Saw-Tech (NW) Ltd (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights. It applies when you visit our website or make a purchase from us. We comply with UK data protection law (UK GDPR) and the Data (Use and Access) Act 2025, and follow ICO guidance on transparency. We keep our policy under review and may update it, so please check this page regularly.
 

Information We Collect

• Device and usage data. When you visit our website, we automatically collect device information (IP address, browser type/version, device identifiers) and browsing activity (pages viewed, time spent, links clicked). This “device information” helps us operate the site, detect technical issues and fraud, and analyse how our website is used. This data is not directly linked to your name or address.
• Cookies and similar technologies. We use cookies to support website functionality and analytics. Some cookies are strictly necessary (e.g. to keep items in your shopping basket). Other cookies (like analytics/performance cookies) collect aggregate data on how visitors use our site. Under the Data Use and Access Act 2025, cookies for “statistical purposes” (analytics) and site functionality may be set without consent. However, cookies used solely for advertising or tracking (targeted marketing) still require your opt‑in consent. You can manage your cookie preferences on our site or via your browser (see “Cookies” below).
• Personal information you provide. If you register an account or place an order, we collect personal data you give us, such as your name, delivery and billing address, email address, telephone number, date of birth and similar details you submit. When you make a purchase, you enter payment details. We do not store your full credit/debit card data on our servers; card processing is handled by secure third-party payment gateways. We may store only limited payment details (e.g. last 4 digits, card type, expiry date) if you choose to save a payment method. All other card information is kept secure by the payment processor.

We refer to all the above as personal data. We collect and use it only for specific, legitimate purposes as described below.
 

How We Use Your Information

We use your personal data for the following purposes (with the corresponding lawful basis under UK GDPR):

• Order fulfilment and customer service (contract). We use your contact, billing and delivery information to process and ship your orders, manage your account and communicate with you about your purchases. Performing these actions is necessary to fulfil our contract with you, and to provide the services you request. For example, we need your address to deliver products and your email to send order confirmations.
• Payment processing (contract). When you make a payment, we share required data with our payment processors (for example, SagePay, PayPal or a card payment service) to complete the transaction. This processing is necessary for payment, which is part of our contract for sale of goods.
• Fraud prevention and security (legitimate interest). We use device and order information to help detect and prevent fraud, unauthorised transactions or security incidents (for instance, by screening IP addresses or identifying unusual activity). This helps protect you and us from fraudulent or illegal actions. These activities are in our legitimate business interests to secure our site and minimise risk.
• Website analytics and improvement (legitimate interest). We analyse aggregate information about how visitors use our site (e.g. pages visited, items added to basket, time on page) to improve our website, products and services. By understanding user behaviour, we can optimise our content and identify technical issues. Collecting this data is a legitimate interest (improving our services) and is now permitted for site analytics without explicit cookie consent. You can opt out of analytics cookies if you wish (see “Cookies” below).
• Marketing and communications (consent or legitimate interest). We may send you marketing emails or newsletters about our products, services or promotions. We will only do this if you have opted in or given consent (for example by subscribing via our website). Note: for existing customers, UK law now treats direct marketing as a “recognised legitimate interest,” meaning we may contact you about similar products you have purchased without requiring fresh consent. Nonetheless, every marketing email will include an unsubscribe link so you can opt out at any time.
• Legal compliance and rights protection (legal obligation or legitimate interest). We use and may disclose your data as needed to comply with the law (for example, tax or accounting rules that require us to keep order records for up to 6 years) or to respond to lawful requests by authorities (such as courts or regulators). We also share data if necessary to defend our legal rights (for instance, in case of a dispute or investigation). This is either a legal obligation or our legitimate interest (protecting the business).
• Sharing with service providers. We share data with trusted third-party service providers who help run our business – for instance, shipping carriers, web hosting companies, analytics providers (such as Google Analytics), email service providers, and IT and data storage vendors. We only give them the data they need to perform their function and they may not use it for other purposes. All such processors are bound by law and contract to keep data secure. For example, we never share your full payment card details with anyone (only the payment processor sees those).

We do not sell your personal data to any company. We also use data for legitimate advertising purposes: for example, if you consent or as part of our legitimate interests, we may use remarketing services (such as Google Ads or social media ad networks) to show you relevant ads about our products. This involves sharing limited data (e.g. customer lists or site visit events) with those networks under strict terms. If you do not want to receive targeted ads, you can opt out via the cookie settings below or the ad network settings.
 

Lawful Basis for Processing

Under UK GDPR we must tell you our lawful basis for each use of your personal data. In summary:

• Contract. We rely on performance of a contract when we process your data to fulfil orders and provide the services you request (shipping products, processing payments, managing your account, etc.).
• Consent. When we send you direct marketing (email newsletters, promotional offers), we rely on your consent. You can withdraw your consent at any time by clicking “unsubscribe” or contacting us. (If you are an existing customer, new UK rules allow us to treat marketing as a legitimate interest, but we will always honour your opt-out requests immediately.)
• Legitimate interest. We use legitimate interests for purposes like fraud prevention, website analytics, internal administration, and handling marketing to our existing customers. Before using legitimate interest, we balance our interests against your privacy rights. For example, we consider it fair to analyse anonymised browsing data to improve our site, or to contact customers with offers related to their past purchases (a recognised legitimate interest under recent law).
• Legal obligation. When the law requires it (for instance, keeping financial records or complying with a court order), we process data under the legal obligation basis.
   

Cookies and Tracking Technologies

We use cookies and similar tools to support our website. Cookies are small text files placed on your device. We use the following categories of cookies:

• Strictly necessary cookies. These are essential for our site to operate (for example, remembering your shopping cart items as you browse). They cannot be switched off and do not require your consent.
• Performance/Analytical cookies. These collect anonymous statistics about how visitors use the site (pages viewed, session length, etc.). By law, such cookies are used for “statistical purposes” and do not require consent under the Data Use and Access Act 2025. They help us monitor and improve performance. You can still disable these cookies via our site’s cookie settings or your browser if you prefer not to be tracked.
• Functional cookies. These remember your preferences or login status (for example, language settings, keeping you logged in, or saving form entries). They are not strictly necessary but enhance your experience. We do not need your consent for these cookies and they do not track you for advertising purposes.
• Advertising/Targeting cookies. These are used by marketing partners (like Google or Facebook) to deliver personalised ads based on your browsing. We will only use these cookies with your explicit consent (opt‑in). If you do not consent or later revoke consent, we will not load these cookies and you will not get targeted ads. You can change your cookie preferences at any time via our cookie banner or your browser settings.

For detailed cookie information, please see our Cookie Policy page (link). You can usually block or delete cookies through your browser settings. Be aware that blocking cookies may affect your experience on our site.
 

Your Data Protection Rights

Under UK GDPR, you have rights regarding your personal data. In summary, you have the right to:

• Access the data we hold about you (right of access).
• Rectify any inaccurate or incomplete data.
• Erase your data (“right to be forgotten”), subject to legal exceptions.
• Restrict our processing in certain circumstances (for example, during a dispute).
• Object to processing based on legitimate interests or direct marketing.
• Data portability – receive your data in a structured format in certain cases.
• Withdraw consent at any time if we rely on it, without affecting processing done before withdrawal.

These rights are listed in the GDPR and we must inform you of them in our privacy notice. The right to object (to certain processing) must be highlighted specifically, which we do above. If you wish to exercise any of these rights, please contact us (see below) and we will assist you.
 

How to Make a Subject Access Request (SAR)

You can request a copy of the personal data we hold about you by contacting us (see Contact Us below). This is called a Data Subject Access Request (DSAR). To help us locate your data, please provide details like your name, email, and what information you are asking for. We will need to verify your identity (for example, by matching your details with an account or by asking for proof of identity) to ensure we do not disclose anyone’s data to the wrong person.

Once your request is validated, we will respond as quickly as possible and in any case within one calendar month of receiving it. If the request is complex or you make multiple requests, we may extend the deadline by up to two more months. If we need more information to fulfill your request (for example, to clarify what you want or confirm identity), the time limit will start (or “stop the clock”) once we have the needed information. We will always let you know if we need additional details.

There is no fee for a standard access request unless the request is unfounded or excessive. If you are unhappy with our response or if you believe we have handled your data improperly, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Data Retention

We retain personal data only for as long as necessary for each purpose, in accordance with legal requirements and our business needs. Once the data is no longer needed, we securely delete or anonymise it. For example:

• Order and purchase data (including invoices) are typically retained for at least 6 years after the transaction (to comply with tax laws and potential warranty claims).
• Account registration data (if you create an account on our site) is kept for as long as your account is active or until you request deletion.
• Marketing consent/preferences are kept while you remain subscribed; if you opt out or withdraw consent, we will remove you from marketing lists promptly.
• Logs and analytics data are kept for a shorter period (typically up to 2 years) to monitor site performance; we purge or aggregate older records.
• Cookie consents and settings are stored for at most 1–2 years (depending on the cookie) or until you change your preferences.

When retention periods expire, we either delete the data or aggregate it in a way that no longer identifies you. These retention periods are guided by legal obligations (such as accounting rules) and necessity for our operations.
 

Data Security

We take appropriate security measures to protect your data from unauthorised access, loss, misuse or disclosure. For example, we use SSL/TLS encryption on our website to secure data in transit, and we store data on secure servers with firewalls. Sensitive information (like payment details) is handled by encrypted payment gateways. We follow recognised information security practices, such as access controls (only authorised staff can access personal data), regular backups and software updates. As the ICO advises, we employ “appropriate technical and organisational measures” (confidentiality, integrity and availability) to keep personal data safe. 

While we work hard to protect your information, no method of transmission or storage is completely foolproof. If a security breach occurs, we have procedures to contain it and to notify affected individuals and authorities if legally required.
 

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements (for example, when new guidance is issued or law changes). We will post any updates on our website with a revised “last updated” date. It is your responsibility to review this policy periodically. Your continued use of the site after any changes signifies your acceptance of the updated policy.
 

Contact Us

If you have questions about this policy or wish to exercise your data rights, please contact:

• Email: sales@sawtech.co.uk
• Phone: 0161 624 1440
• Address: Saw-Tech (North West) Ltd, Unit 37 The Acorn Centre, Barry Street, Oldham OL1 3NE, United Kingdom

We will do our best to respond promptly. You can also contact the ICO for advice or to make a complaint: the ICO’s helpline is 0303 123 1113 and their website is ico.org.uk.

Last updated: March 2026

Sources: UK GDPR and ICO guidance; Data (Use and Access) Act 2025 summaries. All practices described conform to current UK law.