Privacy Policy
Last updated: 27 February 2026
1. Who We Are
Domson Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are a company registered in England and Wales under company number 06460707 with our registered office at 1-10 Gordon Road, Waltham Abbey, EN9 1AF, United Kingdom. Our VAT registration number is GB924015849.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
- Email: office@domson.co.uk
- Phone: (+44) 02085 589 400
- Post: Data Protection, Domson Ltd, 1-10 Gordon Road, Waltham Abbey, EN9 1AF
2. What Data We Collect
We collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity | First name, last name, job title |
| Contact | Email address, phone number, business address |
| Company | Company name, registration number, VAT number, billing address |
| Account | Username, password (hashed), account preferences |
| Transaction | Order history, invoices, payment details, delivery information |
| Technical | IP address, browser type, operating system, pages visited |
We do not collect any special category data (such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, health data, or biometric data).
3. How We Collect Your Data
We collect personal data through:
- Direct interactions: When you register an account, place an order, request a quote, or contact us.
- Automated technologies: When you browse our website, we collect technical data through cookies and similar technologies (see our Cookie Policy).
- Third parties: Our sales representatives may provide your details when setting up your B2B account, or we may receive data from our SAP Business One system.
4. How We Use Your Data and Our Lawful Basis
Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. The bases we rely on are:
| Purpose | Lawful Basis |
|---|---|
| Processing and fulfilling your orders | Performance of a contract (Art. 6(1)(b)) |
| Managing your B2B account and company profile | Performance of a contract (Art. 6(1)(b)) |
| Sending order confirmations and invoices | Performance of a contract (Art. 6(1)(b)) |
| Providing customer support and responding to enquiries | Legitimate interest (Art. 6(1)(f)) |
| Website analytics and performance improvement | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations (e.g. tax, accounting) | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f)) |
5. Who We Share Your Data With
We may share your personal data with the following categories of recipients:
- Group companies: Domson Midlands Ltd and Domson Poland Sp. z o.o., for order fulfilment and logistics.
- Payment processors: Stripe and PayPal, to process your payments securely.
- Delivery partners: Courier and logistics companies to deliver your orders.
- IT service providers: Hosting, analytics and software providers who support our platform.
- Professional advisers: Accountants, lawyers and auditors where necessary.
- HMRC and regulators: Where required by law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes — we only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. International Transfers
Some of our service providers and group companies are based outside the United Kingdom. Whenever we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by relying on one of the following safeguards:
- Countries that the UK Government has deemed to provide an adequate level of protection (adequacy regulations).
- Standard contractual clauses approved by the UK Information Commissioner's Office (ICO).
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.
- Account data: Retained for the duration of your account and up to 12 months after closure.
- Transaction data: Retained for 7 years to comply with HMRC requirements.
- Technical/analytics data: Retained for up to 26 months.
8. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can ask us to correct any inaccurate or incomplete data.
- Right to erasure — You can ask us to delete your personal data in certain circumstances.
- Right to restrict processing — You can ask us to suspend the processing of your personal data.
- Right to data portability — You can request a machine-readable copy of your data.
- Right to object — You can object to processing based on legitimate interests.
- Right to withdraw consent — Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, please email us at office@domson.co.uk. We will respond within one month. You will not have to pay a fee unless your request is clearly unfounded, repetitive or excessive.
9. Cookies
Our website uses cookies and similar technologies. For full details about the cookies we use, the purposes for which we use them, and how you can manage your preferences, please see our Cookie Policy.
10. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These include:
- Encryption of data in transit (HTTPS/TLS).
- Secure, hashed password storage — we never store passwords in plain text.
- HTTP-only, secure cookies with strict same-site policies.
- Access controls limiting who within our organisation can view your data.
We have procedures to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.
11. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.