Privacy Policy

This Privacy Policy explains how NOSEAN LIMITED (hereinafter “we”, “us” or “our”) collects, uses, stores, and protects your personal data when you use our website (the “Website”) or make a purchase from us. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that your personal data is handled fairly, lawfully, and transparently. This Policy applies to all customers and website users globally, and outlines your rights in relation to your personal data, as well as our obligations as a data controller.

1. Who We Are

NOSEAN LIMITED is a company registered in Scotland, with its registered address at WESTERTON ROAD EAST MAINS INDUSTRIAL ESTATE, WESTERTON HOUSE, BROXBURN, SCOTLAND EH52 5AU. We are the data controller of your personal data, meaning we are responsible for deciding how and why your personal data is processed. For matters relating to this Privacy Policy or your personal data, we act as the sole data controller in line with UK data protection laws.

2. What Personal Data We Collect

We only collect personal data that is necessary for the purposes outlined in this Policy, in line with the UK GDPR principle of data minimisation. The types of personal data we may collect include:

  • Personal Identification Data: Names, email addresses, telephone numbers, and postal addresses, which you provide when creating an account, placing an order, or contacting us.
  • Payment Data: Payment card details (processed securely via our exclusive payment gateway; we do not store full payment card information) and billing addresses, required to process your purchases.
  • Order Data: Details of your orders, including items purchased, order dates, and order values, to fulfil your purchases and provide order updates.
  • Website Usage Data: IP addresses, device information, browser type, and browsing activity on our Website (collected via cookies and similar technologies), to improve our Website performance and user experience.

We do not collect or process any special category personal data (as defined by UK GDPR), including data relating to race, ethnic origin, political opinions, religious beliefs, health, or sexual orientation, as this is not necessary for our business operations.

3. Lawful Bases for Processing Your Personal Data

Under UK GDPR, we must have a valid lawful basis to process your personal data. Our lawful bases are as follows:

  • Performance of a Contract: To process your orders, deliver products, and provide customer support related to your purchases. This includes collecting and using your personal and payment data to fulfil our obligations under the contract between you and us.
  • Legitimate Interests: To improve our Website, personalise your browsing experience, and ensure the security of our services. This includes analysing website usage data to identify areas for improvement and prevent fraudulent activity. We ensure that our legitimate interests do not override your privacy rights.
  • Consent: For the use of cookies and similar technologies on our Website (where required by law). You can withdraw your consent at any time by adjusting your cookie settings on the Website.

4. How We Use Your Personal Data

We use your personal data only for the purposes for which it was collected, and we do not use it for any unforeseen purposes without first notifying you and, where required, obtaining your consent. Our key uses include:

  • Processing and fulfilling your orders, including sending order confirmations and updates.
  • Processing payments securely and verifying payment details to prevent fraud.
  • Providing customer support and responding to your queries or requests.
  • Improving our Website, products, and services based on your browsing and purchase activity.
  • Ensuring the security of our Website and preventing unauthorised access or fraudulent transactions.
  • Complying with our legal and regulatory obligations under UK law.

5. Who We Share Your Personal Data With

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share your personal data with the following categories of third parties, who act as data processors (meaning they process data on our behalf and in line with our instructions):

  • Payment Processors: To securely process your payments via our exclusive payment gateway. These processors are bound by strict data protection obligations and only process your data to complete payment transactions.
  • IT Service Providers: To maintain and secure our Website, host our data, and provide technical support. These providers are required to implement appropriate security measures to protect your data.
  • Legal and Regulatory Authorities: If required by law, to comply with court orders, subpoenas, or other legal obligations under UK law or the law of your country of residence.

We ensure that all third-party data processors comply with UK GDPR and the Data Protection Act 2018, and we have written agreements in place to govern their processing of your personal data.

6. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Order and Payment Data: Retained for 6 years from the date of your last order, to comply with UK tax and accounting regulations and to handle any potential disputes.
  • Account and Contact Data: Retained for as long as you have an active account with us, plus 2 years after your account is closed, to ensure we can respond to any future queries.
  • Website Usage Data: Retained for 12 months, after which it is anonymised (so it can no longer be linked to you) and used for statistical purposes.

Once your personal data is no longer required, we will securely delete or anonymise it in line with UK data protection best practices.

7. Data Security

We take the security of your personal data very seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, destruction, or alteration. These measures include:

  • Encryption of sensitive data (including payment data) both in transit and at rest.
  • Secure hosting of data with UK-based providers that comply with UK GDPR.
  • Regular security audits and updates to our Website and systems.
  • Restricted access to personal data, limited only to employees who need it to perform their job functions.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data, but we will always act in line with UK law to mitigate any risks.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us via email (details available upon request):

  • Right to Access: You have the right to request a copy of the personal data we hold about you, free of charge.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure: You have the right to request that we delete your personal data, where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances (e.g., if you dispute the accuracy of the data).
  • Right to Data Portability: You have the right to request a copy of your personal data in a structured, machine-readable format, which you can then transfer to another data controller.
  • Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis.

We will respond to all valid requests within 30 days of receiving them, in line with UK GDPR requirements. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator.

9. Cookies and Similar Technologies

We use cookies and similar technologies (such as web beacons) to collect website usage data and improve your browsing experience. Cookies are small text files stored on your device when you visit our Website. We use both “essential” cookies (required to make our Website work properly) and “non-essential” cookies (used to improve our services and personalise your experience).

You can manage your cookie preferences at any time by adjusting your browser settings. Please note that disabling non-essential cookies may affect the functionality of our Website.