Privacy policy
PRIVACY POLICY
Last Updated: March 2026
This Privacy Policy explains how DrCarpys & NwBait Lab Limited (“we”, “us”, “our”) collects, uses, stores and protects personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller
DrCarpys & NwBait Lab Limited
Company Number: 17054815
Registered in England & Wales
Registered Office:
101 Bradshaw Brow
Bolton
ENG
BL2 3DB
United Kingdom
Email: support@drcarpys.co.uk
For the purposes of UK data protection law, DrCarpys & NwBait Lab Limited is the Data Controller in respect of your personal data.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
Identity & Contact Data
- Full name
- Billing address
- Delivery address
- Email address
- Telephone number
Financial Data
Payment details are processed securely by Shopify and authorised payment processors.
We do not store full debit or credit card numbers.
Transaction Data
- Details of products purchased
- Order history
- Returns and exchanges
- Payment confirmations
Technical & Usage Data
- IP address
- Browser type and version
- Time zone setting
- Device information
- Website interaction data
- Cookie data
Account Data (where applicable)
- Login credentials
- Account preferences
3. How We Collect Personal Data
We collect personal data:
- Directly from you when you place an order, create an account or contact us
- Automatically through cookies and similar tracking technologies
- From Shopify and payment service providers to facilitate transactions
- From analytics and marketing providers where lawful
4. Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
Contractual Necessity
To process and fulfil your orders, manage returns, provide customer support and administer your account.
Legal Obligation
To comply with tax, accounting and regulatory requirements.
Legitimate Interests
To operate, protect and improve our business, prevent fraud, and enhance customer experience, provided such interests do not override your fundamental rights.
Consent
For marketing communications where required by law. You may withdraw consent at any time.
5. How We Use Your Personal Data
We use your personal data to:
- Process and fulfil orders
- Take payment and arrange delivery
- Manage returns and refunds
- Provide customer service
- Maintain business records
- Detect and prevent fraud
- Improve website functionality
- Send marketing communications (where permitted)
6. Disclosure of Personal Data
We may share personal data with:
- Shopify Inc. (our e-commerce platform provider)
- Payment processors
- Courier and delivery providers
- IT and hosting providers
- Professional advisers (including accountants and legal advisers)
- Government authorities or regulators where legally required
We do not sell personal data to third parties.
7. International Transfers
Certain service providers, including Shopify, may process data outside the United Kingdom.
Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
- UK-approved Standard Contractual Clauses; or
- Transfers to jurisdictions deemed adequate by the UK Government.
8. Data Retention
We retain personal data only for as long as necessary to:
- Fulfil contractual obligations
- Comply with legal requirements (including HMRC record-keeping obligations)
- Resolve disputes
- Enforce agreements
Financial transaction records are typically retained for a minimum of six (6) years in accordance with UK legal requirements.
9. Your Rights
Under UK GDPR, you have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Object to processing based on legitimate interests
- Data portability
- Withdraw consent for marketing
To exercise your rights, contact:
support@drcarpys.co.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.
10. Security Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction.
However, transmission of information via the internet is not completely secure, and we cannot guarantee absolute security
11. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such websites.
12. Children
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.
13. Amendments
We reserve the right to update this Privacy Policy at any time. Any changes will be published on this page with an updated revision date.