GC Trade 68 Privacy Policy - Protecting Your Personal Data

PRIVACY POLICY

 



 

 

GC TRADE 68 LTD | Company No. 16523391

Last Updated: 25 June 2026

Compliant with UK GDPR and the Data Protection Act 2018

 

 

1. Introduction

GC TRADE 68 LTD ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website Httpd://www.gctrade68.uk, make a purchase, or interact with us.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered address is 44 Tripp Batt Close, Stanton, Bury St. Edmunds, Suffolk, England, IP31 2FR.

For data protection enquiries, please contact us at: welcome@gctrade68.uk

 

2. What Personal Data We Collect

2.1 Data You Provide Directly

  • Full name and contact details (email address, telephone number, delivery and billing address)
  • Account login credentials (if you create an account)
  • Payment information — processed securely via Stripe; we do not store card details on our systems
  • Direct Debit mandate details — collected and processed via Stripe and the Bacs Direct Debit scheme
  • Order history and preferences
  • Communications you send us, including customer service enquiries

2.2 Data Collected Automatically

  • IP address and browser/device information
  • Pages visited, time on site, referring URLs (via cookies and analytics tools)
  • Cookies and similar tracking technologies (see Section 8)

2.3 Data From Third Parties

  • Payment and fraud prevention data from Stripe, Inc.
  • Delivery tracking data from our logistics partners

 

3. How We Use Your Personal Data

We use your personal data for the following purposes and on the following legal bases:

 

Processing your order (contract performance): Name, address, email, payment details — to fulfil and deliver your order.

Payment processing (contract/legitimate interest): We use Stripe to process credit/debit card payments and Direct Debit collections. Stripe acts as a data processor on our behalf and is subject to its own privacy policy.

Customer communications (contract/legitimate interest): Order confirmations, dispatch notifications, and responses to your enquiries.

Legal compliance (legal obligation): We retain certain records to comply with HMRC, consumer law, and financial regulations.

Fraud prevention (legitimate interest): We use Stripe's fraud detection tools to protect both you and our business.

Marketing (consent): If you have opted in, we may send you promotional emails. You can unsubscribe at any time.

Website improvement (legitimate interest): Analysing how visitors use our website to improve its content and functionality.

 

4. Stripe — Payment Processing

We use Stripe, Inc. to process credit and debit card payments and to collect Direct Debit payments under the Bacs Direct Debit scheme.

4.1 Credit and Debit Card Payments

When you pay by card, your payment details are entered directly into Stripe's secure payment environment. We do not receive or store your full card number, CVV, or expiry date. Stripe is PCI DSS Level 1 certified.

4.2 Direct Debit

If you choose to pay by Direct Debit, your bank account details and mandate are collected and managed by Stripe in accordance with the Bacs Direct Debit scheme rules. You will receive advance notice of any payment in accordance with the Direct Debit Guarantee. The Direct Debit Guarantee protects you in the event of any error in the payment of a Direct Debit.

Stripe's privacy policy is available at: https://stripe.com/gb/privacy

 

5. How Long We Keep Your Data

  • Order and transaction records: 7 years (HMRC requirement)
  • Customer account data: for the duration of your account, plus 3 years after closure
  • Direct Debit mandate records: as required by Bacs scheme rules (minimum 2 years after last payment)
  • Marketing preferences: until you withdraw consent
  • Website analytics data: up to 26 months
  • Customer service communications: 3 years

 

6. Sharing Your Personal Data

We do not sell your personal data. We may share it with:

  • Stripe, Inc. — for payment processing and fraud prevention
  • Delivery and logistics partners — to fulfil your order
  • HMRC and other regulatory authorities — where required by law
  • Professional advisers — legal, accounting, or auditing where necessary
  • IT and website service providers — acting as data processors under our instruction

Where we share data with third parties outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).

 

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access — to request a copy of your personal data (Subject Access Request)
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure — to request deletion of your data in certain circumstances
  • Right to restrict processing — to limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — including to direct marketing at any time
  • Rights related to automated decision-making and profiling

To exercise any of these rights, please contact us at: welcome@gctrade68.uk

We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

 

8. Cookies

Our website uses cookies to improve your experience. Cookies are small text files stored on your device. We use:

  • Essential cookies — necessary for the website to function (cannot be disabled)
  • Analytics cookies — to understand how visitors use the site (require your consent)
  • Marketing cookies — to show you relevant advertising (require your consent)

You can manage your cookie preferences via our cookie banner or your browser settings. For more information, see our Cookie Policy.

 

9. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Payment data is processed via Stripe's encrypted, PCI-compliant infrastructure. However, no internet transmission is entirely secure, and we cannot guarantee the absolute security of data transmitted to or from our website.

 

10. Children

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

 

11. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of our website following any changes constitutes your acceptance of the updated policy.

 

12. Contact Us

Data Controller: GC TRADE 68 LTD

Registered Address: 44 Tripp Batt Close, Stanton, Bury St. Edmunds, Suffolk, England, IP31 2FR

ICO: www.ico.org.uk

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.