Privacy Policy
This Privacy Policy explains how REMOTEBOX.co.uk collects, uses and protects your personal information when you use our website and services.
1. Who We Are (Data Controller)
GRAY BELL LTD (trading as REMOTEBOX) is the data controller for personal information processed in connection with our website and services.
- Registered address: 20 Church Road, Wisbech, England, PE13 3RA, UK
- Primary contact: legal@remotebox.co.uk
2. Information We Collect
Provided by you (e.g., account, checkout, support): name, email, phone (optional), billing/shipping address, order details. We do not store full card numbers or CVV/CVC.
Automatically collected: IP address, device and browser information, pages visited, session and referral data; collected via cookies or similar technologies.
Optional: marketing preferences (consent), product reviews, survey responses.
Sources: directly from you; your device; payment and delivery partners (transactional metadata and delivery status); fraud-prevention services.
3. How We Use Your Data
- Process and deliver orders; provide customer support and service communications
- Operate and secure our website; prevent fraud and abuse
- Improve products, services and user experience (aggregate analytics)
- Comply with legal, tax and accounting obligations
- Send marketing communications where you have given consent (you can opt out at any time)
4. Lawful Bases (UK GDPR / EU GDPR)
| Purpose | Lawful basis | Examples |
|---|---|---|
| Order processing & customer service | Contract | Checkout, delivery updates, returns |
| Legal & tax compliance | Legal obligation | Invoices, accounting records |
| Marketing emails/SMS | Consent | Only if you opt in; withdraw any time |
| Analytics (non-essential cookies) | Consent | Set via cookie banner; not strictly necessary |
5. Payment Data (Cards & Wallets)
Card payments are processed by SumUp (PCI DSS compliant). We do not store or see full card numbers or CVV/CVC.
We retain limited payment metadata for receipts, support and fraud prevention:
- card brand, last four digits, expiry month/year
- payment token / transaction ID, authorisation status
- billing name and address
- wallet tokens for Apple Pay / Google Pay (not the underlying card)
Transaction records are kept for the period required by accounting and tax laws, then deleted or anonymised.
See also: SumUp Privacy.
6. Data Sharing & Processors
We do not sell your data. We share limited data with trusted service providers acting as processors (e.g., payments, shipping/logistics, hosting, security/fraud, analytics) under written contracts and security obligations. We may disclose information where required by law or to protect our rights, users or the public.
7. International Data Transfers
Where personal data is transferred outside the UK/EU/EEA, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, and the EU Standard Contractual Clauses, plus transfer risk assessments where required. Copies of relevant safeguards can be requested via our privacy contact.
8. Security & Data Retention
We use SSL/TLS encryption, access controls and other technical/organisational measures to protect your data.
We retain personal data only as long as necessary for the purposes described (and to meet legal obligations). Typical periods:
| Record | Typical retention |
|---|---|
| Orders, invoices, tax records | 6–7 years (legal/accounting) |
| Support tickets | Up to 3 years after closure |
| Marketing preferences | Until you withdraw consent or your account is inactive for 2 years |
| Web analytics (consented) | Up to 26 months, or as configured in the analytics tool |
9. Cookies
We use cookies necessary for core site functionality (e.g., login, cart, checkout) and, with consent, functional/analytics/marketing cookies. You can manage preferences via the cookie banner or your browser settings.
For ad/analytics tags we obtain consent via a compliant consent management platform (CMP). Non-essential cookies are not placed until you consent. See our Cookie Policy for details.
10. Your Rights (UK GDPR / EU GDPR)
- Access — obtain a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion in certain circumstances
- Restriction — limit processing in specific cases
- Portability — receive data in a machine-readable format
- Object — to direct marketing (including profiling)
- Withdraw consent — at any time, where processing relies on consent
- Human review — rights related to automated decision-making, including profiling
11. How to Exercise Your Rights
Contact: legal@remotebox.co.uk. We may need to verify your identity. We respond without undue delay and within the timeframes set by law.
12. Automated Decision-Making & Profiling
We do not make decisions producing legal or similarly significant effects solely by automated means. If this changes, we will inform you and explain the logic, significance and consequences, and provide ways to request human review.
13. Children’s Data
Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to remove it.
14. Complaints & Supervisory Authorities
If you have concerns, contact us first — we will do our best to resolve them.
UK: you can complain to the Information Commissioner’s Office (ICO). See contact options on the ICO website.
EU/EEA: you can complain to your local Data Protection Authority.
15. Changes to This Policy
We may update this Policy from time to time. Significant changes will be posted here, and the “Last updated” date below will be revised.
16. Contact Us
REMOTEBOX — GRAY BELL LTD20 Church Road, Wisbech, England, PE13 3RA, UK
legal@remotebox.co.uk