The Data Controller responsible for your personal data is:

Plumbitall Ltd
490 Gorton Rd
Reddish
Stockport
SK5 6PP
United Kingdom
Email: surveys@plumbitall.com
Telephone: 0161 231 0205

For the purposes of this Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data, such as collection, recording, organisation, storage, use, disclosure or erasure.
• "Data Subject" means an identifiable individual whose Personal Data is processed.
• "UK GDPR" is the retained EU law version of the General Data Protection Regulation applicable in the United Kingdom.
• "PECR" refers to the Privacy and Electronic Communications Regulations 2003, which govern electronic marketing and use of cookies.

We may collect, store and process the following categories of Personal Data:

A. Identity and Contact Data

• Full name
• Billing and delivery addresses
• Email address
• Telephone number

B. Order, Transaction and Account Data

• Order details and purchase history
• Payment method (processed by third-party providers; we do not store full card details)
• Refund, return and warranty information
• Customer account details if you create a Shopify account

C. Technical and Usage Data

• IP address, device type and browser type
• Pages visited, time spent and click-paths
• Referring website or ad campaign
• Interaction with site features, such as cart and checkout

D. Marketing and Communications Data

• Email and SMS subscription preferences
• Records of consent for marketing, cookies and notifications
• Engagement with marketing (opens, clicks, unsubscribes)

E. Delivery and Courier Data

Shared with carriers to deliver orders and provide tracking:

• Name
• Delivery address
• Contact telephone number
• Email address for delivery notifications

F. Advertising and Behavioural Data

Collected via Google Analytics 4, Google Ads, Meta (Facebook/Instagram) Pixel, TikTok Pixel, Microsoft Ads, Hotjar and Klaviyo. This may include browsing behaviour, purchase intent, ad interactions and remarketing identifiers.

We collect Personal Data as follows:

• Directly from you – for example, when you place an order, create an account, contact us, enter a promotion or subscribe to marketing.
• Automatically – via Shopify, cookies and similar technologies when you browse, search or interact with the website.
• From third parties – such as payment providers, analytics services, advertising platforms and couriers that interact with our systems.
• Through communications – including email and SMS messages sent for order updates and account activity.

Under Article 6(1) UK GDPR, we must identify a lawful basis for each processing activity. We process Personal Data for the following purposes and bases:

A. Contractual Necessity (Art. 6(1)(b))

Processing necessary to perform a contract with you or to take steps at your request before entering into a contract, including:

• Processing and fulfilling orders
• Taking and managing payments
• Providing invoices and order confirmations
• Arranging delivery of goods and communicating delivery status
• Handling returns, refunds and warranty claims

B. Legal Obligations (Art. 6(1)(c))

Processing necessary to comply with our legal obligations, including:

• Maintaining tax, accounting and financial records
• Responding to lawful requests from public authorities
• Complying with consumer and e-commerce regulations

C. Legitimate Interests (Art. 6(1)(f))

Processing necessary for our legitimate interests, provided these are not overridden by your rights and interests. These interests include:

• Operating, maintaining and improving our website and services
• Monitoring for fraud, abuse and security threats
• Understanding how customers use our site and products
• Managing customer relationships and service quality
• Sending abandoned cart reminders and product follow-ups
• Providing personalised content and product recommendations

D. Consent (Art. 6(1)(a))

In some cases we rely on your consent, including for:

• Email marketing
• SMS marketing
• Push notification marketing
• Non-essential analytics and advertising cookies, as required by PECR

Where processing is based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

We use Personal Data for the following purposes:

• To process orders and provide products and services.
• To manage deliveries and provide tracking and delivery notifications via email and SMS.
• To enable and manage customer accounts, including login, security and order history.
• To respond to enquiries, provide customer service and resolve complaints.
• To send transactional messages such as order confirmations, invoices, dispatch notices and important service updates.
• To send marketing communications (email, SMS, push) where you have provided consent or where another lawful basis applies.
• To operate abandoned cart emails, SMS messages and reminders if you begin but do not complete a purchase.
• To analyse and improve website performance and user experience using analytics data.
• To protect our business, our customers and our systems from fraud and misuse.
• To comply with legal and regulatory requirements and enforce our terms.
• To measure, report on and improve the effectiveness of our advertising campaigns.

We only share Personal Data where necessary and with appropriate safeguards in place. We may disclose Personal Data to:

A. Service Providers and Processors

Including:

• Shopify (platform, hosting, checkout and customer accounts)
• Shopify Payments, PayPal, Klarna, Clearpay, Google Pay, Apple Pay (payment processing)
• Email and SMS providers, including Klaviyo (transactional and marketing communications)
• IT, hosting, security and support providers

B. Delivery Carriers

We share delivery information with carriers and couriers so they can deliver your order and provide tracking and delivery options.

C. Marketing and Analytics Providers

Including:

• Google Analytics and Google Ads
• Meta (Facebook/Instagram) Pixel
• TikTok Pixel and TikTok Ads
• Microsoft/Bing Ads
• Hotjar
• Klaviyo

These providers help us understand usage of our website, improve performance and deliver relevant advertising.

D. Professional Advisers and Authorities

We may share Personal Data with our professional advisers (such as accountants or solicitors) and with regulatory or law enforcement authorities where required by law or necessary to establish, exercise or defend legal claims.

We do not sell your Personal Data to third parties.

Some of our service providers may process Personal Data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place in accordance with Chapter V UK GDPR, such as:

• Use of the UK Addendum to the EU Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs), where applicable
• Transfers to countries subject to UK adequacy regulations

Further details of the specific safeguards applicable to particular transfers can be provided on request.

We retain Personal Data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including for legal, accounting or reporting requirements. Typical retention periods include:

• Order and transaction records: 6 years from the end of the relevant financial year.
• Customer account data: for as long as the account remains active and for a reasonable period thereafter, or until we receive a deletion request.
• Marketing data: until you unsubscribe, withdraw consent, or we determine that the data is no longer accurate or needed.
• Technical and log data: generally 12–24 months.
• Cookie and analytics data: generally 3–12 months, depending on the provider and cookie type.

In some cases, we may need to retain data for longer where necessary to establish, exercise or defend legal claims.

Under the UK GDPR, you have the following rights in relation to your Personal Data:

• Right of access – to obtain confirmation of whether we process your Personal Data and to receive a copy of that data.
• Right to rectification – to have inaccurate or incomplete Personal Data corrected.
• Right to erasure – in certain circumstances, to request deletion of your Personal Data.
• Right to restrict processing – in certain circumstances, to request that we restrict how we use your Personal Data.
• Right to object – to object to processing based on our legitimate interests and to object at any time to processing for direct marketing.
• Right to data portability – to receive your Personal Data in a structured, commonly used and machine-readable format and to have it transmitted to another controller, where technically feasible.
• Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
• Right to lodge a complaint – with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

ICO contact details:
Website: www.ico.org.uk
Telephone: 0303 123 1113

To exercise any of your rights, please contact us at surveys@plumbitall.com. We will respond within one month, subject to any extensions permitted by law.

11.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They enable the website to function, remember your preferences, improve performance and provide insights to help us deliver and improve our services. Cookies may be set by our website (first-party cookies) or by third parties (third-party cookies).

11.2 Types of Cookies We Use

A. Strictly Necessary Cookies

These cookies are essential for the operation of our website and cannot be switched off in our systems. They are usually set only in response to actions made by you, such as logging in, adding items to your basket or completing forms. They are also used for:

• Shopping cart and checkout functionality
• Payment processing and fraud prevention
• Website security and stability
• Remembering cookie consent settings

Strictly necessary cookies are exempt from consent requirements under PECR.

B. Analytics and Performance Cookies

These cookies collect information about how visitors use our website, for example which pages are visited most often and whether users encounter error messages. We use this information to improve how our website works and to understand user interests.

We use tools such as Google Analytics 4 and Hotjar for this purpose.

C. Functional Cookies

Functional cookies enable enhanced functionality and personalisation. They may remember choices you make on the website, such as login details, and help us to provide features like saved baskets or recently viewed items.

D. Advertising and Targeting Cookies

Advertising and targeting cookies may be set through our site by our advertising partners. They are used to build a profile of your interests and show you relevant adverts on other websites and platforms. These cookies work by uniquely identifying your browser and internet device.

We use advertising and targeting cookies in connection with:

• Google Ads
• Meta (Facebook/Instagram) Pixel
• TikTok Pixel and TikTok Ads
• Microsoft/Bing Ads
• Klaviyo and Shopify marketing tools

These cookies require your consent under PECR, except where strictly necessary for a service you have requested. You can manage your consent preferences via your browser settings and, where applicable, our cookie tools.

11.3 Cookie Duration

Cookies are stored for different periods depending on their purpose. Some are "session cookies" which are deleted when you close your browser; others are "persistent cookies" that remain on your device until they expire or are deleted. In general, our cookies are stored for between 3 and 12 months, although certain essential cookies may persist for longer where necessary for security or user preferences.

11.4 Managing Cookies

You can manage cookies through your browser settings, including blocking or deleting cookies. If you choose to block all cookies, you may not be able to access all parts of our website or use some features, including checkout.

You may also manage preferences for personalised advertising directly with advertising platforms (for example Google, Meta, TikTok and Microsoft) via their own privacy and ad settings.

We may update this Policy from time to time to reflect changes in our practices, legal requirements or for other operational reasons. Any updates will be posted on this page with an updated "Last updated" date. We encourage you to review this Policy periodically.

If you have any questions about this Policy or about how we process your Personal Data, or if you wish to exercise any of your rights, please contact us at:

Plumbitall Ltd
490 Gorton Rd
Reddish
Stockport
SK5 6PP
United Kingdom
Email: surveys@plumbitall.com
Telephone: 0161 231 0205