Looking after your personal information matters to us. This notice explains what we collect, why we collect it, how long we keep it, and the choices you have. We've tried to write it the way we'd want it written for our own families.
About this policy
The data controller for personal information processed through this website is OEM Quality Wing Mirrors Ltd, registered office: Unit 14, Albion Business Park, Birmingham B11 4XX, United Kingdom. Where we refer to "we", "us" or "our" below, we mean OEM Quality Wing Mirrors Ltd.
This policy applies to information we collect when you visit the website at oemquality-wingmirrors.co.uk, place an order with us, contact our customer-service team, or interact with our emails.
What information we collect
We group the data we hold into three categories so it's easier to see what comes from where.
(a) Information you give us
When you place an order or get in touch, you provide details such as your name, delivery address, billing address (if different), email address and phone number. Payment card details are entered directly into our payment processors' secure forms — Stripe and PayPal — and never reach our own servers in their full form.
(b) Information we collect automatically
When you browse the site we collect basic technical information including your device type, browser version, operating system, IP address, referring URL, and the pages you view during your visit. This is collected through cookies and similar technologies and is mostly aggregated rather than tied to you personally.
(c) Information from third parties
Our delivery couriers (Royal Mail, DPD, Parcelforce) send us tracking and delivery-confirmation events for parcels addressed to you. Our payment processors send us authorisation status and a redacted card descriptor for fraud checks. We do not buy mailing lists or marketing data from third-party brokers.
How we use your information
We only process your data for purposes that have a clear lawful basis under the UK GDPR. The main ones are:
- Performing our contract with you — fulfilling orders, sending confirmation and dispatch emails, handling returns, providing customer support
- Our legitimate interests — preventing fraud, improving our products and website, securing our systems, analysing aggregate visit patterns
- Your consent — sending you our optional monthly newsletter, dropping non-essential analytics or marketing cookies
- Legal obligation — keeping accounting records, responding to lawful requests from authorities
Cookies and tracking
Our site uses three categories of cookies. You can change your preferences at any time from the cookie preferences screen.
- Essential
- Required for the site to work — for example, remembering what's in your basket and keeping you signed in during checkout. These cannot be switched off.
- Analytics
- Help us understand which pages are useful and where customers get stuck. We use a privacy-respecting analytics provider that does not build cross-site profiles.
- Marketing
- Allow us to measure the effectiveness of our advertising and show you relevant ads on partner sites. Only set if you opt in.
We honour Global Privacy Control signals where your browser sends them, treating them as a withdrawal of consent for non-essential cookies.
Who we share your data with
We share the minimum amount of personal data needed to run the service. The categories of recipients are:
- Payment processors — Stripe Payments UK Ltd and PayPal (Europe) S.à r.l. handle card and PayPal transactions on our behalf
- Couriers — Royal Mail, DPD and Parcelforce receive the delivery name, address and a contact number so they can complete delivery and send tracking updates
- Email service provider — our transactional and newsletter email is sent via a UK-based ESP
- Analytics provider — aggregated, mostly anonymised usage data is processed by our analytics partner under a strict data-processing agreement
We do not sell personal data to third parties for marketing or any other purpose.
International transfers
Wherever possible, we keep your data within the United Kingdom and the European Economic Area. Some of our service providers — notably parts of our analytics and email infrastructure — process data in the United States. Where this happens, we rely on the UK International Data Transfer Addendum to the European Commission's Standard Contractual Clauses.
How long we keep your data
We don't hold data for longer than we need it. Our headline retention periods are:
- Order and accounting records — 7 years from the end of the relevant tax year, as required by HMRC
- Customer-service correspondence — 24 months from the last contact
- Marketing consents and preference history — 3 years from the last interaction with our emails
- Anonymised website analytics — up to 26 months, then deleted or aggregated
- Account profiles (where created) — until you ask us to close the account, plus 30 days to allow for recovery
Your rights
Under the UK GDPR you have the following rights in relation to the personal data we hold about you:
- Right of access — a copy of the personal data we hold about you
- Right to rectification — to have inaccurate or incomplete data corrected
- Right to erasure — to have your data deleted where there is no good reason for us to keep processing it
- Right to restrict processing — to pause use of your data while a dispute is resolved
- Right to data portability — to receive certain data in a structured, machine-readable format
- Right to object — including objecting to processing based on legitimate interests or direct marketing
- Right to withdraw consent — at any time, for processing that relied on consent
- Right to complain — to the Information Commissioner's Office (ICO) at ico.org.uk
How to exercise your rights
The quickest route is to email our privacy team at privacy@oemquality-wingmirrors.co.uk. You can also write to us at:
Privacy Team, OEM Quality Wing Mirrors Ltd, Unit 14, Albion Business Park, Birmingham B11 4XX, United Kingdom
We may need to verify your identity before acting on a request — usually by confirming details from a recent order. We aim to respond within 30 calendar days.
Changes to this policy
We may update this notice from time to time to reflect changes in how we work, in the services we use, or in privacy law. The "last updated" date at the top of the page always shows the current version.
When we make material changes — for example introducing a new category of recipient or a meaningfully different use of your data — we will let you know by an on-site banner for at least 30 days.