top of page
Privacy Policy – Without Brakes

 

Introduction

Without Brakes (“we”, “us”, or “our”) is committed to protecting your personal data and ensuring transparency about how we handle it. This privacy policy explains what personal information we collect, why we collect it, how it is used, and how it is protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

Who We Are

For any privacy-related enquiries, please contact us using the details above.

What Personal Data We Collect

We may collect and process the following types of personal information:

  • Names and contact details (e.g. name, email address, telephone number)

  • Billing and delivery addresses

  • Purchase or account history

  • Website usage data (including cookies, browsing activity, and user journeys)

We do not collect sensitive personal data (e.g. health, racial, or biometric data).

 

Purposes of Processing

We collect and use personal information for the following purposes:

  • To process and fulfil orders for goods and services

  • To manage and maintain customer accounts

  • To communicate service updates and promotional offers (with consent)

  • To manage returns, warranties, and guarantees

  • To analyse website usage and improve online experience

  • To comply with financial and legal record-keeping requirements

 

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Contract: To fulfil orders, manage customer relationships, and provide after-sales support.

  • Consent: For optional marketing communications and cookie-based analytics.

  • Legitimate Interests: To operate a secure, efficient business and improve customer experience (for example, managing website traffic or ensuring fraud prevention).

  • Legal Obligation: To meet accounting, tax, and other statutory record-keeping duties.

 

Legitimate Interests Assessment

Where legitimate interests are relied upon, we have conducted an assessment to ensure our use of data is balanced, necessary, and not overly intrusive. This may include ensuring transactions are processed securely and customers receive updates about their orders or services.

 

Where We Get Your Data

We collect information:

  • Directly from you, when you place an order, create an account, or contact us.

  • From third parties, such as payment providers and online sales platforms (e.g. eBay, PayPal, or SumUp) used to process transactions securely.

 

Sub-Processors and Third-Party Systems

We use trusted third-party systems to manage our operations securely:

  • Wix – Website hosting, contact forms, and analytics

  • eBay – Online sales and order management platform

  • PayPal – Secure online payment processing

  • SumUp – Point-of-sale and payment processing

  • Kashflow – Accounting and invoicing management

 

All third parties process data under appropriate contracts and security measures that comply with UK GDPR.

 

Data Sharing

We do not sell or rent personal data. We may share data only when necessary:

  • With payment processors (e.g. PayPal, SumUp) to complete transactions

  • With accounting providers (e.g. Kashflow) for financial record-keeping

  • With couriers or delivery companies to fulfil orders

  • With regulators or authorities where legally required

 

Data Retention

Personal data is retained only as long as necessary to meet the purposes described above or comply with legal requirements. In most cases:

  • Order and payment records are retained for 6 years (to meet tax and accounting obligations).

  • Marketing data is retained until consent is withdrawn.

 

International Data Transfers

Some of our service providers (such as Wix, PayPal, and eBay) may store data outside the UK.
When this occurs, transfers are protected using Standard Contractual Clauses (SCCs) or other legally recognised safeguards to ensure an equivalent level of data protection.

 

Data Security

We apply appropriate technical and organisational measures to protect your information, including:

  • Encrypted payment processing (SSL/TLS)

  • Secure account and password management

  • Restricted access to authorised personnel only

  • Regular reviews of supplier data protection practices

 

Your Rights

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate data

  • Request deletion of your data, where legally possible

  • Withdraw consent to marketing or analytics at any time

  • Object to certain types of processing (e.g. direct marketing)

  • Request a copy of your data in a portable format

 

How to Complain

If you have concerns about how your personal information is handled, please contact us at: brian@withoutbrakes.com

If you remain dissatisfied, you can raise a complaint with the Information Commissioner’s Office (ICO):

bottom of page