Legal
Privacy Policy
Last updated: 5 June 2026
GLEENOD (“Company”, “we”, “our”, or “us”) values your trust and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you interact with our website, mobile application, marketplace listings, or services (“Services”), and describes your rights under the EU General Data Protection Regulation (GDPR) and the UK GDPR.
1. Data Controller
GLEENOD is the data controller responsible for your personal information. To contact us or exercise your rights, email [email protected].
2. Information We Collect
- Personal Information: name, email address, phone number, billing details, shipping address, and account login information.
- Order & Transaction Data: products purchased, order value, and limited payment confirmation details. We do not store full payment card numbers.
- Usage Data: IP address, browser type, device details, pages visited, and actions taken.
- Cookies & Tracking Technologies: cookies, beacons, and analytics identifiers, used (with consent where required) to operate, personalise, and measure the site.
3. Legal Bases for Processing (GDPR Art. 6)
We only process your personal data where we have a lawful basis to do so:
| Purpose | Legal basis |
|---|---|
| Processing orders, delivery, customer service | Performance of a contract |
| Account creation and login | Performance of a contract |
| Marketing emails and promotional offers | Consent (withdrawable anytime) |
| Non-essential cookies, analytics, personalisation | Consent |
| Fraud prevention, security, service improvement | Legitimate interests |
| Tax, accounting, and other legal duties | Compliance with a legal obligation |
4. How We Use Your Information
- Provide, operate, and improve our Services
- Process transactions and deliver orders
- Send service updates and, with consent, promotional offers
- Personalise user experience and recommendations
- Ensure security, detect fraud, and comply with legal obligations
5. How We Share Your Information
We do not sell your personal information. We may share it with:
- Service Providers: payment processors, delivery partners, and IT/analytics providers, acting as processors under contract.
- Marketplaces & Platforms: where you purchase through a third-party marketplace (e.g. Amazon), that platform processes your data under its own privacy policy.
- Legal & Compliance: authorities where required by law or to protect rights and safety.
- Business Transfers: in a merger, acquisition, or asset sale, subject to this Policy.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or the UK. Where we do so, we rely on appropriate safeguards — the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or an adequacy decision — to ensure your data receives an equivalent level of protection. You may request a copy of these safeguards by contacting us.
7. Data Retention
- Order and transaction records: retained for the period required by applicable tax and accounting law (typically up to 10 years).
- Account data: retained while your account is active, then deleted or anonymised within a reasonable period after closure.
- Marketing data: retained until you withdraw consent or object.
When data is no longer needed, we securely delete or anonymise it.
8. Data Security
We implement appropriate technical and organisational measures to protect your information against unauthorised access, disclosure, alteration, or destruction. However, no method of online transmission or storage is 100% secure.
9. Your Privacy Rights
Depending on your location, you have the right to:
- Access and request a copy of your data
- Correct or update inaccurate information
- Request deletion of your data (“right to be forgotten”)
- Restrict or object to certain processing
- Data portability (receive your data in a portable format)
- Withdraw consent at any time, without affecting prior lawful processing
- Opt out of marketing communications
- Lodge a complaint with your local data protection supervisory authority
To exercise any of these rights, contact us at [email protected]. We will respond within one month, as required by the GDPR.
10. Automated Decision-Making
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.
11. Cookies & Tracking
We use cookies and similar technologies to operate the site and, where required, only with your consent for analytics and personalisation. You can manage or withdraw your preferences at any time through your browser settings.
12. Children’s Privacy
Our Services are not intended for children under 16 (or the minimum age set by your local law). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at [email protected].