GEIG – PRIVACY POLICY

(Consumers and Business Contacts)

Effective date: 01/08/2025

1.0 Purpose and Scope

1.1 This policy explains how GeiG collects, uses, shares and protects personal data.
1.2 It applies to two groups:
(a) Consumers who browse geig.co.uk, create an account, place orders, use support or chat with us; and
(b) business contacts such as buyers, resellers, suppliers, partners and prospects who interact with us for business purposes.
1.3 This single policy applies to both groups.
1.4 We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

2.0 Who We Are (Data Controller)

2.1 Data controller: GeiG.
2.2 Service address: Riverside Business Centre, Fort Road, Tilbury, Essex, RM18 7ND, United Kingdom.
2.3 Privacy contact: support@geig.co.uk (please include “Privacy” in the subject line).
2.4 We retain records of emails and chat communications to manage requests, maintain service quality, and support security and audit requirements.

3.0 Personal Data We Collect

3.1 Data you provide: name, email address, postal address, phone number, account and login details, order and returns information, payment status, warranty and support records, marketing preferences, company and role (for business contacts), and any information submitted through forms, tickets or live chat.
3.2 Data collected automatically: device and browser type, IP address, cookie identifiers, pages viewed, links clicked, session duration, error logs and diagnostic data for security and performance.
3.3 Data from third parties: payment processors (payment status and fraud indicators), delivery partners (tracking events), address-validation services, and public or commercial business sources for B2B due diligence.
3.4 Special category data: We do not intentionally collect special category data. If received inadvertently, it will be deleted unless a lawful basis requires retention.

4.0 How We Use Your Data

We use personal data to:

4.1 process and fulfil orders (accounts, payments, delivery, returns, warranty and support);
4.2 provide customer and technical support and improve our services;
4.3 manage B2B relationships, including pre-sales, quotations, contracts and account management;
4.4 send marketing communications where permitted;
4.5 operate, analyse and secure geig.co.uk (performance monitoring, fraud prevention, incident detection); and
4.6 comply with legal, regulatory and tax obligations.

5.0 Lawful Bases for Processing

5.1 Contract – to perform contracts with you (orders, delivery, support).
5.2 Legitimate interests – for security, fraud prevention, service improvement, analytics and B2B communications, where not overridden by your rights.
5.3 Consent – for certain marketing communications and non-essential cookies; you may withdraw consent at any time.
5.4 Legal obligation – where we must retain or disclose information by law.

6.0 Cookies and Similar Technologies

6.1 We use cookies for essential site functionality, performance and analytics.
6.2 You can manage non-essential cookies via site controls and your browser. See our Cookie Policy for details.

7.0 Who We Share Your Data With

We share personal data only where necessary and under appropriate safeguards, including with:

7.1 service providers (hosting, cloud infrastructure, IT support, live chat, email services, analytics and backups);
7.2 payment providers and fraud-prevention partners (we do not store full card numbers);
7.3 logistics partners (carriers, warehouses and returns processors);
7.4 business systems (CRM, quoting, contract management and e-signature tools);
7.5 professional advisers (auditors, lawyers, insurers); and
7.6 regulators or law-enforcement authorities where legally required.

7.7 Processors and subprocessors: All processors act only on our documented instructions. We maintain a current list of subprocessors and provide it on request.

8.0 International Transfers

8.1 Some service providers may be located outside the UK. Where personal data is transferred internationally, we rely on:
(a) UK adequacy regulations;
(b) the UK International Data Transfer Agreement or UK Addendum to Standard Contractual Clauses; and/or
(c) additional safeguards such as encryption and access controls.
8.2 You may request information about applicable safeguards; commercially sensitive elements may be redacted.

9.0 Data Retention

9.1 We retain personal data only as long as necessary for the purposes set out above and to meet legal requirements. Typical retention periods include:
(a) consumer orders, invoices and tax records – 6 years;
(b) consumer account data – while active, then 24 months after last activity;
(c) support records and chat transcripts – 2 years (longer if required for complaints or disputes);
(d) website and security logs – 12 months;
(e) marketing records – until opt-out or 24 months of inactivity;
(f) B2B contracts and supplier records – relationship duration plus 6 years.
9.2 Where a legal claim is anticipated or ongoing, relevant data will be retained until resolution.

10.0 Security Measures

10.1 We use appropriate technical and organisational measures, including encryption, access controls, multi-factor authentication for administrative access, least-privilege permissions, monitoring, backups and staff awareness training.
10.2 Security measures are reviewed regularly and supported by documented processing records.

11.0 Your Rights

11.1 Your rights include access, rectification, erasure, restriction, data portability, objection to processing based on legitimate interests, and withdrawal of consent.
11.2 To exercise your rights, contact support@geig.co.uk with “Privacy Request” in the subject line.
11.3 We respond within statutory timeframes and will explain any lawful basis for refusal. You may complain to the ICO if dissatisfied.

12.0 Marketing Preferences

12.1 We send marketing communications only where permitted. You may opt out at any time using unsubscribe links or by contacting us.
12.2 Essential service messages (such as order updates or safety notices) will still be sent where required.

13.0 Children’s Privacy

13.1 Our services are not intended for children under 13, and we do not knowingly collect their personal data. If such data is identified, it will be deleted unless legal retention is required.

14.0 Automated Decision-Making

14.1 We do not make decisions with legal or similarly significant effects based solely on automated processing.
14.2 Automated checks (for example, fraud screening) may be used. You may request human review where applicable.

15.0 Security Incidents and Data Breaches

15.1 Where a personal data breach presents a risk to individuals’ rights and freedoms, we will:
(a) notify the ICO without undue delay and, where required, within 72 hours; and
(b) notify affected individuals without undue delay where there is a high risk, and where reasonably practicable, within 24 hours.
15.2 We will provide information on the nature of the breach, likely consequences and remedial actions.

16.0 Product Safety and Legal Disclosures

16.1 Where required by law or for safety reasons (for example, product recalls), we may use contact details to notify affected individuals and disclose information to authorities where legally obliged.

17.0 Complaints and Contact

17.1 Privacy enquiries: support@geig.co.uk (include “Privacy” in the subject).
17.2 You may complain to the Information Commissioner’s Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or via ico.org.uk.

18.0 Changes to This Policy

18.1 We may update this policy to reflect legal or operational changes. The current version and effective date are shown above. Material changes will be notified by site notice or email where appropriate.

19.0 Additional Information for Business Contacts

19.1 Where you act on behalf of an organisation, we process business contact details to communicate, provide quotations, fulfil contracts, conduct due diligence and maintain records. The lawful bases are contract and legitimate interests.

20.0 Quick Retention Summary

20.1 Orders and invoices (consumers): 6 years.
20.2 Consumer account data: active, then 24 months after inactivity.
20.3 Support and chat: 2 years.
20.4 Website and security logs: 12 months.
20.5 Marketing contacts: until opt-out or 24 months of inactivity.
20.6 B2B contracts and supplier records: relationship duration plus 6 years.

End of Privacy Policy