GEIG – PRIVACY POLICY (CONSUMERS AND BUSINESS CONTACTS)

Effective date: 01/08/2025

1.0 Purpose and Scope

1.1 This policy explains how GeiG collects, uses, shares and protects personal data.
1.2 It applies to two groups:
(a) Consumers who browse GeiG.co.uk, create an account, buy products, use support, or chat with us; and
(b) Business contacts such as buyers, resellers, suppliers, partners and prospects who interact with us for business.
1.3 This single policy covers both groups, so you do not need to read separate documents.
1.4 We handle personal data in line with the UK GDPR and the Data Protection Act 2018.

2.0 Who We Are (Data Controller)

2.1 Data controller: Computerko Limited trading as GeiG (company no. 11125670).
2.2 Registered address: 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom.
2.3 Privacy contact: support@geig.co.uk (please include “Privacy” in the subject line).
2.4 We keep records of emails and chat messages to handle and evidence requests and for security.

3.0 Personal Data We Collect

3.1 Data you give us: name, email, postal addresses, phone numbers, account/login details, order and returns details, payment status, warranty and support information, marketing preferences, company and role (for business contacts) and any information you enter in forms, tickets or chat.
3.2 Data collected automatically: device type, browser, IP address, cookie identifiers, pages visited, links clicked, time on page, error logs and diagnostics for security and performance.
3.3 Data from third parties: payment processors (payment status, fraud checks), delivery partners (tracking events), address validation services, public company registers and other business sources for B2B.
3.4 Special categories: we do not deliberately collect “special category” data (e.g., health data). Please do not submit such data to us. If we receive it inadvertently, we will delete it unless there is a lawful basis to retain it.

4.0 How We Use Your Data (Purposes)

We use personal data to:
4.1 take and fulfil consumer orders (accounts, payments, delivery, returns, warranty and support);
4.2 provide customer and technical support (diagnosis, refunds, service improvement);
4.3 manage B2B relationships (pre-sales, quotes, contracts, onboarding and account management);
4.4 send marketing where permitted (news, offers, product launches). You can opt out at any time.4.5 operate and secure GeiG.co.uk (analytics, performance, fraud prevention, incident detection, debugging); and
4.6 meet legal, regulatory and tax obligations (record keeping, lawful requests).

5.0 Lawful Bases for Processing

5.1 Contract to perform our contract with you (orders, delivery, support).
5.2 Legitimate interests for security, fraud prevention, service improvement, B2B communication and analytics where those interests are not overridden by your rights. You may object to processing based on legitimate interests (see Section 11).
5.3 Consent for certain marketing communications and non-essential cookies/analytics; you can withdraw consent at any time.
5.4 Legal obligation where we must keep or disclose records by law.

6.0 Cookies and Similar Technologies

6.1 We use cookies for essential site functions, performance and analytics.
6.2 You can control non-essential cookies via site controls and your browser. See our Cookie Policy for details.

7.0 Who We Share Your Data With (Recipients)

We share personal data only where necessary and under appropriate safeguards, including with:
7.1 service providers (hosting, cloud, CDN, IT support, live chat, email services, analytics, backups);
7.2 payment providers and fraud prevention partners (we do not store full card numbers on our systems);
7.3 logistics partners (carriers, warehouses and returns processors);
7.4 business systems (CRM, quoting, contract management and e-signature providers);
7.5 professional advisers (auditors, lawyers, insurers); and
7.6 law enforcement or regulators, where required by law.
7.7 Processors and subprocessors: our processors act only on our instructions. We publish and maintain a current list of subprocessors and will provide that list on request.

8.0 International Transfers

8.1 Some service providers may be located outside the UK. Where we transfer data internationally, we rely on:
(a) UK adequacy decisions;
(b) the UK International Data Transfer Agreement / UK Addendum to Standard Contractual Clauses; and/or
(c) additional technical and organisational safeguards such as encryption and strict access controls.
8.2 You may request information about the safeguards used; commercially sensitive elements may be redacted.

9.0 How Long We Keep Your Data (Retention)

9.1 We retain personal data only as long as necessary for the purposes set out in Section 4 and in accordance with legal obligations. Typical retention periods:
(a) consumer orders, invoices and tax records: 6 years;
(b) consumer account data: while the account is active, then 24 months after last activity, unless law requires longer;
(c) support records and chat transcripts: 2 years (longer if needed for a complaint or legal reason);
(d) website and security logs: 12 months (or longer for investigations);
(e) marketing lists: until you opt out or 24 months of inactivity;
(f) B2B contracts and supplier files: relationship length plus 6 years.
9.2 If we reasonably anticipate or are subject to a legal claim, relevant data will be retained until the matter is resolved.

10.0 Security Measures

10.1 We use appropriate measures, including encryption in transit and at rest, access controls, multi-factor authentication for administrative access, least-privilege permissions, patching, firewalls, audit logs, backups and staff awareness training.
10.2 We regularly review and improve security practices and maintain a record of processing activities.

11.0 Your Rights (How to Exercise Them)

11.1 Your rights under the UK GDPR include: access, rectification, erasure, restriction, data portability, objection to processing based on legitimate interests and withdrawal of consent.
11.2 To exercise your rights, contact support@geig.co.uk with “Privacy Request” in the subject. We may ask for information to verify your identity.
11.3 We aim to respond within applicable legal timescales and will explain any lawful reason for refusing a request. If you remain unhappy, you may complain to the ICO (see Section 15).

12.0 Marketing Preferences

12.1 We send marketing only where permitted (consent for consumers; legitimate interests for most B2B outreach). You may opt out at any time via unsubscribe links or by contacting support@geig.co.uk. Essential service messages (order updates, safety notices) will still be sent where necessary.

13.0 Children’s Privacy

13.1 Our services are not intended for children. We do not knowingly collect data from anyone under 13. If you believe a child has given us personal data, contact us, and we will delete it unless retention is required by law.

14.0 Automated Decision-Making and Profiling

14.1 We do not make decisions with legal or similarly significant effects based solely on automated processing.
14.2 We do use automated checks (for example, fraud scoring). If you are affected and require a human review, contact us, and we will provide it.

15.0 Security Incidents and Data Breach Notification

15.1 If we become aware of a personal data breach that risks people’s rights and freedoms, we will:
(a) notify the ICO without undue delay and, where feasible, within 72 hours of becoming aware when required by law; and
(b) where the breach is likely to result in a high risk to individuals, notify affected persons without undue delay and where reasonably practicable, within 24 hours of becoming aware.
15.2 We will provide timely information about known facts, likely consequences and remedial steps. We will cooperate with regulators and affected persons in remediation.

16.0 Product Safety, Recalls and Legal Disclosures

16.1 Where required by law or for safety reasons (for example, product recalls), we will use contact details to notify affected customers. We may disclose data to authorities where legally obliged.

17.0 Complaints and Contact

17.1 Privacy contact: support@geig.co.uk (include “Privacy” in the subject).
17.2 If we cannot resolve your concern, you have the right to complain to the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, ico.org.uk.

18.0 Changes to This Policy

18.1 We may update this policy to reflect legal or operational changes. Material changes will be notified by site notice or email to account holders. The current version and effective date are displayed at the top.

19.0 Additional Points for Business Contacts

19.1 If you act on behalf of a company, we process your business contact details to communicate, provide quotes, fulfil contracts, carry out due diligence and maintain records. Our lawful bases are contract and legitimate interests. You may object on the grounds that our interests are overridden by your rights.

20.0 Quick Retention Summary

20.1 Orders and invoices (consumers): 6 years.
20.2 Consumer account data: active, then 24 months after inactivity.
20.3 Support and chat: 2 years.
20.4 Website and security logs: 12 months.
20.5 Marketing contacts: until opt-out or 24 months of inactivity.
20.6 B2B contracts and supplier records: relationship + 6 years.

21.0 Third-Party Trade Marks and Minimal IP Note

21.1 “GeiG” is a trade mark owned by Meridian Peoples Holdings Limited and used under licence. This Privacy Policy concerns personal data processing only and does not alter or expand any trademark rights.

End of Privacy Policy.