Privacy Policy | GPSUK | GPSUK — Branded Promotional Products

GPSUK Ltd ("GPSUK", "we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

GPSUK Ltd is a company registered in England and Wales. We operate as a data controller for the personal data collected via our storefront and account portal.

Registered office: [Registered office address]
Company number: [Company registration number]
Data protection contact: privacy@gpsuk.com

2. What data we collect

We collect and process the following categories of personal data:

Account information — name, email address, phone number, company name, billing and delivery addresses, VAT number.
Order information — products ordered, artwork files you upload, decoration choices, PO references, order history and invoices.
Payment information — for card payments, cardholder details are handled directly by our payment processor. We do not store full card numbers on our servers.
Browsing data — IP address, browser and device information, pages visited, referrer URL and approximate location, collected via cookies and server logs.
Correspondence — copies of emails, enquiries and messages you send to us.

3. How we use your data

We use your personal data for the following purposes:

To fulfil your orders, process payments, and deliver products.
To manage your trade account, credit application and invoicing.
To send transactional communications (order confirmations, proof approvals, delivery updates).
To respond to enquiries, quote requests and customer support.
To improve our products, services and website through aggregate analytics.
To comply with legal obligations including tax, accounting and anti-money laundering.
With your consent, to send marketing communications about new products and offers.

4. Legal basis for processing

Under UK GDPR we rely on the following lawful bases:

Contract — to fulfil orders and provide the services you request.
Legitimate interests — to run and improve our business, prevent fraud, and maintain the security of our systems.
Legal obligation — to meet statutory record-keeping and tax requirements.
Consent — for optional marketing communications, which you may withdraw at any time.

5. Who we share your data with

We only share personal data with third parties who help us operate our business, including:

Payment processors and banks for processing payments and BACS transfers.
Couriers and fulfilment partners to deliver your orders.
Cloud hosting and email infrastructure providers who process data on our behalf.
Accountants, auditors and legal advisors, where professional duties require it.
Government authorities or law enforcement, where we are legally required to do so.

We do not sell your personal data to any third party.

6. International transfers

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place, such as the UK Addendum to the EU Standard Contractual Clauses, to protect your data in accordance with UK GDPR.

7. How long we keep your data

Order and transactional records — retained for at least 6 years to meet HMRC requirements.
Account information — kept for as long as your account remains active, and for up to 2 years after closure.
Marketing preferences — until you unsubscribe or withdraw consent.
Server logs — typically retained for up to 90 days unless required for security investigations.

8. Your rights under UK GDPR

You have the right to:

Access your personal data and receive a copy of it.
Rectify inaccurate or incomplete data.
Erase your data where there is no compelling reason for us to continue processing it.
Restrict or object to certain processing activities.
Data portability — receive your data in a structured, machine-readable format.
Withdraw consent at any time where consent is our legal basis.
Lodge a complaint with the Information Commissioner's Office (ICO) — ico.org.uk.

To exercise any of these rights, contact us at privacy@gpsuk.com. We will respond within one month.

9. Cookies

We use cookies to operate our site and improve your experience. See our Cookie Policy for details on the cookies we use and how to manage them.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls, and regular security reviews. No system is completely secure, and you use our service at your own risk.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be notified to account holders by email.

12. Contact

Questions about this policy or your data can be sent to privacy@gpsuk.com.

2. What data we collect

We collect and process the following categories of personal data:

Account information — name, email address, phone number, company name, billing and delivery addresses, VAT number.

Order information — products ordered, artwork files you upload, decoration choices, PO references, order history and invoices.

Payment information — for card payments, cardholder details are handled directly by our payment processor. We do not store full card numbers on our servers.

Browsing data — IP address, browser and device information, pages visited, referrer URL and approximate location, collected via cookies and server logs.

Correspondence — copies of emails, enquiries and messages you send to us.

3. How we use your data

We use your personal data for the following purposes:

To fulfil your orders, process payments, and deliver products.

To manage your trade account, credit application and invoicing.

To send transactional communications (order confirmations, proof approvals, delivery updates).

To respond to enquiries, quote requests and customer support.

To improve our products, services and website through aggregate analytics.

To comply with legal obligations including tax, accounting and anti-money laundering.

With your consent, to send marketing communications about new products and offers.

4. Legal basis for processing

Under UK GDPR we rely on the following lawful bases:

Contract — to fulfil orders and provide the services you request.

Legitimate interests — to run and improve our business, prevent fraud, and maintain the security of our systems.

Legal obligation — to meet statutory record-keeping and tax requirements.

Consent — for optional marketing communications, which you may withdraw at any time.

5. Who we share your data with

We only share personal data with third parties who help us operate our business, including:

Payment processors and banks for processing payments and BACS transfers.

Couriers and fulfilment partners to deliver your orders.

Cloud hosting and email infrastructure providers who process data on our behalf.

Accountants, auditors and legal advisors, where professional duties require it.

Government authorities or law enforcement, where we are legally required to do so.

We do not sell your personal data to any third party.

7. How long we keep your data

Order and transactional records — retained for at least 6 years to meet HMRC requirements.

Account information — kept for as long as your account remains active, and for up to 2 years after closure.

Marketing preferences — until you unsubscribe or withdraw consent.

Server logs — typically retained for up to 90 days unless required for security investigations.

8. Your rights under UK GDPR

You have the right to:

Access your personal data and receive a copy of it.

Rectify inaccurate or incomplete data.

Erase your data where there is no compelling reason for us to continue processing it.

Restrict or object to certain processing activities.

Data portability — receive your data in a structured, machine-readable format.

Withdraw consent at any time where consent is our legal basis.

Lodge a complaint with the Information Commissioner's Office (ICO) — ico.org.uk.

To exercise any of these rights, contact us at privacy@gpsuk.com. We will respond within one month.