Privacy and Cookies Policy

Privacy & Cookies Policy

Effective date: 18 September 2025
Who we are: Ebask Limited T/A NeoRox (“NeoRox”, “we”, “us”, “our”).
Company number: 13829995 (England & Wales)
Website: https://neorox.co.uk/
Contact (privacy): contact@neorox.co.uk

We respect your privacy and handle personal data in line with the UK GDPR and the Data Protection Act 2018. This notice explains what we collect, why we collect it, how we use it, and the choices you have.

1) What data we collect

We collect only the information needed to run our store, fulfil orders, and keep the website secure and reliable.

Identity & contact

  • Name

  • Email address

  • Billing and shipping address (where required to fulfil an order)

Order & support

  • Order details, invoices, refunds/returns

  • Messages you send to our customer support

Technical

  • IP address, device, and browser information

  • Cookie and similar technology data (see Cookies below)

Payment data

  • Card or wallet details are entered directly with Stripe or PayPal.

  • We do not receive or store your full card details. We receive payment confirmation, status, and limited metadata (e.g., last 4 digits, payment method, transaction ID).

We do not collect special category data (e.g., health records) and we do not sell personal data.

2) Why we use your data (lawful bases)

We use your data only where we have a lawful basis:

Contract – to fulfil and deliver your order; to handle returns and customer support.
Legal obligation – tax, accounting, and consumer law record keeping.
Legitimate interests – website security and fraud prevention; improving our site and services; basic analytics to understand performance.
Consent – optional email marketing; non-essential cookies/pixels. You can withdraw consent at any time.

3) Payments (Stripe & PayPal)

We use Stripe and PayPal to process payments. When you pay:

  • You are redirected or an embedded field is loaded from the payment provider.

  • Your payment details are processed on the provider’s secure systems.

  • The provider shares a confirmation with us so we can ship your order.

Each provider acts as an independent controller for your payment information. Please refer to their privacy notices for full details. (Add links to Stripe/PayPal privacy pages on your site if you wish.)

4) Cookies & similar technologies

Cookies are small files placed on your device. We use:

  • Strictly necessary cookies (essential for security, checkout, and account functions); these run without consent.

  • Performance/analytics cookies (to understand site usage).

  • Marketing/advertising cookies (e.g., ad pixels), only with your consent.

You can manage consent at any time via the Cookie banner / preferences link on our site. If you disable certain cookies, parts of the site may not function fully.

Examples of what cookies do:

  • Keep items in your cart and remember your session

  • Help us measure which pages are most useful

  • Enable payment and fraud prevention features

For a current list of cookies and partners, please check the Cookie banner → “Preferences” section on our website. This list updates as we add or remove services.

5) Analytics & marketing

If you consent, we may use privacy-focused analytics and advertising tools (e.g., Google Analytics, Meta pixel) to understand performance and improve our content.

  • Data is aggregated and/or pseudonymised where possible.

  • You can toggle these cookies off at any time in the Cookie banner.

6) Who we share data with

We share data only with trusted providers who help us run the site and deliver your order. These service providers may include:

  • E-commerce & hosting: WooCommerce and our UK hosting provider

  • Payments: Stripe; PayPal

  • Fulfilment & logistics: carriers and warehouse/fulfilment partners (if used)

  • Email & support tools: customer service and email platforms

  • Analytics/ads (consent-based): platforms you enable through the Cookie banner

We require providers to safeguard your data and use it only for the services we request. We do not allow them to use your data for their own marketing.

7) International transfers

Some providers may process data outside the UK. Where they do, we rely on UK adequacy regulations or standard contractual clauses (SCCs) to protect your data.

8) Data retention

We keep data only as long as necessary:

  • Orders & invoices: typically 6 years (tax/legal requirements).

  • Support messages: for as long as needed to resolve your request.

  • Marketing preferences: until you unsubscribe or withdraw consent.

  • Analytics data: per tool settings and only while consent is active.

We securely delete or anonymise data when it is no longer needed.

9) Your rights

Under UK data protection law, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase data (where applicable)

  • Restrict or object to processing

  • Portability (receive your data in a usable format)

  • Withdraw consent (for consent-based processing)

  • Lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk

To exercise your rights, contact contact@neorox.co.uk

10) Security

We use appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and least-privilege practices. No system is 100% secure, but we work to prevent unauthorised access, use, or disclosure.

11) Children

Our site is for adults. We do not knowingly collect data from children under 16. If you believe a child has provided data, contact us and we will delete it.

12) Third-party links

Our website may contain links to other sites. We are not responsible for their content or privacy practices. Please review those sites’ policies.

13) Changes to this notice

We may update this policy from time to time. Changes will be posted on this page with a new effective date. Significant changes may be communicated by email (if appropriate).

14) Contact us

For questions about this notice or your data:
Email: contact@neorox.co.uk