Privacy Policy

Contents

Who is the data controller
What we collect and why
Legal basis for processing
Who we share data with
International transfers
How long we keep data
Cookies and tracking
Your rights
Security
Changes to this policy
Contact

1. Who is the data controller

Essential Toolkits is the data controller for personal data we collect about you through this Site and our products.

Trading address: 10 South View Road, Christchurch, Dorset, BH23 1JH, United Kingdom.

Contact email for privacy queries: [email protected]

We are a small business and do not have a Data Protection Officer, but we treat privacy queries as a priority and respond within one working day where possible.

2. What we collect and why

If you contact us

When you fill in the contact form or send us an email, we collect your name, email address, organisation (if you provide it), and the content of your message. We use this to respond to your enquiry and, where relevant, to follow up on related matters.

If you buy a product

Payments are processed by Polar, who act as our merchant of record. Polar collects the payment details directly — we never see your card number. From Polar we receive: your name, email address, country, the product purchased, the order ID, and (where applicable) the organisation name and VAT number you provided at checkout. We use this to deliver the product, fulfil our tax and accounting obligations, and provide customer support.

Server logs and security

Our hosting provider (Cloudflare) keeps short-lived logs of requests to the Site for the purpose of security, abuse prevention, and diagnosing technical issues. These logs may include IP address, timestamp and user-agent, and are retained for a limited period.

3. Legal basis for processing

Under UK GDPR we need a lawful basis for processing your personal data. We rely on:

Performance of a contract — for processing related to delivering a product you have bought and providing customer support.
Legitimate interests — for responding to enquiries, managing security, and keeping basic business records. Our legitimate interest is running our business effectively; we balance this against your rights.
Legal obligation — for keeping records required by tax, accounting and consumer protection law.

We do not sell your data and we do not share it for advertising. We do share data with the following service providers, who process it on our behalf:

Polar — payment processing and merchant-of-record services. See their privacy policy.
Cloudflare — hosting and content delivery for the Site. See their privacy policy.
Email provider — the service we use to send transactional emails such as licence delivery and support replies (currently configured via Resend). They process delivery metadata only.

We may also disclose personal data if required by law, court order, or to protect our rights, property or safety, or those of others.

5. International transfers

Some of our service providers (including Polar and Cloudflare) are based outside the UK or process data in countries outside the UK. Where this happens, we rely on the safeguards offered by those providers, including the UK’s adequacy decisions, Standard Contractual Clauses, and the UK International Data Transfer Addendum where applicable.

6. How long we keep data

Contact form / email enquiries: kept for as long as needed to handle your enquiry, then archived for up to 24 months in case you come back to us, then deleted.
Order records: kept for at least six years to meet UK tax and accounting requirements.
Server logs: kept for up to 30 days unless needed for an active investigation.

7. Cookies and tracking

This Site does not use marketing or analytics cookies. We do not use Google Analytics, Meta Pixel, or any third-party advertising or tracking tags.

Strictly necessary cookies may be set by Cloudflare to keep the Site secure. These cookies do not require your consent under the Privacy and Electronic Communications Regulations.

Polar may set cookies during checkout to manage your purchase. Their cookie policy applies during checkout.

8. Your rights

Under UK GDPR you have the right to:

Access — ask for a copy of the personal data we hold about you.
Rectification — ask us to correct data that is inaccurate or incomplete.
Erasure — ask us to delete your data, where we are not required to keep it.
Restriction — ask us to limit how we use your data.
Portability — ask us to provide your data in a machine-readable format.
Object — object to processing based on legitimate interests, including any direct marketing.
Withdraw consent — where we rely on consent, withdraw it at any time without affecting earlier processing.

To exercise any of these rights, email [email protected]. We will respond within one month.

Right to complain. If you think we have mishandled your data, you can complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator: ico.org.uk/make-a-complaint. We’d appreciate the chance to put things right first — please contact us before going to the ICO if you can.

9. Security

We use HTTPS across the Site. We do not store payment card details — those are handled entirely by Polar.

No system is perfectly secure. If we become aware of a personal data breach that is likely to risk your rights and freedoms, we will notify the ICO within 72 hours and tell you without undue delay where the law requires it.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of the page tells you when. Material changes that affect existing customers will be communicated by email where we have your address.

11. Contact

Questions about this policy?

Essential Toolkits

Email: [email protected]

Or use the contact form.