Privacy Policy
How we collect, use, and protect your personal data in accordance with UK GDPR.
Last updated: 27 November 2025
1. Data Controller
The data controller responsible for your personal data is:
Xappie Limited
Company Registration Number: 11901404
Registered Office: 20 Upper Camp Street, Salford, England, M7 2ZN
Place of Registration: England & Wales
If you have any questions about this privacy policy or our data practices, please contact us using the details provided in the Contact section below.
2. Categories of Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity Data: Name, title, date of birth
- Contact Data: Address, email address
- Financial Data: Bank account details, payment card information
- Transaction Data: Details of products and services you have purchased from us
- Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- Usage Data: Information about how you use our website and services
- Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences
3. How We Collect Your Personal Data
We collect personal data through:
- Direct interactions when you provide information to us (e.g., when you contact us, place an order, or subscribe to our services)
- Automated technologies when you interact with our website (cookies, server logs)
- Third parties or publicly available sources (e.g., Companies House, credit reference agencies)
4. Purposes and Legal Bases for Processing
We process your personal data for the following purposes and legal bases:
| Purpose | Legal Basis |
|---|---|
| To process and deliver your orders | Contract performance |
| To manage our relationship with you | Contract performance, legal obligation, legitimate interests |
| To improve our website and services | Legitimate interests |
| To send marketing communications | Consent or legitimate interests |
| To comply with legal obligations | Legal obligation |
5. Data Recipients
We may share your personal data with:
- Service providers who assist us in operating our business (e.g., payment processors, IT service providers)
- Professional advisers (e.g., lawyers, accountants, auditors)
- Regulatory authorities and law enforcement agencies when required by law
- Third parties to whom we may choose to sell, transfer, or merge parts of our business
6. International Transfers
Some of our service providers may be located outside the UK/EEA. Where we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:
- Adequacy decisions by the UK government or European Commission
- Standard contractual clauses approved by the UK government or European Commission
- Other appropriate safeguards as required by UK GDPR
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our retention periods are:
- Customer data: 7 years after the end of our business relationship (for tax and accounting purposes)
- Marketing data: Until you withdraw consent or object to processing
- Website analytics: 26 months (Google Analytics default)
- Legal claims: As long as necessary to defend or pursue legal claims
8. Security Measures
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication procedures
- Staff training on data protection
9. Your Rights
Under UK GDPR, you have the following rights:
- Right of Access: You can request a copy of the personal data we hold about you
- Right to Rectification: You can request correction of inaccurate or incomplete data
- Right to Erasure: You can request deletion of your personal data in certain circumstances
- Right to Restrict Processing: You can request limitation of how we process your data
- Right to Data Portability: You can request transfer of your data to another service provider
- Right to Object: You can object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, please contact us using the details in the Contact section below.
10. How to Exercise Your Rights
To exercise your rights, please contact us at our registered office address or via email. We will respond to your request within one month. We may need to verify your identity before processing your request.
11. Complaints
If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: https://ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
12. Contact
For any questions about this privacy policy or to exercise your rights, please contact us:
Xappie Limited
Registered Office: 20 Upper Camp Street, Salford, England, M7 2ZN
Company Registration Number: 11901404