Order details: your name, delivery address, billing address, email, phone number, the products you ordered. Needed to fulfil and deliver your order.
- Payment information: handled directly by our payment processor (Stripe via WooCommerce Payments). We do not store full card details on our servers.
- Account credentials: if you create an account, your email and an encrypted password. So you can log in and view your order history.
- Technical data: your IP address, browser type, device, and referring pages. Used to keep the site secure, prevent fraud, and understand how visitors use the site.
- Marketing preferences: if you opt in, your email address so we can send occasional product updates. You can unsubscribe at any time.
3. Our legal basis
We process your personal data under one or more of these lawful bases:
- Contract: to fulfil your order and provide customer support.
- Legal obligation: to comply with accounting, tax and consumer-protection rules.
- Legitimate interests: to keep the site running securely and to improve it.
- Consent: for marketing emails. You can withdraw consent at any time.
4. Who we share data with
We only share your personal data with the third parties that are essential to running the site and fulfilling your orders:
- Payment processor: Stripe (via WooCommerce Payments), to process your payment.
- Courier: DPD, to deliver your parcel.
- Hosting: our hosting provider, to keep the site online.
- Email: our transactional email service, to send order confirmations and replies to your enquiries.
We do not sell or rent your personal data to anyone, ever.
5. Cookies
We use a small number of cookies to keep your basket working, remember you when you log in, and measure broad site usage. We don’t use cookies for advertising tracking.
6. How long we keep your data
We keep order records for at least six years to meet UK tax and accounting rules. Customer accounts persist until you ask us to delete them. Newsletter sign-ups persist until you unsubscribe. Technical logs are rotated automatically after a short period.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Correct anything that’s wrong or out of date.
- Ask us to delete your data, where we’re not required to keep it.
- Object to or restrict how we use your data.
- Receive your data in a portable format.
- Complain to the Information Commissioner’s Office (ico.org.uk) if you’re not happy with how we’ve handled your data.
8. Security
The site uses HTTPS encryption end-to-end. Account passwords are stored salted and hashed. Payment details never touch our servers in plain form.
9. Changes to this policy
If we make material changes we’ll update the date at the top and, where appropriate, notify you by email.
10. Contact us
Privacy questions, data requests, or anything else? Email info@britishcrisp.co or use our contact form.