CPAP Store London – Privacy Policy

Effective Date: 1 June 2023
Last Updated: 24 July 2025

CPAP Store London is committed to protecting your privacy and processing your personal data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This policy explains how we collect, use, store, and protect your personal data when you visit our retail store or use our website.

1. Who We Are

CPAP Store London is a medical equipment retailer offering CPAP/BiPAP machines, masks, and accessories to customers in the UK.
If you have any questions about this policy or how we handle your data, you may contact us at:

Email: [email protected]

2. What Information We Collect

We may collect the following types of personal data:

  • Name, phone number, email address, and delivery address

  • Payment information (processed securely through third-party providers)

  • Device/browser information and IP address

  • Health-related details you voluntarily provide (e.g., prescriptions)

  • Order history, communication preferences, and support requests

3. How We Use Your Data

We use your personal data to:

  • Fulfill your orders and deliver products

  • Respond to enquiries and provide customer support

  • Send order confirmations and delivery updates

  • Provide marketing communications (only if you opt in)

  • Improve our website and customer experience

  • Maintain legal, financial, and security obligations

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal grounds:

  • Contractual necessity (to process and deliver your order)

  • Consent (for optional marketing messages)

  • Legal obligation (e.g., tax, fraud prevention)

  • Legitimate interest (to improve services and support)

You may withdraw consent at any time by contacting us.

5. How We Share Your Data

We may share your data with:

  • Trusted service providers (e.g., couriers, payment processors)

  • IT and cloud service partners who support our systems

  • Legal authorities if required by law or regulation

We do not sell your personal data to third parties.

6. International Data Transfers

Your data is stored on servers located in the UK and EEA. If data is transferred outside the UK, we ensure adequate protection is in place (e.g., Standard Contractual Clauses).

7. Marketing & Communications

You will only receive marketing emails or SMS if you’ve provided consent. You can unsubscribe at any time by:

  • Clicking the “Unsubscribe” link in any email

  • Contacting us directly via [email protected]

8. Your Rights Under UK GDPR

As a UK resident, you have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate data

  • Request deletion (the “right to be forgotten”)

  • Object to or restrict processing

  • Withdraw consent to marketing

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, email us at [email protected].

9. Cookies & Analytics

We use cookies to improve site performance and personalise content.
On your first visit, a banner allows you to accept or manage cookie preferences in accordance with PECR.

We may use tools such as Google Analytics to monitor site usage, but no personally identifiable information is collected without your consent.

10. Data Retention

We retain your data only as long as necessary for:

  • Order fulfillment and support (7 years for financial compliance)

  • Marketing (until consent is withdrawn)

  • Support and communication records (up to 3 years)

11. Data Security

We implement technical and organizational measures to keep your data safe, including encryption, secure payment gateways, access controls, and regular monitoring.

12. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects. If this changes, we will notify you and offer the right to request human review.

13. Updates to This Policy

We may update this privacy policy to reflect changes in regulation or our practices. The latest version will always be available on our website. Material changes will be highlighted clearly.

14. Contact Details

If you have questions, concerns, or would like to exercise your data rights:

CPAP Store London
Email: [email protected]