Privacy Policy

           

Last updated: 2 December 2025

       

       

            This Privacy Policy explains how **Power Steering Rack Direct Ltd** (“we”, “us”, “our”) collects and uses your personal data.             We act as the **data controller** under the **UK GDPR** and the **Data Protection Act 2018**.             If anything here is unclear, please contact us using the details below.        

       

1) Who we are & how to contact us

       

           
• Controller: Power Steering Rack Direct Ltd
           
• Website: https://powersteeringrackdirect.com
           
• Email: [email protected]
           
• Phone: (+44) 07456 373490
           
• Address: 5 Barretts Road, Dunton Green, Sevenoaks, Kent, TN13 2UN
       

       

---

       

2) What data we collect

       

           
• **Identity & contact data:** name, email, phone, and delivery/billing addresses.
           
• **Vehicle data:** VIN/chassis number, registration plate, make/model, which is necessary for ordering the correct part.
           
• **Order data:** products ordered, order notes, and delivery information.
           
• **Payment data:** processed securely via external providers (we never store your full card details).
           
• **Support data:** messages, photos, and fault codes for product diagnosis and support.
           
• **Technical data:** IP address, browser/device info, and website usage data collected via cookies/analytics.
           
• **Marketing preferences:** opt-in choices and communication history.
       

       

---

       

3) Why we use your data (Legal Basis)

       

We only use your data when we have a legal reason (basis) to do so:

       

           
• **To process orders & provide service (Contract):** Necessary to fulfill the contract of sale and delivery.
           
• **To respond to enquiries & provide support (Legitimate interests):** Our legitimate interest is running our business efficiently, providing high-quality customer service, and protecting our assets, which we've balanced against your rights.
           
• **To meet legal/tax duties (Legal obligation):** Required by UK law (e.g., HMRC records).
           
• **To send optional updates/marketing (Consent):** Only when you have actively agreed to receive them.
           
• **To improve our site & services (Legitimate interests):** Our interest is ensuring the website is secure and works well, which benefits all customers.
           

       

---

       

4) Sharing your data (Data Recipients)

       

We **do not sell your data**. We only share it with trusted third parties who help us run the business and fulfill your order:

       

           
• **Payment processors:** To securely handle transactions (e.g., Stripe, PayPal).
           
• **Couriers & logistics partners:** To deliver your items (e.g., Royal Mail, DPD, third-party freight).
           
• **IT, hosting, CRM, and analytics providers:** Services that keep the site running and help us understand site performance (e.g., our web host, Google Analytics).
           
• **Professional advisers and authorities:** Where legally required (e.g., accountants, HMRC, law enforcement).
       

       

---

       

5) International transfers

       

            Some of our IT service partners may be based outside the UK. When data is transferred internationally,             we ensure your data is protected using approved safeguards, such as the UK Addendum or International Data Transfer Agreement (IDTA).        

       

---

       

6) Data retention

       

We only keep your data for as long as needed:

       

           
• **Orders & invoices:** Kept for 6 years plus the current tax year to comply with UK tax rules.
           
• **Warranty/technical records:** Kept for the duration of the warranty period plus a reasonable time after, in case of claims.
           
• **Enquiries without purchase:** Deleted up to 24 months after the last contact.
           
• **Marketing data:** Kept until you opt out or withdraw consent, which you can do at any time.
       

       

---

       

7) Your rights

       

Under GDPR, you have the right to:

       

           
• **Access** your data (get a copy).
           
• **Correct** inaccurate data.
           
• Request **deletion** (where applicable, often called "the right to be forgotten").
           
• **Restrict** or **object** to processing.
           
• Request **portability** of data you provided to us.
           
• **Withdraw consent** for marketing at any time.
       

       

To exercise any of these rights, please contact us using the details at the bottom of this policy.

       

---

       

8) Cookies & analytics

       

            We use essential cookies for site functionality (like keeping items in your basket).             We only use non-essential cookies (like analytics for performance improvement) **if you give us your consent** via our cookie banner.             You can control and manage all cookies in your browser settings.        

       

---

       

9) Children

       

Our services are not intended for children, and we do not knowingly collect data from anyone under the age of 18.

       

---

       

10) Security

       

            We use appropriate technical and organisational measures to protect your personal data,             including encryption in transit (SSL/TLS), strong access controls, and regular supplier reviews to protect against loss, misuse, or unauthorized access.        

       

---

       

11) Complaints

       

            If you are unhappy with how we handle your data, please contact us first so we can try to resolve it.             You also have the right to complain directly to the **Information Commissioner’s Office (ICO)**, the UK's supervisory authority for data protection issues:             ico.org.uk/make-a-complaint.        

       

---

       

12) Changes

       

            We may update this Privacy Policy from time to time. We will post updates here with a new “Last updated” date at the top.