Privacy policy
How we collect, use and protect your personal data under the UK GDPR and the Data Protection Act 2018.
Last updated
This policy explains what information HomeDeal Ltd ("HomeDeal", the data controller) collects about you, why we need it, how long we keep it, and the rights you have over your data.
1. Who we are
- Controller: HomeDeal Ltd, registered in England and Wales, Companies House TBD.
- ICO registration: ZA TBD.
- Privacy contact: privacy@homedeal.co.uk.
2. What we collect
| Category | Example | Collected when |
|---|---|---|
| Identity & contact | Name, email, phone, delivery address | You place an order or create an account |
| Transaction | Order history, items, amounts, payment status | You complete a purchase |
| Payment | Card type, last 4 digits, billing address. Full card numbers are handled by Stripe, never stored on our servers. | At checkout |
| Account & marketing preferences | Password hash, email preferences, wishlist | You register or subscribe |
| Technical | IP address, device type, browser, referring URL | Each visit. Analytics cookies only fire if you consented on the cookie banner. |
| Communications | Support emails, call recordings (where applicable) | You contact us |
3. Why we use your data (lawful basis)
- Contract — processing your order, delivery, returns, and account access.
- Legal obligation — tax, VAT, accounting, fraud prevention, product safety recalls.
- Legitimate interest — improving the site, preventing abuse, securing the platform, and defending legal claims. We balance these against your rights.
- Consent — analytics, marketing emails, advertising cookies. Withdrawn any time via the cookie settings or by emailing us.
4. Sharing your data
We use third-party processors that are bound by UK GDPR-compliant data processing agreements:
- Payments: Stripe (card, Apple Pay, Google Pay), PayPal, Klarna.
- Shipping & fulfilment: Royal Mail, DPD, Evri, and our 3PL warehouse partner (UK-based).
- Email & CRM: transactional and (with consent) marketing email provider.
- Analytics & advertising: Google Analytics 4, Google Ads, Bing Ads, Pinterest, Meta, Awin — only fire after consent.
- Infrastructure: AWS (eu-west-2, London region) and Vercel (edge CDN).
We never sell your personal data. We share it with processors only to the extent needed for them to provide their service to us.
5. International transfers
Where data leaves the UK, we rely on UK-approved transfer mechanisms — either an adequacy decision (e.g. EU countries), the UK International Data Transfer Agreement, or Standard Contractual Clauses with the UK Addendum. Copies of the safeguards applied are available on request from privacy@homedeal.co.uk.
6. How long we keep data
| Data | Retention |
|---|---|
| Order & transaction records | 7 years (UK tax / VAT obligation) |
| Account data | Until you delete the account, plus 30 days backup |
| Marketing email opt-in | Until you unsubscribe; 3 years inactivity re-opt-in |
| Analytics data (consented) | 26 months (GA4 default) |
| Customer support emails | 3 years from last reply |
7. Your rights under UK GDPR
- Access — a copy of the personal data we hold.
- Rectification — correct inaccurate data.
- Erasure — delete your data where we have no overriding legal need to keep it.
- Restriction — pause processing in certain circumstances.
- Portability — receive your data in a structured machine-readable format (JSON).
- Objection — object to processing based on legitimate interest or direct marketing.
- Withdraw consent — for any processing based on consent, at any time.
To exercise any of these rights, email privacy@homedeal.co.uk with the request. We respond within 30 calendar days (extendable to 90 for complex requests, with notice).
Signed-in customers can self-serve data export and deletion from their account area.
8. Marketing
We only send marketing emails to people who opted in. Every marketing email has a one-click unsubscribe link. Transactional emails (order confirmations, delivery updates, account notices) are sent on the legal basis of contract and don't require consent.
9. Cookies
Full details on each cookie, its purpose, and how to control it are on our cookie policy page. You control non-essential cookies via the cookie banner shown on your first visit, and re-open the preferences from the footer any time.
10. Security
We protect your data with TLS in transit, encryption at rest for sensitive fields, role-based access controls, and regular security reviews. Card data is tokenised by Stripe — we never see or store the full number. Report a suspected security issue to security@homedeal.co.uk.
11. Complaints
If you're not happy with how we've handled your data, please email privacy@homedeal.co.uk first. You also have the right to complain to the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
12. Changes to this policy
When we make material changes, we'll update the Last updated date and, where required, email registered users. Prior versions are available on request.