top of page

Privacy Policy

Last updated: 07/01/2026

 

1. Who we are

This website, www.suttonsross.co.uk, is owned and operated by Suttons Ross. We are the data controller for

personal data collected through this website.

 

Contact details

Email: enquiries@suttonsross.co.uk

Telephone: 01989 768 545

 

2. The law we follow

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and

the Data Protection Act 2018.

 

3. Personal data we collect

We may collect personal data including name, email address, postal address, telephone number, account

login details, order and transaction information, and information you provide when contacting us.

 

4. How we collect your data

We collect personal data when you contact us, create or use a customer account, purchase products or

services, or sign up to receive communications.

 

5. Lawful basis for processing

We process personal data under one or more lawful bases, including consent, performance of a contract,

and legitimate interests. We do not use personal data for automated decision-making or profiling.

 

6. How we use your data

We use personal data to respond to enquiries, manage customer accounts, process orders and payments,

deliver products or services, communicate with you, and improve our website and services.

 

7. Marketing communications

We will only send marketing communications where permitted by law. You can opt out at any time by using

unsubscribe links or contacting us directly.

 

8. How long we keep your data

We retain personal data only for as long as necessary, including while an account remains active and as

required for legal, accounting, or regulatory purposes. Inactive account data may be deleted after three

years.

 

9. Sharing your data

We do not sell personal data. We may share data with trusted third parties such as payment providers,

delivery providers, IT service providers, and professional advisers, who are required to keep data secure.

 

10. Data security

We use appropriate technical and organisational measures to protect personal data, including secure

systems, SSL encryption, and restricted access.

 

11. Your rights

You have rights under UK GDPR including access, correction, deletion, restriction, objection, withdrawal of

consent, and the right to complain to the ICO.

 

12. Complaints

Complaints may be made to the Information Commissioner’s Office (ICO) at www.ico.org.uk.

bottom of page