Privacy Policy

1. Who We Are

ecommerce79 ("we", "us", "our") operates the website at ecommerce79.com and provides AI-powered eCommerce applications, digital services and consulting to businesses.

For the purposes of UK GDPR, ecommerce79 is the data controller responsible for the personal data you provide to us through this website.

Contact: info@ecommerce79.com

2. What Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Data

• First name and last name
• Business email address
• Phone number (if provided)
• Company name

Business & Commercial Data

• Annual revenue range (if provided)
• eCommerce platform in use
• Services or products you are interested in
• Details of your project or enquiry

Transaction Data

• Details of purchases made through our Stripe payment links
• Purchase history and app licence information

Technical & Usage Data

• IP address and browser type
• Pages visited and time spent on site
• Referring URLs and device information

Communications Data

• Enquiries, messages and correspondence you send to us
• Email communications

We do not knowingly collect any special category data (such as health data, racial or ethnic origin, or political opinions).

3. How We Collect Your Data

We collect data through the following means:

• Enquiry and contact forms on our website, processed via Formspree
• Purchase transactions processed via Stripe
• Email correspondence when you contact us directly
• Cookies and analytics tools when you browse our website
• Third-party referrals where you have been referred to us by a partner

4. How We Use Your Data

We use your personal data for the following purposes:

• To respond to enquiries and provide requested information about our services
• To process purchases and deliver digital products or services you have bought
• To fulfil contractual obligations where a service agreement exists
• To send service-related communications (order confirmations, delivery of digital products)
• To send marketing communications where you have consented, or where we have a legitimate interest to do so as an existing customer
• To improve our website, products and services based on usage patterns
• To comply with legal obligations, including tax and accounting requirements
• To prevent fraud and ensure the security of our systems

We will never sell your personal data to third parties. We will never use your data for any purpose that is incompatible with the purposes described above.

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases to process your personal data:

• Contractual necessity — where processing is necessary to perform a contract with you (e.g. delivering a purchased app)
• Legitimate interests — where we have a legitimate business interest that is not overridden by your rights (e.g. responding to enquiries, improving our services, marketing to existing customers)
• Legal obligation — where processing is required to comply with UK law (e.g. HMRC tax records)
• Consent — where you have given clear consent for a specific purpose (e.g. marketing emails to new contacts). You may withdraw consent at any time

6. How We Share Your Data

We do not sell, rent or trade your personal data. We may share your data with carefully selected third parties only where necessary:

• Service providers who process data on our behalf (such as Formspree for form processing, Stripe for payment processing) — these parties act as data processors under contractual data processing agreements
• Professional advisers including accountants and legal advisers, where necessary and bound by confidentiality
• Government and regulatory authorities where required by law (e.g. HMRC)
• Successor businesses in the event of a sale or merger of ecommerce79, where data would transfer under the same privacy obligations

Any third parties we work with are required to respect your data and treat it in accordance with UK law. We do not allow them to use your data for their own purposes beyond the services they provide to us.

7. Third-Party Services

Our website uses the following third-party services, each with their own privacy policies:

• Formspree (form processing) — formspree.io/legal/privacy-policy
• Stripe (payment processing) — stripe.com/gb/privacy
• Google Fonts (typography) — font requests are sent to Google's servers. See Google Privacy Policy

We recommend reviewing the privacy policies of these third parties to understand how they handle your data.

8. Cookies

Our website may use cookies and similar tracking technologies. Cookies are small text files stored on your device that help us understand how you use our site.

Types of cookies we may use:

• Strictly necessary cookies — essential for the website to function. Cannot be disabled
• Analytics cookies — help us understand how visitors interact with the site (e.g. pages visited, time on site). We use this data in aggregate, anonymised form
• Preference cookies — remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the site. For more information about cookies, visit aboutcookies.org.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and reporting obligations.

• Enquiry data — retained for up to 2 years from the date of enquiry, unless a commercial relationship develops
• Customer data — retained for the duration of the business relationship and up to 7 years thereafter (as required by HMRC for tax records)
• Marketing data — retained until you unsubscribe or withdraw consent
• Technical/analytics data — typically retained for up to 26 months in anonymised or aggregated form

When your data is no longer required, we securely delete or anonymise it.

10. International Data Transfers

Some of our third-party service providers (including Stripe and Formspree) may process your data outside the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including:

• Transfers to countries with UK adequacy decisions
• Use of International Data Transfer Agreements (IDTAs) approved by the ICO
• Transfers to organisations certified under equivalent data protection frameworks

You can obtain further information about these safeguards by contacting us at info@ecommerce79.com.

11. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access — the right to request a copy of the personal data we hold about you (a Subject Access Request)
• Right to rectification — the right to request correction of inaccurate or incomplete data
• Right to erasure — the right to request deletion of your data where there is no compelling reason for us to continue processing it
• Right to restrict processing — the right to ask us to pause processing of your data in certain circumstances
• Right to data portability — the right to receive your data in a structured, commonly used, machine-readable format
• Right to object — the right to object to processing based on legitimate interests or for direct marketing purposes
• Rights in relation to automated decision-making — the right not to be subject to solely automated decisions that significantly affect you
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at info@ecommerce79.com. We will respond within one calendar month of receiving your request.

12. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or alteration. These include:

• HTTPS encryption across our entire website
• Secure form submission via Formspree's encrypted endpoint
• Payment processing exclusively via Stripe's PCI-DSS compliant infrastructure (we do not store payment card details)
• Access controls limiting who within our organisation can access personal data
• Regular review of our data handling practices

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay where required by law.

13. Children's Privacy

Our website and services are directed exclusively at businesses and individuals aged 18 or over. We do not knowingly collect personal data from children under the age of 18. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.

15. Contact Us