Legal

Privacy Policy

This Privacy Policy explains how EKSC LTD collects, uses, stores and protects personal data in connection with its corporate website and the operations of its active group brands.

Last updated: May 2026. Controller: EKSC LTD, 4th Floor, 205 Regent Street, London W1B 4HB. Company No. 15834846.

1. Who We Are

EKSC LTD is a private limited company registered in England and Wales (Company No. 15834846). For the purposes of UK GDPR and EU GDPR, EKSC LTD is the data controller for personal data collected through this website and through the central checkout infrastructure it operates for selected group brands.

Individual group brands may also act as data controllers in respect of personal data collected directly through their own websites and customer interactions. This Policy covers EKSC LTD's data controller role and the group-level data practices applicable to all brands operated under EKSC LTD.

2. Data We Collect

We collect personal data in the following contexts:

  • Purchase transactions: name, email address, delivery address, telephone number, order details and payment reference (not raw card data)
  • Customer support enquiries: name, email address, order details and communication content
  • Website use: IP address, browser type, pages visited and session data, collected via cookies and analytics tools
  • Business enquiries and service applications: name, email address, business context and communication content

We do not collect raw card data. Payment processing is handled by regulated, PCI DSS-compliant payment service providers. EKSC LTD receives only tokenised references and transaction confirmation data from these providers.

3. How We Use Personal Data

We use personal data for the following purposes:

  • Processing and fulfilling orders placed through active group brands
  • Communicating with customers about their orders, deliveries and support enquiries
  • Processing refunds and returns where applicable
  • Responding to complaints and disputes, and retaining records for dispute review
  • Operating and improving this website
  • Meeting our legal obligations under applicable consumer law, data protection law and payment industry regulations
  • Responding to underwriting, compliance and due diligence enquiries from payment service providers and financial institutions

We do not use personal data for automated decision-making or profiling in a way that produces legal or similarly significant effects on individuals.

4. Legal Basis for Processing

  • Contract performance: processing necessary to fulfil purchase transactions and service agreements
  • Legitimate interests: fraud prevention, transaction monitoring, dispute prevention, operational improvements and security
  • Legal obligation: retention of transaction records, compliance with consumer law, payment industry regulations and applicable tax obligations
  • Consent: where explicitly obtained, for example for marketing communications where applicable

5. Data Sharing

We share personal data with third parties only where necessary for the purposes described in this Policy:

  • Payment service providers: for processing transactions and fraud screening
  • Shipping and logistics partners: for fulfilling delivery of orders
  • IT and infrastructure providers: for operating our systems securely
  • Legal, compliance and regulatory authorities: where required by law or to defend legal claims

We do not sell personal data to third parties. We do not share personal data with third parties for their own marketing purposes.

6. International Transfers

Where personal data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place in accordance with UK GDPR and EU GDPR requirements, including standard contractual clauses where applicable.

7. Data Retention

We retain personal data for as long as necessary for the purposes described in this Policy and to meet our legal obligations. Transaction and order records are retained for a minimum of six years in accordance with UK tax and commercial law requirements. Support and complaint records are retained for a minimum of three years.

8. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of personal data in certain circumstances
  • Object to certain processing activities
  • Request restriction of processing in certain circumstances
  • Data portability in certain circumstances
  • Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at legal@eksc.co.uk. We will respond within one month of receiving your request.

9. Cookies

This website uses cookies for essential functionality and analytics. Essential cookies are necessary for the website to operate and cannot be disabled. Analytics cookies help us understand how visitors use the site. By continuing to use this website, you consent to the use of essential cookies. You may opt out of analytics cookies by adjusting your browser settings.

10. Contact and Complaints

For any data protection enquiries, please contact us at legal@eksc.co.uk or by post to EKSC LTD, 4th Floor, 205 Regent Street, London W1B 4HB.

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at ico.org.uk.