Last updated: March 2026
1. Who We Are
Boss Office is a trading name of [PLACEHOLDER: Full Registered Company Name], registered in England and Wales (Company No. [PLACEHOLDER]). We are the data controller for the personal information collected through this website.
Data Controller Contact:
- Email: sales@boss-office.co.uk
- Phone: 0330 0576 514
- Post: [PLACEHOLDER: Registered Address]
If you have any questions about how we handle your data, or wish to exercise your rights, please contact us using the details above.
2. What Data We Collect
We may collect and process the following categories of personal data:
2.1 Data You Provide to Us
- Account information: name, email address, password (encrypted)
- Order information: billing address, delivery address, phone number, company name, VAT number
- Payment information: we do not store your card details - payments are processed securely by Stripe
- Communications: messages you send us via contact forms, email, support tickets, or recycling return requests
- Rewards programme: points balance, transaction history, redemption activity
2.2 Data We Collect Automatically
- Technical data: IP address, browser type and version, operating system, referring URL
- Usage data: pages visited, time spent on site, links clicked, products viewed
- Cookie data: see our Cookie section below
2.3 Data from Third Parties
- Payment processors: Stripe may share payment status information with us
- Delivery partners: tracking and delivery confirmation data from our couriers
3. How We Use Your Data
We use your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your orders | Contract performance |
| Managing your account | Contract performance |
| Processing payments via Stripe | Contract performance |
| Sending order confirmations and shipping updates | Contract performance |
| Responding to your enquiries and support tickets | Contract performance / Legitimate interests |
| Managing recycling return requests | Contract performance |
| Operating the rewards programme | Contract performance / Legitimate interests |
| Sending marketing emails (where you have consented) | Consent |
| Improving our website and services | Legitimate interests |
| Fraud prevention and security | Legitimate interests / Legal obligation |
| Complying with legal and regulatory obligations | Legal obligation |
| Sending VAT invoices and maintaining accounting records | Legal obligation |
4. Marketing Communications
We will only send you marketing emails if you have explicitly opted in to receive them. You can withdraw your consent at any time by:
- Clicking the unsubscribe link in any marketing email
- Updating your preferences in your account settings
- Contacting us directly at sales@boss-office.co.uk
Withdrawing consent will not affect the lawfulness of any processing carried out before you withdrew it.
5. Sharing Your Data
We do not sell, rent, or trade your personal data. We may share your data with the following third parties where necessary:
| Third Party | Purpose | Location |
|---|---|---|
| Stripe | Secure payment processing | UK / EU / USA (Privacy Shield) |
| Delivery couriers | Order fulfilment and shipping | UK |
| WooCommerce / WordPress | Ecommerce and website platform | UK hosted |
| Google Analytics | Website analytics (anonymised) | USA (Standard Contractual Clauses) |
| IT support / hosting providers | Server infrastructure and technical support | UK |
Where we share data with third parties outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
We may also disclose your information to law enforcement or regulatory authorities if required to do so by law.
6. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law:
| Data Type | Retention Period |
|---|---|
| Order records and invoices | 7 years (HMRC requirement) |
| Account information | Duration of account + 2 years after closure |
| Support ticket records | 3 years |
| Recycling return records | 3 years |
| Marketing consent records | Until consent is withdrawn |
| Website analytics data | 26 months (anonymised) |
7. Cookies
Our website uses cookies - small text files stored on your device - to make the site work properly and to improve your experience.
7.1 Essential Cookies
These are necessary for the website to function and cannot be switched off. They include:
- Session cookies (keeping you logged in)
- Shopping basket cookies
- Security cookies
7.2 Analytics Cookies
With your consent, we use Google Analytics to understand how visitors use our site. This data is anonymised and aggregated. You can opt out at any time using our cookie banner.
7.3 Managing Cookies
You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information, visit allaboutcookies.org.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access - you can request a copy of the personal data we hold about you
- Right to rectification - you can ask us to correct inaccurate or incomplete data
- Right to erasure - you can ask us to delete your data in certain circumstances ("right to be forgotten")
- Right to restriction - you can ask us to restrict processing of your data in certain circumstances
- Right to data portability - you can request your data in a structured, commonly used format
- Right to object - you can object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making - we do not use your data for fully automated decision-making
To exercise any of these rights, please contact us at sales@boss-office.co.uk. We will respond within one month. We may need to verify your identity before fulfilling your request.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data correctly:
- Website: ico.org.uk
- Helpline: 0303 123 1113
9. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or destruction. These include:
- SSL/TLS encryption for all data transmitted between your browser and our website (HTTPS)
- Encrypted password storage
- Secure payment processing via Stripe - we never see or store your full card details
- Access controls limiting staff access to personal data on a need-to-know basis
- Regular security reviews of our systems
No method of data transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO as required by law.
10. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
11. Links to Other Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on this page with an updated "Last updated" date. For significant changes, we may notify you by email or a prominent notice on our website.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
- Email: sales@boss-office.co.uk
- Phone: 0330 0576 514
- Post: [PLACEHOLDER: Registered Address], England