Privacy & Cookie Policy

Last Updated: 25 February 2025

James Alexander is a trading name of James Alexander Trading Ltd, registered in England and Wales (No: 10361514), with its head office at 85 Great Portland Street, First Floor, London, W1W 7LT, UK. This Privacy and Cookie Policy explains how we collect, use, and protect your personal data on jamesalexander.co.uk (“Site”), including our use of cookies, in line with UK GDPR, EU GDPR, and PECR.

What Personal Data Do We Collect?

We collect:

  • Identity/Contact: Full name, email, billing/delivery address, phone number.
  • Financial: Credit card or payment details (securely processed).
  • Transaction: Purchase history, encrypted password.
  • Technical: IP address, browser type, referral site, Site usage data.
  • Communications: Contact records, reviews, marketing preferences.

By providing this data voluntarily, you agree to its use per this policy.

When Do We Collect Your Personal Data?

We collect your personal data:

  • When you purchase, check out as a guest, or create an account.
  • When you sign up for newsletters, enter competitions, or report issues.
  • When you request info or leave a review (which may be shared with partners if it references their service).
  • Automatically via cookies when you use the Site.

Why and How Do We Use Your Personal Data?

We use your data:

  • To Fulfil Orders: Process and deliver purchases (contract basis).
  • Customer Support: Handle queries or refunds (legitimate interests).
  • Marketing: Send personalised offers or newsletters (with consent or unless you opt out).
  • Security: Prevent fraud and protect the Site (legitimate interests).
  • Analysis: Assess business performance (legitimate interests).

Cookies enhance functionality, track usage, and personalise content (see “Cookies” below). We only use data for other purposes with your explicit consent or as legally required.

Where Do We Store Your Personal Data?

Data is stored on secure EEA servers. It may transfer outside the EEA (e.g., to US providers) with safeguards like Standard Contractual Clauses, per UK GDPR and EU GDPR post-Schrems II (2020).

How Do We Protect Your Personal Data?

We use HTTPS, encryption, tokenisation (for payment data), firewalls, and access controls to prevent unauthorised access, loss, or damage. Systems are monitored for vulnerabilities.

How Long Will We Keep Your Personal Data?

We retain data only as needed:

  • 6 years from your last interaction for tax compliance.
  • Until you delete your account or unsubscribe from marketing.
  • Deletion requests are actioned within one month unless legally required otherwise.

How Do We Share Your Personal Data?

We share with:

  • Third Parties: PayPal (payments), Royal Mail (deliveries), analytics providers, bound by our instructions and data laws.
  • Authorities: To meet legal obligations or prevent fraud.
  • Business Transfers: If we sell our business, data remains protected.

Third-party data is deleted when partnerships end, unless consent allows otherwise.

Cookies

We use cookies—small files stored on your device—to improve your Site experience:

  • Essential: Enable core functions (e.g., checkout, session management). No consent needed (legitimate interests).
  • Analytical: Track usage (e.g., Google Analytics) to improve the Site. Requires consent.
  • Functional: Save preferences (e.g., language). Requires consent.
  • Marketing: Deliver targeted ads. Requires consent.

Manage cookies via our Cookie Consent Tool or browser settings. Blocking essential cookies may affect Site use. Consent for non-essential cookies can be withdrawn anytime.

What Are Your Rights Over Your Personal Data?

Under UK GDPR and EU GDPR, you can:

  • Access your data.
  • Request correction or deletion.
  • Restrict or object to processing (e.g., marketing).
  • Request data portability.
  • Withdraw consent anytime.

Contact dpo@jamesalexander.co.uk to exercise these rights. Complain to the ICO (www.ico.org.uk) if needed.

How Can You Exercise Your Rights?

Our Data Protection Officer (DPO) ensures lawful data handling. Reach them at dpo@jamesalexander.co.uk for requests or queries.

Kids

We don’t allow children under 13 to register, per UK GDPR age rules. Our Site isn’t intended for minors.

Changes to Our Policy

We may amend this policy anytime, posting updates here. Significant changes will be emailed. Continued Site use signifies acceptance.

Questions and Feedback

Contact our DPO at dpo@jamesalexander.co.uk with questions or concerns. We’re here to help.