Privacy Policy

Effective Date: October 2025

1. Introduction

This Privacy Policy explains how OME (“we”, “us”, “our”) collects, uses, stores, protects, shares, and deletes personal data when providing our services through www.ordersmadeeasy.co.uk (the “Website”).

We are committed to maintaining the highest standards of data protection and privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller Information

Data Controller: OME (L.J. Gibson)
Website: www.ordersmadeeasy.co.uk
Contact Email: admin@ordersmadeeasy.co.uk

3. Data We Collect

We may collect and process the following categories of personal data:

a. Order and Account Data

Customer names, contact details, delivery addresses, order identifiers, product details, fulfilment records, and user account information (email address, login credentials, access roles).

b. System and Usage Data

IP addresses, browser type, operating system, access logs, device and session information for security and analytics.

c. Communication Data

Correspondence sent to us by email, phone, or through our website contact forms.

We collect only the data necessary to provide and support our services.

4. Legal Basis for Processing

We process personal data under one or more lawful bases defined by the UK GDPR:

PurposeLegal Basis (Article 6 UK GDPR)
Processing and fulfilling customer ordersPerformance of a contract (6(1)(b))
Maintaining user accountsLegitimate interest (6(1)(f))
Customer communications and supportLegitimate interest (6(1)(f))
Compliance with legal or regulatory requirementsLegal obligation (6(1)(c))
Security monitoring, fraud prevention, and auditLegitimate interest (6(1)(f))

5. How We Use Personal Data

Personal data is used strictly for the following purposes:

  • Processing, managing, and fulfilling customer orders.
  • Providing access to user accounts and internal systems.
  • Communicating with customers and fulfilment partners regarding orders.
  • Maintaining security, integrity, and availability of our systems.
  • Complying with applicable laws and data protection obligations.

We do not use personal data for automated decision-making or profiling.

6. Data Sharing and Disclosure

We share personal data only with trusted third parties where necessary to provide our services:

  • Fulfilment and delivery partners to complete orders.
  • Service providers offering secure hosting, IT infrastructure, and technical support.
  • Internal personnel with controlled access based on role and necessity.

All third parties are bound by contractual obligations to handle data securely and in compliance with applicable law. We never sell or lease personal data to any other party.

7. Data Security

We apply technical and organisational measures to ensure an appropriate level of protection for all personal data. These measures include:

  • Encryption of data at rest (AES) and in transit (TLS/SSL).
  • Access control based on least privilege and role-based permissions.
  • Regular security assessments and monitoring.
  • Multi-factor authentication for administrative systems.
  • Secure audit trails for data access and modification.

Only authorised personnel with a legitimate business need are permitted to access personal data.

8. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Retention periods are determined based on the duration of customer or business relationships, legal obligations, and security and audit requirements. Once data is no longer required, it is securely and irreversibly deleted or anonymised.

9. Data Deletion and Disposal

We maintain documented procedures for the secure deletion of personal data. Data is deleted from all systems, backups, and storage locations within defined retention periods. Deletion uses methods that render data permanently unrecoverable. Deletion requests are logged and verified.

10. International Transfers

If personal data is transferred outside the United Kingdom, we ensure that adequate safeguards are applied in accordance with the UK GDPR. Safeguards may include transfers to countries recognised as providing adequate protection or the use of Standard Contractual Clauses approved by the UK Information Commissioner’s Office.

11. Data Subject Rights

Individuals have the right to:

  • Request access to their personal data.
  • Request correction or erasure of their data.
  • Request restriction or objection to processing.
  • Request data portability.

Requests may be submitted to [Insert Data Protection Contact Email]. We will respond within one month in accordance with UK GDPR.

12. Cookies and Tracking Technologies

Our Website may use cookies and similar technologies to ensure functionality and improve user experience. Cookies do not store sensitive personal data. Users may control or delete cookies through their browser settings at any time.

13. Security Incident Management

We maintain an incident response plan to identify, investigate, and mitigate any personal data breaches. If a breach is likely to result in a risk to individuals’ rights and freedoms, we will notify affected parties and the Information Commissioner’s Office (ICO) as required by law.

14. Changes to This Policy

We may update this Privacy Policy periodically. The updated version will be posted on our Website with a revised “Effective Date.” We encourage users to review this Policy regularly.

15. Contact Us

For any questions, data protection concerns, or to exercise your rights, please contact:

Data Protection Officer (DPO)
OME (L.J. Gibson)
Email: admin@ordersmadeeasy.co.uk