Privacy Policy

DIY-EFI LTD: PRIVACY & COOKIE POLICY

LAST UPDATED: MAY 2026

1. OVERVIEW AND WHO WE ARE

DIY-EFI Ltd (“we”, “us”, or “our”) is the data controller responsible for your personal data. This policy explains how we collect, process, and protect your data when you visit our website or purchase our products (including ECUs, hardware components, and software).

We respect your data rights. We only collect what is necessary to run our business, fulfil your orders, and comply with UK law. We do not sell your personal data to third parties.

2. THE DATA WE COLLECT

We may collect, use, and store the following categories of personal data:

  • Identity Data: First name, last name, username.
  • Contact Data: Billing address, delivery address, email address, telephone number.
  • Financial Data: Payment card details (Note: We do not store full credit card numbers; these are securely processed directly by our payment gateways, e.g., Stripe/PayPal).
  • Transaction Data: Details about payments to and from you, and records of products/services you have purchased from us.
  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, and operating system.

3. HOW AND WHY WE USE YOUR DATA (LAWFUL BASIS)

Under UK GDPR, we must have a valid lawful basis to process your data. We use the following legal grounds:

Purpose / ActivityType of DataLawful Basis for Processing
To register you as a new customerIdentity, ContactPerformance of a contract with you.
To process and deliver your order (Manage payments, arrange shipping)Identity, Contact, Financial, TransactionPerformance of a contract with you.
To manage our relationship with you (Notifying you of changes to T&Cs or safety recalls)Identity, ContactLegal obligation; Performance of a contract.
To administer and protect our business and website (Troubleshooting, data analysis, system security)Identity, Contact, TechnicalNecessary for our legitimate interests (running our business, network security).
To comply with accounting and tax lawsIdentity, Contact, TransactionNecessary to comply with a legal obligation (HMRC requirements).

4. WHO WE SHARE YOUR DATA WITH

We only share your personal data with trusted third parties required to operate our business:

  • Couriers & Postal Services: (e.g., Royal Mail, DPD) to deliver your hardware.
  • Payment Processors: (e.g., Stripe, PayPal) to securely process your payments.
  • IT & System Administration: Web hosting providers and server administrators.
  • Professional Advisers & Government: Accountants, lawyers, and HM Revenue & Customs (HMRC), who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

5. INTERNATIONAL TRANSFERS

If you are located outside the UK, or if we use software providers with servers based outside the UK (e.g., US-based web hosting), your data may be transferred internationally. We ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented, such as UK-approved standard contractual clauses.

6. DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for seven years after they cease being customers for tax and legal purposes.

7. YOUR LEGAL RIGHTS

Under UK data protection laws, you have the following rights regarding your personal data:

  • Request access: Get a copy of the personal data we hold about you.
  • Request correction: Fix any incomplete or inaccurate data we hold.
  • Request erasure: Ask us to delete your data where there is no good reason for us continuing to process it (note: we may not always be able to comply if we have a legal obligation to retain it, e.g., for tax records).
  • Object to processing: Object to our processing of your data based on legitimate interest.
  • Request restriction: Ask us to suspend the processing of your data.
  • Request transfer: Request your data be transferred to you or a third party.

To exercise any of these rights, please contact us.

8. COOKIE POLICY

Our website uses cookies to distinguish you from other users, keep track of your shopping cart, and ensure the site functions correctly.

  • Strictly Necessary Cookies: Required for the operation of our website (e.g., adding items to your basket, logging into secure areas). You cannot opt out of these.
  • Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website. This helps us improve the way our website works.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

9. COMPLAINTS

If you have any concerns about how we handle your data, please contact us first so we can resolve the issue.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).