Privacy policy

This GReddy UK privacy policy explains how we collect, use, share, and store personal data when you visit greddy.uk, buy from us, create an account, contact us, or collect an order in person.

1) Who we are

Data controller: TORQEN LTD (trading as GReddy UK)

Email: support@greddy.uk
Post: Unit 3 Quarry Road, Pitstone, LU7 9GW, United Kingdom

In this policy, “we”, “us”, and “our” mean TORQEN LTD (trading as GReddy UK).

2) Changes to this policy

We may update this policy to reflect changes to our business or legal duties. We will publish the updated version on greddy.uk and update the date at the top.

3) Personal data we collect

Personal data means information that identifies you, or can link to you.

A) Data you give us

  • Name, email, phone number
  • Billing and delivery address
  • Account login details (if you create an account)
  • Order details, returns, warranty queries, and support messages
  • Payment status and transaction references (we do not store full card numbers)

B) Data we collect from your device and your use of the site

  • IP address, device type, browser type, operating system, language
  • Pages viewed, links clicked, basket activity, referral source
  • Cookie identifiers and similar technologies (see section 8)

C) Data we receive from third parties

  • Payment providers: payment confirmation, fraud indicators, dispute and chargeback status
  • Delivery partners: tracking events and delivery outcomes
  • Platform and IT suppliers: data needed to run the online shop and support services
  • Fraud prevention tools: risk signals linked to transactions

4) If you do not provide personal data

We need some data to take payment, deliver goods, and support you. If you do not provide it, you may not be able to place an order, receive delivery, or get after-sales support.

5) How we use personal data and our lawful bases

UK law requires a lawful basis for each use.

A) Contract (to supply what you asked for)

  • Process orders, take payment, and send order updates
  • Deliver orders or prepare click-and-collect
  • Handle returns, refunds, and warranty support
  • Provide customer service linked to your purchase

B) Legitimate interests (to run and protect our business)

  • Run, maintain, and improve greddy.uk
  • Keep records of customer contact and orders
  • Prevent fraud, misuse, and attacks on our systems
  • Protect our rights in disputes and complaints

We balance these interests against your rights.

C) Legal obligation

  • Keep tax and accounting records
  • Meet consumer law duties
  • Respond to lawful requests from authorities and regulators

D) Consent (only where the law requires it)

  • Non-essential cookies and tracking (analytics and advertising)
  • Some marketing messages, depending on the channel and your relationship with us

You can withdraw consent at any time (see section 19).

6) Shopify platform and hosting

Our online shop runs on Shopify. Shopify provides the platform for checkout, order management, and account features. When you browse or buy from greddy.uk, we process your personal data using Shopify systems and Shopify-approved suppliers that support the platform.

Shopify acts as a processor for customer data we put into the platform to operate our store. Shopify may act as a controller for some of its own products and services under its own terms.

7) Payments

If you pay with a payment provider, that provider processes your payment and may run fraud checks. We receive payment confirmation and transaction references.

Payment methods we offer

  • PayPal
  • Shopify Payments (card payments through our checkout, if available)
  • Klarna (pay later or instalments, if available)
  • Bank transfer

What we share for payments

We share the data needed to process payment and manage fraud checks, refunds, and disputes. This typically includes your name, contact details, billing and delivery details, order details, and transaction information.

Klarna

If you choose Klarna, we share your contact and order details with Klarna so Klarna can assess eligibility and provide its payment options. Klarna then processes your data under Klarna’s own privacy notice.

Bank transfer

If you pay by bank transfer, our bank and your bank process the transfer details (such as account name, account numbers, sort code, reference, and amount). We use the reference to match your payment to your order.

8) Cookies, Google Analytics, and Meta Pixel

We use cookies and similar technologies for site functions, analytics, and advertising.

Cookie categories

  • Strictly necessary (basket, checkout, security)
  • Preferences (for example, remembered settings)
  • Analytics (site performance and usage)
  • Advertising (measuring campaigns and building audiences)

We only run analytics and advertising cookies and pixels if you consent through our cookie banner.

Google Analytics

If you consent, Google Analytics collects information about how you use the site (for example, pages viewed, session activity, device and browser information, and referral source).

Meta Pixel (Facebook Pixel)

If you consent, Meta Pixel sends event data about actions on our site (for example, page views and purchases) so we can measure adverts and build audiences on Meta platforms.

Your choices

You can change your cookie choices at any time using the cookie settings controls on the site (if available) or your browser settings. If you block cookies, parts of the site may not work.

9) Call recordings

We may record calls for training, quality, and to help resolve complaints and disputes.

  • What we collect: your phone number, call audio, and information you share on the call
  • Lawful basis: legitimate interests, and contract where the call relates to an order or support
  • Retention: 90 days, then deletion, unless we need a recording for an open complaint, dispute, fraud investigation, or legal claim
  • Your choices: tell us at the start of the call if you want another contact method

10) WhatsApp and other messaging

If you message us on WhatsApp, we process the message content and any files you send so we can support you (for example, order queries, returns, and product support).

WhatsApp is provided by Meta. Meta processes data under its own terms, which may include processing outside the UK.

  • Lawful basis: contract (support linked to an order) and legitimate interests (customer support and record-keeping)
  • Retention: 12 months after the last message, then deletion, unless we need it for an open issue or legal claim

Do not send card details via WhatsApp.

11) CCTV (site security and click-and-collect)

If you collect an order in person or visit our premises, we use CCTV around the site for safety, crime prevention, and incident investigation. CCTV may capture images of you, your vehicle, and the time and location of your visit.

  • Lawful basis: legitimate interests in protecting people and property, and investigating incidents
  • Sharing: we may share footage with the police, insurers, advisers, or other parties involved in an incident where lawful
  • Retention: 30 days, then deletion, unless we need footage for an active investigation or dispute
  • Your rights: you can request access to footage that includes you. You need to give us the date, time, and location so we can find it

12) Who we share personal data with

We share personal data only as needed to run the store and supply your order.

  • Shopify (platform hosting and store operations)
  • Payment providers (PayPal, Shopify Payments, Klarna, banks)
  • Delivery and logistics partners
  • Fraud prevention and security providers
  • Customer support tools (ticketing and chat)
  • Analytics and advertising partners (only if you consent to those cookies)
  • Professional advisers (accountants, insurers, lawyers)
  • Authorities and regulators where the law requires it

We do not sell personal data.

13) Email hosting (OVHcloud)

We use OVHcloud to host and process our business email systems. Personal data in emails you send us (and emails we send you) may be stored and processed on OVHcloud systems as part of delivering email services. OVHcloud acts as a processor for this data under its terms.

14) International transfers

Some suppliers (including Shopify, Meta, Google, WhatsApp, and OVHcloud) may process personal data outside the UK. Where the law requires it, we use recognised safeguards for international transfers, such as approved contractual terms.

You can ask us for more detail about the safeguards that apply by emailing support@greddy.uk.

15) How long we keep personal data

We keep personal data only for as long as needed for the purposes in this policy.

Typical periods

  • Orders, invoices, and tax records: 6 years after the end of the relevant financial year
  • Customer support records (email, tickets): 24 months after case closure
  • Account data: while your account stays open, then 24 months after closure (unless we need it for legal reasons)
  • Marketing lists: until you unsubscribe, or 24 months after your last meaningful interaction
  • Call recordings: 90 days (see section 9)
  • WhatsApp messages: 12 months (see section 10)
  • CCTV: 30 days (see section 11)
  • Security logs: 12 months

If we need data for a live dispute, fraud investigation, or legal claim, we keep it for as long as needed for that purpose.

16) Security

We use access controls and other measures to protect personal data. No online service is risk-free. Use a strong password for any account you create and keep it private.

17) Automated decision-making

We may use automated tools to help detect fraud and protect transactions. If a tool blocks a transaction, contact us and we will review it.

18) Marketing choices

You can opt out of marketing at any time by using the unsubscribe link in an email or by contacting us.

If you buy from us, we may email you about similar products where UK rules allow it. You can opt out at any time.

19) Your rights

Under UK data protection law, you can:

  • ask for access to your personal data
  • ask us to correct inaccurate data
  • ask us to delete data in some cases
  • ask us to restrict processing in some cases
  • object to processing based on legitimate interests, including direct marketing
  • ask for data portability in some cases
  • withdraw consent at any time where we rely on consent

Email support@greddy.uk to exercise your rights. We may ask for proof of identity.

20) Complaints

Contact us first and we will try to resolve your concern. You can also complain to the UK regulator, the Information Commissioner’s Office.

21) Third-party websites

Our site may link to third-party sites. Their privacy practices differ. Read their privacy information before you provide personal data.

22) Children

Our services are not intended for children under 16. If you think a child has given us personal data, contact us and we will take appropriate steps.

Last updated: 17 January 2026