Your Rights & Data

Privacy
Policy

We are committed to protecting your personal data and respecting your privacy rights under UK GDPR and the Data Protection Act 2018. This policy explains how eMart collects, uses, and safeguards your information.

Last Updated

26 March 2026

Jurisdiction

United Kingdom

UK GDPR · DPA 2018

Who We Are Data We Collect How We Use It Legal Basis Sharing Data Your Rights Cookies Contact Us

Who We Are

eMart is a trading name of Avatar Technology Ltd, a company registered in England and Wales (Company No. 00000000). Our registered office is at 123 Tech Park, London, EC1A 1AA.

We operate emart.co.uk, an online marketplace for trusted IT equipment including laptops, desktop computers, Mac products, tablets, mobile devices, and components. We act as the Data Controller for all personal data processed through our website and services.

Contact Our Data Controller

Data Protection Officer: dpo@emart.co.uk
Postal: Data Protection Officer, eMart / Avatar Technology Ltd, 123 Tech Park, London, EC1A 1AA
Phone: +44 (0)20 0000 0000 (Mon–Fri 09:00–17:30)

We are registered with the Information Commissioner's Office (ICO) under registration number ZA000000. You may verify this at ico.org.uk.

Data We Collect

We collect and process personal data only where it is necessary for a legitimate purpose. The categories below detail what we collect, why, and how long we retain it.

Data Category

Examples

Purpose

Retention

Identity Data

First name, last name, username

Account creation, order fulfilment

7 years (tax/legal)

Contact Data

Email address, phone number, delivery address

Order delivery, customer support, marketing (with consent)

7 years after last order

Financial Data

Payment card last 4 digits, billing address (via Stripe)

Processing payments

Stripe holds this. We retain billing address 7 years

Transaction Data

Order history, products purchased, prices paid

Order fulfilment, warranty, VAT records

7 years (HMRC requirement)

Technical Data

IP address, browser type, device identifiers, cookies

Website security, fraud prevention, analytics

13 months (analytics), session (functional)

Usage Data

Pages visited, search queries, product views

Improving the website, personalised recommendations

13 months

Communications Data

Support emails, live chat transcripts

Customer service, complaint handling

3 years after resolution

B2B Trade Data

Company name, VAT number, trade account details

Trade pricing, invoicing, account management

7 years after account closure

We do not collect sensitive personal data (as defined by UK GDPR Article 9) such as racial or ethnic origin, health data, biometric data, or political opinions.

Data We Do Not Store

Full payment card numbers, CVV codes, and bank account details are never stored on our servers. All payment processing is handled directly by Stripe, a PCI-DSS Level 1 certified payment processor. We receive only a tokenised reference.

Children's data: Our services are intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us immediately at dpo@emart.co.uk.

How We Use Your Data

We use your personal data only for the purposes described below, and only where we have a valid legal basis to do so under UK GDPR.

Fulfilling your orders: Processing payment, arranging delivery, providing order confirmations and dispatch notifications.

Account management: Creating and maintaining your eMart account, enabling order history access, and managing trade account settings.

Customer support: Responding to enquiries, resolving complaints, processing warranty claims and returns under the Consumer Rights Act 2015.

Legal compliance: Meeting our obligations under UK tax law (HMRC VAT records for 7 years), consumer protection legislation, and fraud prevention.

Marketing communications: Sending you promotional emails, product updates, and offers — only where you have given explicit consent. You may unsubscribe at any time.

Website improvement: Analysing aggregated usage patterns to improve site performance, search relevance, and product discovery. We use anonymised data where possible.

Fraud and security: Detecting and preventing fraudulent transactions, account takeovers, and abuse of our systems using IP monitoring and automated risk scoring.

Automated Decision-Making

Our fraud prevention system may automatically flag orders for manual review. No order is automatically cancelled without human review. You have the right to request human intervention on any automated decision affecting you.

Legal Basis for Processing

Under UK GDPR Article 6, we rely on the following lawful bases:

Contract Performance (Art. 6(1)(b))

Processing your order, delivering products, managing your account. This is necessary for us to fulfil our contract with you.

Legal Obligation (Art. 6(1)(c))

Retaining financial records for HMRC, complying with consumer protection law, and responding to lawful law enforcement requests.

Legitimate Interests (Art. 6(1)(f))

Fraud prevention, website security, improving our services, and direct marketing to existing customers (B2B soft opt-in under PECR). We have assessed that our interests do not override your fundamental rights.

Consent (Art. 6(1)(a))

Marketing emails to new subscribers, non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Sharing Your Data

We do not sell, rent, or trade your personal data to third parties. We share data only where necessary with trusted partners who act as data processors under written contracts.

Stripe, Inc.: Payment processing. PCI-DSS Level 1 certified. Data transferred to US under Standard Contractual Clauses (SCCs). stripe.com/gb/privacy

Royal Mail / DPD / Evri: Order delivery and tracking. UK-based carriers. Data limited to name, address, and contact number.

Google Analytics (anonymised): Website analytics with IP anonymisation enabled. No personal identifiers transferred. Data stored in EU/EEA.

Mailchimp / Email Service Provider: Marketing email delivery where you have consented. Data transferred to US under SCCs.

Cloud Hosting Provider: Our servers are hosted in UK/EEA data centres with ISO 27001 certification.

Law enforcement: We may disclose personal data to police, HMRC, or other competent UK authorities where required by law or to protect the rights, property, or safety of eMart or others. We will notify you where legally permitted.

International Transfers

Where data is transferred outside the UK (e.g. to US-based processors), we ensure adequate safeguards are in place: either an ICO adequacy decision, Standard Contractual Clauses (SCCs), or the UK International Data Transfer Agreement (IDTA). We do not transfer data to countries without appropriate protections.

Your Rights Under UK GDPR

As a UK data subject, you have comprehensive rights over your personal data. We aim to respond to all requests within 30 days. We will never charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.

Right of Access

Request a copy of all personal data we hold about you (Subject Access Request). We respond within 30 days.

Right to Rectification

Ask us to correct inaccurate or incomplete personal data without undue delay.

Right to Erasure

Request deletion of your personal data ("right to be forgotten") where there is no compelling reason for continued processing.

Right to Restriction

Request that we restrict processing of your data, for example while accuracy is contested.

Right to Portability

Receive your personal data in a structured, machine-readable format and transfer it to another controller.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes at any time.

Rights re: Automated Decisions

Not be subject to purely automated decisions that significantly affect you without human review.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting prior lawfulness.

How to Exercise Your Rights

Submit a request by emailing dpo@emart.co.uk with the subject line "Data Rights Request". Please include your full name, email address, and a description of your request. We may need to verify your identity before processing the request.

Right to complain: If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO Website: ico.org.uk/make-a-complaint

ICO Helpline: 0303 123 1113

Post: ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Cookies & Tracking

We use cookies and similar technologies in accordance with the Privacy and Electronic Communications Regulations (PECR). We obtain your consent before placing non-essential cookies.

Cookie Type

Purpose

Consent Required

Strictly Necessary

Shopping cart, session authentication, security (CSRF tokens)

No — essential for the site to function

Functional

Remembering preferences (currency, region, saved searches)

Yes

Analytics

Measuring website performance and understanding user behaviour (Google Analytics, anonymised)

Yes

Marketing

Targeted advertising and retargeting campaigns

Yes

You can manage or withdraw cookie consent at any time via our panel, accessible in the site footer. Withdrawing consent may affect certain site functionality. You can also manage cookies through your browser settings — see aboutcookies.org for guidance.

Contact Us About Privacy

For any questions, concerns, or requests relating to your personal data and this Privacy Policy, please contact our Data Protection Officer:

dpo@emart.co.uk

Phone

+44 (0)20 0000 0000

Post

DPO, eMart, 123 Tech Park, London, EC1A 1AA

Response time

Within 30 calendar days

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business practices. We will notify you of material changes by email (if you have an account) or by posting a prominent notice on our website. The "Last Updated" date at the top of this page shows when the policy was most recently revised. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

PrivacyPolicy