PRIVACY POLICY

Last updated: [11/11/2025]

This Privacy Policy describes how Oily Ltd (“Oily”, “we”, “us”, or “our”) collects, uses, and protects your personal information when you visit or make a purchase from oilyoil.co.uk (the “Site”) or otherwise interact with us.

We are committed to safeguarding your privacy and handling your personal information in a transparent, fair, and lawful manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Changes to This Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. Updates will be posted on this page with a revised “Last updated” date. Continued use of our Site after updates indicates acceptance of the revised terms.

2. Data Controller

For the purposes of applicable data protection laws, Oily Ltd is the data controller of your personal information.
Our contact details are:

📩 oily@oilyoil.co.uk

📍 Oily Ltd, 124 City Road, London, England, EC1V 2NX

3. Personal Information We Collect

Information You Provide Directly

When you interact with our Site or purchase from us, we may collect:

  • Contact details (name, email address, phone number, billing and shipping address)

  • Order details (items purchased, payment confirmation, delivery preferences)

  • Account information (if applicable, such as username and password)

  • Communication history (emails, messages, or customer service interactions)

  • Marketing preferences (such as newsletter sign-ups or competition entries)

Information Collected Automatically

When you browse our Site, we may automatically collect:

  • Usage data (pages visited, time spent, referring sites)

  • Device and browser information (IP address, operating system, browser type)

  • Cookies and analytics data (to improve functionality, experience, and marketing)

For details on cookies, see Section 7 below.

Information from Third Parties

We may receive information from trusted partners such as:

  • Shopify, which powers our online store

  • Payment processors (to complete transactions securely)

  • Delivery partners and couriers (for shipping updates)

  • Marketing and analytics providers (for advertising and performance insights)

4. How We Use Your Information

We process your personal information only where we have a lawful basis to do so under the UK GDPR, including:

Purpose

Example Activities

Legal Basis

To fulfil your orders

Processing payments, shipping products, and providing receipts

Contract necessity

To communicate with you

Sending order confirmations, updates, and support replies

Contract necessity / Legitimate interests

To improve our Site and services

Analysing usage data, fixing errors, and optimising performance

Legitimate interests

For marketing and promotions

Sending updates, offers, or newsletters (if consented)

Consent / Legitimate interests

To prevent fraud and ensure security

Monitoring transactions and verifying identity

Legitimate interests / Legal obligation

To comply with the law

Fulfilling record-keeping or regulatory obligations

Legal obligation

We will never sell your personal data to third parties.

5. How We Share Your Information

We may share your personal information with:

  • Shopify, which hosts our online store and processes your data as part of order fulfilment. You can review Shopify’s privacy policy at www.shopify.com/legal/privacy.

  • Payment processors (e.g., Shopify Payments, PayPal, Revolut) to process your payments securely.

  • Shipping and logistics partners (e.g., Huboo, couriers) to deliver your orders.

  • IT and marketing service providers who support our website, analytics, or communications.

  • Legal or regulatory authorities, if required by law or to protect our rights.

All partners only receive the minimum necessary data and are contractually required to handle it securely.

6. Data Retention

We retain personal information for as long as necessary to:

  • Complete your transactions and provide services,

  • Comply with legal, accounting, or reporting obligations, and

  • Resolve disputes or enforce our agreements.

Typically:

  • Order and payment records: 6 years (for tax and accounting purposes)

  • Marketing data: until you unsubscribe or withdraw consent

  • Website analytics data: up to 24 months

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable core site functionality (e.g., your shopping basket)

  • Analyse visitor traffic and site performance

  • Personalise marketing and advertising

You can manage or disable cookies in your browser settings. However, some parts of the Site may not function properly without them.
For more details, see Shopify’s Cookie Policy.

We also honour Global Privacy Control (GPC) signals where applicable.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Access – Request a copy of your personal data.

  • Correction – Ask us to correct inaccurate or incomplete data.

  • Erasure – Request deletion of your data, subject to legal retention limits.

  • Restriction – Ask us to pause processing in certain cases.

  • Portability – Request transfer of your data to another provider.

  • Objection – Object to data processing based on legitimate interests.

  • Withdraw consent – Withdraw marketing consent at any time.

To exercise any of these rights, contact oily@oilyoil.co.uk.
We may need to verify your identity before responding. We aim to reply within one month of receiving your request.

If you are unsatisfied with our response, you can lodge a complaint with the Information Commissioner’s Office (ICO):
📞 0303 123 1113 | 🌐 www.ico.org.uk

9. Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, or disclosure.
While we take these steps seriously, no method of transmission over the internet is entirely secure, and we cannot guarantee absolute security.

10. International Data Transfers

We primarily store and process your data in the UK and European Economic Area (EEA).
If data is transferred outside these regions (for example, to Shopify servers in Canada or the US), it will be done under legally approved safeguards such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) to ensure your information remains protected.

11. Children’s Privacy

Our website and products are not directed toward children under 16.
We do not knowingly collect or store data relating to children.
If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

📩 oily@oilyoil.co.uk

📍 Oily Ltd, 124 City Road, London, England, EC1V 2NX