1. Who We Are
EcoOrganic Limited is a UK-based online retailer specialising in premium Turkish organic cotton home textiles, including towels, bathrobes, peshtemals (hammam towels), and bedspreads. Our website is https://ecoorganiclimited.co.uk.
We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you visit our website or place an order with us. It applies in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
- Order and account information: your name, billing and delivery address, email address, telephone number, and order history when you make a purchase.
- Contact enquiries: your name, email address, and the content of any message you send via our Contact page.
- Browsing data: IP address, browser type and version, pages visited, time and date of visits, and referring URLs, collected automatically via cookies and analytics tools.
- Payment data: payment card details are processed directly by our third-party payment provider; we do not store full card numbers on our servers.
3. How and Why We Use Your Data
We use your personal data for the following purposes:
- To process and fulfil your orders, including arranging delivery and sending order confirmations.
- To communicate with you about your order, respond to enquiries, and provide customer support.
- To comply with our legal and regulatory obligations (e.g. tax and accounting records).
- To improve our website, products, and services through anonymised analytics.
- To send you marketing communications where you have consented or where we have a legitimate interest to do so.
4. Lawful Basis for Processing
We rely on the following lawful bases under UK GDPR:
- Contract: processing is necessary to fulfil your order and deliver our services to you.
- Legal obligation: we must retain certain records to comply with tax and other legal requirements.
- Legitimate interests: we may process data for fraud prevention, website security, and improving our services, where these interests are not overridden by your rights.
- Consent: where we ask for your specific consent (e.g. for marketing emails), you may withdraw it at any time.
5. Cookies and Analytics
Our website uses cookies — small text files placed on your device — to ensure it functions correctly, to remember your preferences, and to help us understand how visitors use the site.
We use analytics tools (such as Google Analytics) to collect aggregated, anonymised information about website traffic and behaviour. These tools may set their own cookies. You can opt out of analytics tracking by adjusting your browser settings or using the relevant opt-out tools provided by those services.
You can control and/or delete cookies via your browser settings. Please note that disabling cookies may affect the functionality of our website.
6. Payment Processors and Third Parties
We use trusted third-party service providers to operate our business, including:
- Payment processors (such as Stripe or PayPal) to securely handle payment transactions. These providers are PCI-DSS compliant and have their own privacy policies.
- Delivery and logistics partners to fulfil and ship your orders.
- Email and hosting providers to operate our website and send transactional communications.
- Analytics providers to understand website usage.
We only share your personal data with third parties to the extent necessary for them to provide their services to us. We do not sell your personal data to any third party.
7. Data Retention
We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. Order and transaction records are typically retained for six years in accordance with HMRC requirements. Contact enquiry records are retained for a reasonable period to resolve your query and for our legitimate record-keeping purposes.
8. Your Rights Under UK GDPR
Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:
- Right of access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may ask us to correct inaccurate or incomplete data.
- Right to erasure: you may request that we delete your data, subject to certain legal exceptions.
- Right to restriction: you may ask us to restrict how we process your data in certain circumstances.
- Right to data portability: you may request your data in a structured, commonly used, machine-readable format.
- Right to object: you may object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, please contact us via our Contact page. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you are unhappy with how we handle your data.
9. How to Contact Us
If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please get in touch via our Contact page. We will be happy to assist you.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on this page. This policy was last reviewed in June 2025.