Privacy policy

PRIVACY POLICY

Last Updated: March 2026

This Privacy Policy explains how DrCarpys & NwBait Lab Limited (“we”, “us”, “our”) collects, uses, stores and protects personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

DrCarpys & NwBait Lab Limited

Company Number: 17054815

Registered in England & Wales

Registered Office:

101 Bradshaw Brow

Bolton

ENG

BL2 3DB

United Kingdom

Email: support@drcarpys.co.uk

For the purposes of UK data protection law, DrCarpys & NwBait Lab Limited is the Data Controller in respect of your personal data.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Data

  • Full name
  • Billing address
  • Delivery address
  • Email address
  • Telephone number

Financial Data

Payment details are processed securely by Shopify and authorised payment processors.

We do not store full debit or credit card numbers.

Transaction Data

  • Details of products purchased
  • Order history
  • Returns and exchanges
  • Payment confirmations

Technical & Usage Data

  • IP address
  • Browser type and version
  • Time zone setting
  • Device information
  • Website interaction data
  • Cookie data

Account Data (where applicable)

  • Login credentials
  • Account preferences

3. How We Collect Personal Data

We collect personal data:

  • Directly from you when you place an order, create an account or contact us
  • Automatically through cookies and similar tracking technologies
  • From Shopify and payment service providers to facilitate transactions
  • From analytics and marketing providers where lawful

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Contractual Necessity

To process and fulfil your orders, manage returns, provide customer support and administer your account.

Legal Obligation

To comply with tax, accounting and regulatory requirements.

Legitimate Interests

To operate, protect and improve our business, prevent fraud, and enhance customer experience, provided such interests do not override your fundamental rights.

Consent

For marketing communications where required by law. You may withdraw consent at any time.

5. How We Use Your Personal Data

We use your personal data to:

  • Process and fulfil orders
  • Take payment and arrange delivery
  • Manage returns and refunds
  • Provide customer service
  • Maintain business records
  • Detect and prevent fraud
  • Improve website functionality
  • Send marketing communications (where permitted)

6. Disclosure of Personal Data

We may share personal data with:

  • Shopify Inc. (our e-commerce platform provider)
  • Payment processors
  • Courier and delivery providers
  • IT and hosting providers
  • Professional advisers (including accountants and legal advisers)
  • Government authorities or regulators where legally required

We do not sell personal data to third parties.

7. International Transfers

Certain service providers, including Shopify, may process data outside the United Kingdom.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • UK-approved Standard Contractual Clauses; or
  • Transfers to jurisdictions deemed adequate by the UK Government.

8. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil contractual obligations
  • Comply with legal requirements (including HMRC record-keeping obligations)
  • Resolve disputes
  • Enforce agreements

Financial transaction records are typically retained for a minimum of six (6) years in accordance with UK legal requirements.

9. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability
  • Withdraw consent for marketing

To exercise your rights, contact:

support@drcarpys.co.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.

10. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction.

However, transmission of information via the internet is not completely secure, and we cannot guarantee absolute security  

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such websites.

12. Children

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

13. Amendments

We reserve the right to update this Privacy Policy at any time. Any changes will be published on this page with an updated revision date.