Privacy Policy — Grabzies
Plain English Summary
Simple Explanation
Last updated: 6 May 2025 • Data Controller: Grabzies, United Kingdom • Email: help@grabzies.com
We collect the information you give us (such as your name, email, and address) and some technical data (like your IP address) so we can deliver our services, take payments, and keep the site secure. We do not sell your personal data. You can control marketing emails and request access, correction, or deletion of your information at any time.
We may collect your date of birth solely to verify age eligibility. This information is not used for marketing and is retained only as required for compliance.
This summary is a quick guide only. The full policy below explains our legal bases, retention periods, international transfers, and your rights in detail.
Overview of This Privacy Policy
Simple Explanation
This Privacy Policy explains how Grabzies (“we”, “us”, “our”) collects, stores, uses, and shares personal information when you visit grabzies.com, purchase services, or otherwise interact with our business. We treat all information relating to our projects and customers as proprietary and handle it accordingly.
This policy reflects UK data protection law, including the UK GDPR and the Data Protection Act 2018. If you are outside the UK, your data may still be transferred to and processed in the United Kingdom.
1. What Personal Information We Collect
Simple Explanation
We collect information you provide directly and information collected automatically when you use our Website or Services. This includes:
Contact details: name, email, telephone number, billing/shipping address.
Account data: username, password hash (we never store plaintext passwords), account preferences.
Transaction data: order history, invoices, payment method metadata (full card data is handled by our payment processor and never stored by us).
Technical & usage data: IP address, device details, browser type, pages visited, referral URL, cookies, and analytics data.
Communications: support requests, emails, call notes, and chat transcripts related to your account or orders.
Marketing preferences: opt‑in status and subscription preferences.
2. How We Use Your Information
Simple Explanation
We use personal information for the following purposes (not exhaustive):
• To provide and deliver products and services, process orders, and administer accounts.
• To communicate about orders, updates, security, and support.
• To personalise and improve our Website and services, and to analyse usage for product development.
• To process payments, prevent fraud, and comply with legal obligations.
• To send marketing communications where you have consented (with simple unsubscribe options).
3. Lawful Bases for Processing
Simple Explanation
Under the UK GDPR, we rely on one or more lawful bases to process your data:
Performance of a contract: processing necessary to provide the service you requested (e.g., building, hosting, or maintaining a site).
Legal obligation: where we must comply with law (e.g., tax, accounting, court orders).
Consent: for marketing emails and non‑essential cookies when you opt in.
Legitimate interests: for fraud prevention, platform security, and business analytics — balanced against your rights and freedoms.
4. Cookies and Similar Technologies
Simple Explanation
We use cookies and similar technologies for essential site functionality, analytics, and optional marketing. You can control cookie settings via the cookie banner (where shown) or through your browser.
Essential: required for shopping cart, login, security, and accessibility.
Analytics: used to measure and improve site performance (e.g., anonymised Google Analytics).
Marketing: used for advertising and remarketing (only with your consent where required).
For a full list of cookies we use, see our Cookie Policy.
5. Sharing and Recipients
Simple Explanation
Unless otherwise disclosed in a written agreement, all third‑party vendors and subprocessors are treated as proprietary. Vendor names are intentionally represented as “Your Name Here”.
We may share your personal data with:
• Trusted service providers and processors (payment processors, hosting providers, email delivery, analytics).
• Professional advisers and auditors where required to comply with legal obligations.
• Law enforcement, tax authorities, or courts if required by law.
We require all processors to maintain appropriate security and to process data only under our documented instructions.
A non‑exhaustive list of categories of processors we use (replace placeholders with actual vendor names as applicable):
Payment processing: Your Name Payment Processor — e.g., Stripe / PayPal
Hosting & storage: [Hosting Provider — e.g., AWS / DigitalOcean]
Analytics & email delivery: [Analytics Provider / Email Provider]
6. International Transfers
Simple Explanation
Your data may be transferred to, stored in, or processed in the United Kingdom and in other countries where our processors operate. When transfers occur outside the UK/EEA, we apply appropriate safeguards such as EU/UK Standard Contractual Clauses, binding corporate rules, or reliance on an adequacy decision to protect your rights.
7. Data Retention
Simple Explanation
We retain personal data only as long as necessary to fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.
Typical retention periods include:
Account information: retained while the account is active and for up to 6 years after (for tax and accounting purposes).
Transactional records and invoices: retained for 6 years (UK tax requirements).
Marketing data: retained until you withdraw consent or unsubscribe.
8. Security
Simple Explanation
We implement organisational, technical, and administrative measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
These measures include encryption in transit, access controls, regular vulnerability testing, and staff data protection training.
Despite these measures, no method of transmission over the Internet is 100% secure; therefore, we cannot guarantee absolute security.
9. Your Rights
Simple Explanation
Under UK data protection law, you may have the right to:
• Request access to personal data we hold about you (subject access request).
• Rectify inaccuracies in your personal data.
• Request erasure (right to be forgotten) in limited circumstances.
• Request restriction of processing.
• Object to processing where we rely on legitimate interests (including profiling).
• Request data portability where processing is based on consent or contract and carried out by automated means.
• Withdraw consent to marketing communications at any time.
To exercise any right, contact help@grabzies.com. We will respond within statutory timeframes (usually within one month). We may request identity verification to process certain requests.
10. Eligibility
Simple Explanation
Our services are available only to individuals aged 18 years or older. By creating an account or using this website, you confirm that you are at least 18 years of age.
If we discover that an account has been created by someone under 18, we reserve the right to suspend or terminate access immediately.
And if that does not stop you — your declaration or acceptance of our terms gives us full rights to tell your mum.
11. Automated Decision-Making
Simple Explanation
We do not carry out automated decision‑making that produces legal or similarly significant effects for individuals. If we introduce such processing in the future, we will notify you and provide clear information about the logic involved and your rights.
12. Complaints
Simple Explanation
If you are unhappy with how we handle your personal data, you can:
• Contact us first at help@grabzies.com so we can attempt to resolve the issue; and
• If unresolved, you may complain to the UK Information Commissioner’s Office (ICO): ico.org.uk (telephone: 0303 123 1113).
13. Changes to This Policy
Simple Explanation
We may update this Privacy Policy from time to time. Where changes are material, we will provide a prominent notice on our Website or send notice to affected users. The “Last updated” date at the top of this page indicates when the policy was last revised.
14. Contact
Simple Explanation
Data Controller: Grabzies (United Kingdom)
Email: help@grabzies.com
Postal address: [Insert company registered address — replace with official address]
Data Processing Addendum (DPA)
Simple Explanation
This Data Processing Addendum forms part of the Privacy Policy and outlines the responsibilities and obligations of Grabzies (the Controller) and its Processors with respect to processing personal data on behalf of our customers.
1. Roles
Controller: Grabzies
Processors: third‑party service providers engaged by Grabzies to perform specific services (e.g., payment, hosting, analytics). Examples: [Payment Processor], [Hosting Provider], [Email Provider]. Replace placeholders with actual vendor names.
2. Processing Instructions
Processors may only process personal data in accordance with Grabzies’ documented instructions and for the purposes described in this Privacy Policy or any specific service agreement.
3. Security Measures
Processors must implement appropriate technical and organisational measures, including:
• Access controls and authentication
• Encryption of data in transit
• Regular patching and vulnerability management
• Secure backup and recovery procedures
• Employee training and confidentiality obligations
4. Sub‑Processing
Processors must not engage sub‑processors without prior written authorisation. Where sub‑processors are authorised, equivalent data protection obligations must be applied.
5. Assistance to Controller
Processors must assist Grabzies with data subject requests, security incidents, and obligations under applicable data protection legislation (e.g., breach notification).
6. Return or Deletion
Upon termination or expiry of the contractual relationship, processors must return or securely delete personal data unless legally required to retain it.
7. Audit Rights
Grabzies reserves the right to audit processors for compliance and may request evidence of controls, certifications (e.g., ISO 27001), and data processing records.
8. Contact Point
For matters relating to this DPA and data protection, contact: help@grabzies.com
© 2025 Grabzies. All rights reserved. This Privacy Policy describes how Grabzies processes personal data in connection with its Website and services. This is not legal advice — for specific legal questions consult your solicitor.
Terms & Conditions • Cookie Policy