Privacy Policy
Last updated: 19 May 2026
1. Who we are
Buy2fix operates the website buy2fix.co.uk. For the purposes of UK data protection law (the UK GDPR and the Data Protection Act 2018), Buy2fix is the data controller for the personal information we collect about you.
- Trading name: BUY2FIX
- Address: Office 4412, 321-323 High Road, Romford, RM6 6AX, United Kingdom
- Email: sales@buy2fix.co.uk
- WhatsApp: +44 7456 317760
2. What this policy covers
This policy explains what personal information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have under UK data protection law. It applies to your use of buy2fix.co.uk and any communications you have with us by email, WhatsApp, or the contact forms on our site.
3. The information we collect
Information you give us:
- Contact details — name, email address, postal address, telephone number
- Account details — login credentials and account preferences
- Order details — items purchased, billing and shipping address, order history. We do not see or store full payment card numbers; these are handled directly by our payment processors.
- Communications — emails, WhatsApp messages, and form submissions you send us
- Marketing preferences
Information we collect automatically:
- Device and browser data — IP address, browser type, device type, operating system, language
- Usage data — pages viewed, time on page, referring website, links clicked
- Cookies and similar technologies (see Section 9)
Information from third parties:
- Payment confirmation from our payment processors (Shopify Payments, Apple Pay, Google Pay)
- Fraud-prevention signals from Shopify's risk system
- Aggregated analytics from Google Analytics and Meta advertising tools
4. Why we use your information and our lawful basis
We process your personal information only where we have a lawful basis under Article 6 of the UK GDPR.
| Purpose | Lawful basis |
|---|---|
| Processing orders, taking payment, arranging delivery, handling returns and refunds | Performance of a contract |
| Customer support and order enquiries | Performance of a contract / legitimate interests |
| Account creation and management | Performance of a contract |
| Fraud prevention, security, abuse detection | Legitimate interests |
| Compliance with UK tax, accounting and consumer-protection law | Legal obligation |
| Marketing emails to existing customers about similar products | Legitimate interests, subject to your right to opt out (PECR soft opt-in) |
| Marketing to prospects / non-customers | Consent |
| Analytics, advertising cookies, retargeting | Consent — managed via our cookie banner |
Where we rely on consent, you can withdraw it at any time without affecting prior processing — see Section 8.
5. Who we share your information with
We share personal information only with parties who help us run our business, and only to the extent needed for the service they provide:
- Shopify Inc. — our e-commerce platform, which hosts the store and processes order and customer data on our behalf
- Payment processors — Shopify Payments, Apple Pay, Google Pay
- Couriers and fulfilment partners — to dispatch and deliver your order
- Customer-support tools — to manage email and WhatsApp enquiries
- Marketing platforms — Google (Analytics, Ads), Meta (Facebook, Instagram), and our email marketing provider
- Professional advisers — accountants, lawyers, where reasonably required
- Law enforcement and regulators — where required by law or to protect our rights
We do not sell your personal information.
6. International data transfers
Some of our service providers process personal information outside the UK. Where this happens, we rely on appropriate safeguards recognised under UK data protection law:
- Transfers to the European Economic Area: the UK's adequacy regulations
- Transfers to other countries (including the United States): the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another recognised lawful transfer mechanism
You can request a copy of the safeguards we rely on by emailing sales@buy2fix.co.uk.
7. How long we keep your information
| Data | Retention |
|---|---|
| Order, invoice and tax records | 6 years (UK tax-law requirement) |
| Customer account data | While your account is active, plus 2 years after last activity |
| Marketing-list data | Until you unsubscribe |
| Support correspondence | 2 years after the matter is closed |
| Website analytics | Up to 26 months |
| Cookies | See Section 9 |
When the retention period ends we delete, anonymise, or securely archive your data.
8. Your data rights
Under UK data protection law you have the right to:
- Access your personal data and receive a copy
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten") in certain circumstances
- Restrict processing in certain circumstances
- Data portability — receive your data in a structured, commonly used, machine-readable format
- Object to processing based on legitimate interests, and to direct marketing at any time
- Withdraw consent where consent is the lawful basis we rely on
- Not be subject to fully automated decisions that produce legal or similarly significant effects (we don't make such decisions)
To exercise any of these rights, email sales@buy2fix.co.uk or message us on WhatsApp at +44 7456 317760. We aim to respond within one month.
9. Cookies and similar technologies
We use cookies and similar technologies to keep the site working, remember the contents of your cart, measure traffic, and — with your consent — personalise advertising.
Strictly necessary cookies (e.g., cart, session, checkout, security) do not require your consent under the Privacy and Electronic Communications Regulations (PECR), because the site cannot function without them.
Analytics and advertising cookies are only set after you give consent via the cookie banner shown on your first visit. You can change your preferences at any time using the "Your Privacy Choices" link in the footer.
10. Security
We use industry-standard safeguards to protect your information, including TLS encryption in transit, encrypted storage at rest, restricted internal access on a need-to-know basis, and PCI-DSS-compliant payment processing handled by our payment partners. No system is 100% secure, but we work hard to protect what you share with us. If we ever become aware of a personal-data breach that is likely to affect your rights, we will notify you and the ICO as required by law.
11. Children
Buy2fix is intended for adult use. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we'll delete it.
12. Changes to this policy
We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page. Continued use of our site following an update constitutes acceptance of the revised policy.
13. Contact us
Privacy queries — Buy2fix
Office 4412, 321-323 High Road, Romford, RM6 6AX, United Kingdom
Email: sales@buy2fix.co.uk
WhatsApp: +44 7456 317760