Privacy policy.
How Easipac collects, uses and protects your personal data when you visit easipac.co.uk or place an order with us.
Privacy policy
We collect only what we need to fulfil your order and run our business. We never sell your data, and you have the full set of UK GDPR rights including access, erasure, and complaint to the ICO.
This Privacy Policy explains how Offitec Ltd, trading as Easipac, collects, uses, and protects your personal data when you visit our website (easipac.co.uk) or interact with us. It is written to comply with UK GDPR, the Data Protection Act 2018, and PECR.
1. Who we are (Data Controller)
- Legal entity
- Offitec Ltd
- Trading as
- Easipac
- Companies House number
- 02595789
- VAT number
- GB 689 7730 61
- Registered & trading office
- 194 Garth Road, London, SM4 4LU
- ICO registration number
- ZC134095
- Contact for data matters
- office@easipac.co.uk / 020 8059 9590
2. What personal data we collect
2.1 Account and order data
When you create an account or place an order, we collect: your name, email address, telephone number, billing address, delivery address, company name (where applicable), VAT number (where applicable), order history, and login credentials.
2.2 Payment data
Payments are processed by Stripe, who collect your card details directly. We do not store full card numbers, security codes, or other sensitive payment data.
2.3 Site usage and device data
When you visit our website, we collect technical information including IP address, browser type, device type, pages viewed, and referral source. This is collected through cookies and similar technologies (see section 8).
2.4 Communications
If you contact us, we keep a record of the correspondence so we can respond and refer back to it if needed.
2.5 Marketing data
If you opt in to receive marketing emails, we record your email address, the date and source of your subscription, and your interaction with our marketing emails (such as opens and clicks). This is processed via a third-party email marketing platform.
2.6 CCTV
We operate CCTV inside and outside our premises at 194 Garth Road, London, SM4 4LU, for security and crime prevention. Signage is displayed at all relevant entry points. Footage is retained for up to 60 days, after which it is automatically overwritten. Specific footage may be retained longer for an active incident, an insurance claim, or where required by law.
3. Why we process your data (lawful bases)
| Lawful basis | What we use it for |
|---|---|
| Contract | Processing orders, managing your account, arranging delivery, handling refunds, and otherwise performing our contract with you. |
| Legal obligation | Keeping accounting, tax and VAT records as required by law (typically 6 years). |
| Legitimate interests | Fraud prevention, site security, basic website analytics, and responding to enquiries from business contacts. We always balance our legitimate interests against your rights and freedoms. |
| Consent | Sending you marketing emails (where you have opted in), and setting non-essential cookies (where you have given consent via our cookie banner). You may withdraw consent at any time. |
4. Marketing
We only send marketing emails to people who have actively opted in. Every marketing email includes a clear unsubscribe link, and we action unsubscribes promptly. Opting out of marketing does not affect transactional emails about your orders (such as order confirmations, despatch notifications, and refund confirmations), which we will continue to send.
5. Who we share your data with
We share your data only where it is necessary to deliver our services, meet our legal obligations, or operate our business:
| Recipient | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Payment details, transaction data |
| Email marketing platform | Sending marketing emails to opted-in subscribers | Email address, name, marketing preferences, engagement data |
| Website analytics provider | Site usage analytics | IP address, device data, browsing behaviour |
| E-commerce platform provider | Hosting and operating the website | Account, order, and site usage data |
| Delivery routing provider | Planning and scheduling deliveries | Name, delivery address, phone number, email, order details |
| UK courier partners | Delivery | Name, delivery address, phone number, order reference |
Our internal systems for stock and order management, customer relationship management, and accounting run on our own systems and are not shared with external processors.
We may also disclose data to professional advisers (solicitors, accountants, auditors) where necessary for the proper running of our business, and to regulators, courts, or law-enforcement authorities where required by law or to protect our rights or someone’s safety.
We do not sell your personal data.
6. International transfers
Most of your data is stored within the UK. Some of the third-party providers we use are based outside the UK (including in the United States), which means certain data is transferred to or processed outside the UK.
Where we make such transfers, we ensure that one of the following safeguards applies, as required by UK GDPR Articles 45 and 46: an adequacy decision recognised by the UK government (such as the UK–US Data Bridge), Standard Contractual Clauses approved for use under UK GDPR, or another lawful safeguard.
7. How long we keep your data
| Data category | Retention period |
|---|---|
| Order and transaction records | 6 years from the end of the relevant tax year (HMRC requirement) |
| Active customer accounts | While the account is active |
| Closed or inactive accounts | 12 months after closure or last activity, then deleted |
| Marketing data | Until you unsubscribe, then promptly removed from our marketing platform |
| Customer service correspondence | 2–3 years |
| Website analytics | 14 months (in line with the analytics provider’s default retention) |
| CCTV footage | 60 days, with extension only for incidents, insurance claims, or legal requirements |
You can ask us to delete your data at any time (see section 9). Where we are legally required to retain certain records (for example, accounting records under HMRC rules), we may not be able to delete those records before the legal retention period expires.
8. Cookies
Our website uses cookies for essential functionality, to understand how the site is used, and (where you give consent) to deliver a more personalised experience. When you first visit, you will see a cookie banner asking for your consent to non-essential cookies. We use four categories:
- Strictly necessary cookies: required for the site to function (e.g. cart, checkout, login). No consent needed.
- Analytics cookies: help us understand how visitors use the site. Set only with your consent.
- Functional cookies: remember your preferences (e.g. language, region). Set only with your consent.
- Marketing cookies: reserved for future use. Will be set only with your consent if introduced.
You can change your cookie preferences at any time via the cookie settings link in our website footer.
9. Your rights
Under UK GDPR, you have the right to:
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct inaccurate or incomplete data.
- Erasure: ask us to delete your data (subject to legal exceptions).
- Restriction: ask us to limit how we use your data.
- Objection: object to certain processing (such as marketing, or processing based on legitimate interests).
- Portability: receive your data in a portable format.
- Withdraw consent: where we rely on consent, withdraw it at any time.
To exercise any of these rights, please email office@easipac.co.uk or write to us at the address below. We respond as soon as possible, and within one calendar month at the latest, as required by UK GDPR.
Exercising your rights is free, but we may charge a reasonable fee or refuse to act on a request that is manifestly unfounded or excessive (UK GDPR Article 12(5)). We may need to verify your identity before responding.
10. Complaints
If you are not happy with how we have handled your personal data, please contact us first. You also have the right to complain to the UK’s data protection authority (the Information Commissioner’s Office) at any time, without contacting us first.
11. Changes to this policy
We may update this Privacy Policy from time to time. The current version is always available on our website, and the “Last updated” date at the top tells you when it was last revised. Material changes will be communicated via the website or by email where appropriate.
12. Contact
Questions about this Privacy Policy or how we handle your personal data:
- office@easipac.co.uk
- Phone
- 020 8059 9590
- Post
- Offitec Ltd t/a Easipac, 194 Garth Road, London, SM4 4LU
Talk to a person, not a portal.
Our customer team is based in London and answers every email and call in person. Monday to Friday, 09:00–17:00 UK time, excluding bank holidays and published seasonal closures.