top of page

Privacy Policy (required under UK GDPR)

Privacy Policy

CAF Stock – Privacy Policy

Last updated: [01/07/25]

CAF Stock (“CAF”, “we”, “our”, “us”) respects your privacy and is committed to protecting your personal data.
This notice explains what information we collect, how we use it, your rights, and how to contact us.

1. Who we are

CAF Stock is an online supplier of radiators, bathroom products, lighting, furniture, appliances and related goods.

Data Controller: CAF Stock
Email: privacy@cafstock.co.uk
Postal: 
Phone: 0330 043 9984

If you have any questions about this policy or your personal data, please contact us using the details above.

2. What information we collect

We collect and process the following categories of personal data when you use our website, contact us, or place an order:

  • Identity & contact details – name, email address, phone number, billing and delivery addresses.

  • Order details – items purchased, payment status, delivery tracking.

  • Payment details – limited payment metadata (we do not store or have access to your full card details).

  • Communications – emails, WhatsApp messages, live chat, and phone call notes.

  • Technical data – device, browser type, IP address, and cookies (see our Cookie Notice).

  • Marketing preferences – your opt-in or opt-out choices.

We collect this data directly from you, through our website, or through trusted third-party providers that help us operate the business (e.g., payment processors, couriers).

3. How we use your information

We use your personal data only for lawful, limited purposes:

  1. To process and deliver your order – including payment, invoicing, and arranging delivery.

  2. To provide customer service – order updates, returns, warranty, or technical support.

  3. To comply with legal obligations – accounting, tax, and consumer-protection laws.

  4. To prevent fraud or misuse of our website or payment systems.

  5. To send service messages (e.g., order confirmation, delivery notifications).

  6. To send optional marketing emails if you’ve consented – you can unsubscribe at any time.

We do not use your data for automated profiling, resale, or behavioural advertising.

4. Lawful bases for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract: to fulfil your purchase and provide related services.

  • Legal obligation: to meet accounting, tax, and regulatory requirements.

  • Legitimate interests: to improve our service, handle queries, and protect against fraud.

  • Consent: for optional marketing communications.

You can withdraw your consent to marketing at any time by clicking “unsubscribe” in our emails or contacting us directly.

5. Sharing your data

We only share data with trusted partners who help us operate our business. These include:

  • Payment processors (e.g., Stripe, PayPal, banks) – secure card payments.

  • Delivery and courier companies – to deliver your orders and handle returns.

  • IT, hosting, and email service providers – for secure website and communication management.

  • Professional advisers and accountants – for compliance and legal reasons.

  • Regulators or law enforcement – where legally required.

All partners are bound by data-protection agreements and may only use your data for our specific instructions.

We never sell, rent, or trade customer data to any third party.

6. International transfers

Some service providers (e.g., cloud or email systems) may store data outside the UK.
When they do, we ensure appropriate safeguards, such as UK adequacy decisions or Standard Contractual Clauses (SCCs), so your data remains protected to UK standards.

7. Retention

We keep personal data only as long as necessary:

  • Orders & invoices: 6 years (legal requirement).

  • Customer service communications: up to 6 years after your last contact.

  • Marketing preferences: until you unsubscribe or request deletion.

After these periods, data is securely deleted or anonymised.

8. Your rights

You have the following rights under UK data-protection law:

  • Access a copy of your data (data subject access).

  • Request correction of inaccurate or incomplete data.

  • Request erasure (“right to be forgotten”).

  • Restrict or object to certain processing.

  • Request data portability (for information you provided to us).

  • Withdraw consent for marketing at any time.

To exercise your rights, email privacy@cafstock.co.uk.
If you’re not satisfied with our response, you can complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.

9. Security

We use secure (HTTPS) encryption across our website, industry-standard payment gateways (PCI DSS compliant), and restrict staff access to data on a need-to-know basis.
While no system is entirely risk-free, we take all reasonable steps to protect your information from loss, misuse, or unauthorised access.

10. Cookies

Our website uses basic cookies to operate and to understand visitor numbers via anonymous analytics.
You can control or delete cookies through your browser settings at any time.
For full details, see our separate Cookie Notice (linked in the website footer).

11. Updates to this policy

We review this Privacy Policy regularly. Any updates will appear on this page with a new “last updated” date.
We encourage you to check periodically for the latest version.

Contact

For any questions, data requests, or complaints:
privacy@cafstock.co.uk
0330 043 9984
 

Payment Methods
bottom of page