1. Introduction

This Privacy Policy explains how AurumLabs Ltd (“we”, “us”, “our”) collects, uses, discloses and protects personal data when you visit or make a purchase from aurum-labs.co (the “Site”). It applies to all visitors and customers of the Site.

We are the “data controller” of your personal data for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

If you do not agree with the terms of this Privacy Policy, please do not use the Site.

2. Who We Are

AurumLabs Ltd is a company registered in England and Wales, trading through the website aurum-labs.co. For any privacy-related queries, you can contact us at support@aurum-labs.co or via our contact page.

3. Information We Collect

We may collect and process the following categories of personal data:

Identity data: name, title, and any other information you provide when creating an account or placing an order.

Contact data: billing address, delivery address, email address and telephone number.

Transaction data: details of products purchased, order history, and records of payments made to and from you.

Technical data: IP address, browser type and version, device information, time zone setting, operating system, and other technology on the devices you use to access the Site.

Usage data: information about how you use the Site, including pages visited, time spent on pages, and navigation patterns.

Marketing and communications data: your preferences in receiving marketing from us, and your communication preferences.

We do not store full payment card details. Payments are handled entirely by our third-party payment processor, which has its own privacy policy and security measures.

4. How We Collect Your Data

We collect personal data through the following means:

— Directly from you when you place an order, create an account, contact us, or sign up to receive marketing communications.

— Automatically through cookies, server logs and similar technologies when you interact with the Site.

— From third parties such as our payment processor, shipping carriers, analytics providers and marketing platforms.

5. How We Use Your Data

We will only use your personal data where we have a lawful basis to do so under the UK GDPR. The lawful bases we rely on are:

Contract: to process and fulfil your orders, to provide customer service, and to manage our relationship with you.

Legal obligation: to comply with our legal, accounting, tax and regulatory obligations.

Legitimate interests: to operate and improve the Site, to prevent fraud, to keep our records up to date, and to protect our business and our customers.

Consent: where you have given us consent to send you marketing communications or to use non-essential cookies.

Specifically, we use your personal data to: process and dispatch your orders (including arranging payment, shipping and any returns); send you order confirmations, dispatch notifications and other transactional communications; respond to your enquiries and provide customer support; detect, prevent and investigate fraud or unauthorised use of the Site; improve the Site, our products and our customer experience through analytics; send you marketing communications where you have opted in (you can unsubscribe at any time); and comply with our legal and regulatory obligations.

6. Cookies and Similar Technologies

The Site uses cookies and similar tracking technologies to distinguish you from other users, to remember your preferences, and to analyse how the Site is used. Cookies may be set by us or by third-party service providers.

We use the following broad categories of cookies:

Strictly necessary cookies: required for the operation of the Site, such as maintaining a shopping cart or processing payments.

Analytics cookies: help us understand how visitors use the Site so we can improve it.

Marketing cookies: used to deliver relevant advertising and measure its effectiveness.

You can control cookies through your browser settings and, where applicable, through the cookie preference controls provided on the Site. Disabling certain cookies may affect the functionality of the Site.

7. Third Parties We Share Data With

We do not sell your personal data. We only share it with third parties where necessary and on a lawful basis, including:

— Payment processors who handle transactions on our behalf.

— Hosting and infrastructure providers that run the Site and store data on our behalf.

— Shipping and logistics providers that deliver your orders.

— Analytics and marketing providers that help us understand and improve the Site.

— Email and communications providers that send transactional and marketing messages on our behalf.

— Professional advisers, including accountants and lawyers, where reasonably necessary.

— Regulatory authorities, law enforcement and other public bodies where we are required by law to disclose information.

All third parties we share personal data with are contractually required to handle it in accordance with applicable data protection laws and only for the purposes we specify.

8. International Transfers

Some of our third-party service providers may be based outside the United Kingdom, which means their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer personal data out of the UK, we ensure a similar degree of protection is afforded to it by using approved safeguards, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

9. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements. In general:

— Transaction records are retained for at least six years to comply with UK tax and accounting obligations.

— Account data is retained for as long as your account remains active, and for a reasonable period thereafter.

— Marketing data is retained until you withdraw consent.

When personal data is no longer required, we will securely delete or anonymise it.

10. Data Security

We have put in place appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration or disclosure. These include encryption in transit, access controls, and secure third-party infrastructure.

However, no method of transmission over the internet or electronic storage is fully secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

11. Your Rights

Under the UK GDPR, you have the following rights in respect of your personal data:

Right of access: to request a copy of the personal data we hold about you.

Right of rectification: to request correction of any inaccurate or incomplete data.

Right to erasure: to request deletion of your personal data in certain circumstances.

Right to restrict processing: to request that we stop using your data in certain circumstances.

Right to data portability: to receive your data in a structured, commonly used format, and to have it transmitted to another controller.

Right to object: to object to our processing of your personal data where we rely on legitimate interests.

Right to withdraw consent: where we rely on consent as the lawful basis.

To exercise any of these rights, please contact us at support@aurum-labs.co. We may need to verify your identity before responding. We will respond within one month of receiving a valid request, although this may be extended for complex requests.

You also have the right to lodge a complaint with the Information Commissioner’s Office (the UK supervisory authority for data protection) at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concerns before you approach the ICO.

12. Children

The Site is not directed at, and we do not knowingly collect personal data from, any person under the age of 18. If you believe we have inadvertently collected data relating to a minor, please contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last updated” date at the top of this policy, and will be effective as soon as it is posted on the Site. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@aurum-labs.co or via our contact page.