Privacy policy

1. Introduction

This Privacy Policy explains how Fixing Smith Ltd (“we”, “our”, or “us”) collects, uses, and protects your personal information when you visit or make a purchase on our website: fixingsmith.com. This policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also includes jurisdiction-specific disclosures for the EU/EEA (GDPR), United States – California (CCPA/CPRA), Canada (PIPEDA), Brazil (LGPD), and Japan (APPI).

2. Contact Details

If you have questions about this policy or want to exercise your data rights, please contact us.

fs@fixingsmith.com
Postal: Fixing Smith Ltd, 60 Millmead Business Centre, Mill Mead Road, London, N17 9QU, United Kingdom
Data Protection Contact: Martin Deveci

3. What Personal Data We Collect

We may collect and process the following categories of personal information:

Identity Data: Full name, username or similar identifier

Contact Data: Billing address, delivery address, email address, phone number

Financial Data: Payment card details (processed via secure payment gateways; we do not store full card numbers)

Transaction Data: Details about orders and payments

Technical Data: IP address, browser type/version, time zone, operating system, platform

Usage Data: Information on how you use our website

Marketing Data: Your preferences for receiving marketing communications

Communications Data: Messages, support requests, and related correspondence

4. How We Use Your Personal Data

We process your data to:

  • Fulfill and deliver your orders
  • Manage payments and refunds
  • Respond to customer service queries
  • Improve website functionality and user experience
  • Comply with legal obligations
  • Send marketing communications, if consented

5. Legal Bases for Processing

We rely on the following lawful bases:

  • Contractual necessity (e.g., to fulfill your order)
  • Legal obligation
  • Legitimate interests (e.g., website analytics, fraud prevention)
  • Consent (e.g., for email marketing – can be withdrawn at any time)

6. Sharing Your Personal Data

We share necessary data with third parties to provide our services:

  • Shopify (e-commerce platform)
  • Payment processors (e.g., Stripe, PayPal)
  • Shipping providers (e.g., Royal Mail, DPD)
  • IT, hosting, and system administration services
  • Analytics and advertising partners where consented

We require all partners to handle data in accordance with applicable data protection laws and appropriate contractual safeguards.

7. International Transfers

Your data may be transferred outside the UK and/or your country of residence. Where this occurs, we implement safeguards such as the UK International Data Transfer Agreement/Addendum, EU Standard Contractual Clauses, or other legally recognized transfer mechanisms.

8. Data Retention

We retain your personal data only as long as necessary for the purposes set out in this policy. By law, we keep basic customer and order data for 6 years for tax and compliance purposes. We retain marketing consent records and preference logs as required for audit.

9. Your Legal Rights

Depending on your location, you may have rights to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent at any time

To exercise your rights, contact us via the email above. We may request proof of identity where permitted by law.

10. Cookies

Our website uses cookies and similar technologies to improve your browsing experience, analyse website traffic, and support essential site features such as checkout and login. This section explains what cookies are, how we use them, and how you can manage your preferences.

10.1. What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. They help the website remember your preferences, improve performance, and offer a more personalised experience.

10.2. Types of Cookies We Use

We use the following categories of cookies:

Strictly Necessary Cookies

These are essential for the operation of the website. They allow basic functions like page navigation, secure login, and checkout processes. Without these cookies, the website cannot function properly.

Performance & Analytics Cookies

These cookies help us understand how visitors interact with our site by collecting information anonymously. For example, we use Google Analytics to track usage statistics and improve site functionality.

Functional Cookies

These cookies enable the site to provide enhanced functionality and personalisation, such as remembering your preferred language or region.

Targeting & Advertising Cookies

These cookies track your browsing habits to show you relevant adverts on other websites. They may be set by us or by advertising partners such as Google or Facebook.

10.3. Third-Party Cookies

Some cookies are set by third-party services integrated into our website, such as:

  • Google Analytics (analytics and traffic insights)
  • Shopify (store functionality and checkout)
  • Payment providers like Stripe and PayPal
  • Advertising platforms such as Facebook and Google Ads

These third parties have their own privacy and cookie policies, which we encourage you to review.

10.4. Cookie Duration

Cookies can be as following (we use a combination of both types):

Session Cookies – deleted automatically when you close your browser.
Persistent Cookies – remain on your device for a set period or until manually deleted.

10.5. Your Cookie Choices

When you first visit our site, you are presented with a cookie banner allowing you to:

  • Accept all non-essential cookies
  • Decline optional cookies
  • Manage preferences by category

You can change your preferences at any time via your browser settings or by clearing your cookies.

Refer to www.allaboutcookies.org for instructions on how to manage cookies in your browser.

10.6. Legal Basis for Use of Cookies

Under UK GDPR, we use consent as the legal basis for all non-essential cookies (e.g., analytics, advertising) and legitimate interests or contractual necessity for essential cookies that enable core site functions. Your consent is collected via our cookie banner and stored for audit purposes.

10.7. Updates to This Section

We may update our cookie usage or this policy as required by law or changes in our services. Please check this page regularly for the most current information.

11. Security Measures

We implement technical and organizational measures to safeguard your data, including encryption, secure hosting, access controls, and ongoing monitoring.

12. Children’s Privacy

Our services are not directed to children under the age required by local law (e.g., 13 in the US, 16 in the EU for consent). We do not knowingly collect data from such children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be notified via our website.

Last updated: 30 October 2025

14. How to Complain

If you have concerns, please contact us first. You may also have the right to lodge a complaint with your local supervisory authority (e.g., in the UK, the Information Commissioner’s Office – search “Report a concern ICO”).

Jurisdiction‑Specific Disclosures

A. EU/EEA – GDPR

  • Controller: Fixing Smith Ltd, 60 Millmead Business Centre, Mill Mead Road, London, N17 9QU, UK. For EU residents, we may appoint an EU representative where required.
  • Legal bases: as described in Section 5 in line with Art. 6 GDPR.
  • Rights: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent; right to complain to your local Data Protection Authority.
  • International transfers: EU Standard Contractual Clauses or equivalent safeguards.
  • Data Protection Officer: Martin Deveci, fs@fixingsmith.com

B. United States – California (CCPA/CPRA)

  • Categories collected: identifiers, commercial information, internet activity, geolocation (approximate), inferences, and customer records as described in Sections 3–4.
  • Sources: directly from you; automatically from your device; service providers and partners.
  • Purposes: as described in Section 4.
  • Disclosures: to service providers and contractors for business purposes; we do not sell personal information for monetary consideration.
  • “Sharing” for cross‑context behavioral advertising: may occur where you accept advertising cookies.
  • Your rights: know/access, correct, delete, portability, opt‑out of “sale”/“sharing”, limit use of sensitive information (if applicable), non‑discrimination.
  • How to exercise: email fs@fixingsmith.com or use the “Do Not Sell or Share My Personal Information” link in the footer.
  • Verification: we may request information to verify your request; authorized agents may act on your behalf with proof of authority.
  • Retention: as in Section 8.

C. Canada – PIPEDA

  • Your rights: access, correction, and to challenge our compliance.
  • Lawful bases: consent and reasonable purposes consistent with PIPEDA; we use express consent for marketing.
  • Complaints: contact us; you may also contact the Office of the Privacy Commissioner of Canada.

D. Brazil – LGPD

  • Legal bases: consent, contract, legal obligation, legitimate interests, and others as defined by LGPD.
  • Rights: confirmation of processing, access, correction, deletion, portability, information about sharing, withdrawal of consent, and review of automated decisions where applicable.
  • National Authority: Autoridade Nacional de Proteção de Dados (ANPD).

E. Japan – APPI

  • Purpose of use: listed in Section 4; we notify or disclose purposes before or at the time of collection as required.
  • Joint use/entrustment: where we entrust processing to service providers, we supervise them appropriately.
  • Transfers to foreign third parties: we obtain consent or rely on adequacy or equivalent safeguards as permitted by APPI.
  • Rights: disclosure, correction, suspension of use, deletion as applicable under APPI.

Do Not Sell or Share (for applicable U.S. States)

If you are a resident of certain U.S. states with enhanced privacy laws, you may opt out of the “sale” or “sharing” of personal information used for cross‑context behavioral advertising at any time. Use our cookie banner preferences or visit Your Privacy Choices (Do Not Sell or Share My Personal Information). We also honor Global Privacy Control (GPC) signals where supported.