Privacy Policy
Last updated: 01/06/2026
This Privacy Policy describes the way we handle your personal data.
It sets out how VENTURLEY LIMITED (“we”, “us”, “our”) gathers, uses, discloses and safeguards your personal data when you use our website https://venturleyltd.com (the “Website”), when you buy our products, or when you otherwise deal with us.
Protecting your privacy matters to us, and we process personal data in line with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
Please read this Privacy Policy with care. If you cannot accept it, you should neither use our Website nor give us your personal data.
Definitions and terminology
The terms below carry the following meanings in this Privacy Policy:
“Controller” – the natural or legal person who decides why and how personal data is processed. Under this Policy, the Controller is VENTURLEY LIMITED.
“Personal data” – any information that relates to an identified or identifiable individual (a “data subject”); an identifiable individual is one who can be recognised, directly or indirectly, in particular through an identifier such as a name, an identification number, location data or an online identifier, or through one or more factors specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” / “to process” – any operation, automated or not, carried out on personal data or sets of personal data, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying.
“UK GDPR” – the UK General Data Protection Regulation, being the retained-EU-law form of Regulation (EU) 2016/679, as it has effect in the law of England and Wales, Scotland and Northern Ireland under section 3 of the European Union (Withdrawal) Act 2018, as amended.
“Data subject” / “you” / “your” – any identified or identifiable individual whose personal data we process, for instance a visitor to the Website, a customer or a contact person.
“Third party” – any natural or legal person, public authority, agency or body that is not the data subject, the Controller, the processor, or someone authorised to process personal data under the direct authority of the Controller or processor.
“Website” – our site at https://venturleyltd.com, together with any of its sub-pages or online resources that we operate and control.
Any term used here but not defined above carries the meaning given to it in the UK GDPR.
Data controller and contact details
We are the controller of your personal data. The controller (“Controller”) responsible for it is:
VENTURLEY LIMITED
Company Number: 16042303
VAT Number: 480219891
Registered office: 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX
If you have questions about this Privacy Policy or our data protection practices, write to us at: info@venturleyltd.com
Scope and who this Policy applies to
This Policy governs your dealings with us in relation to our Website and products. It applies to:
- people who visit our Website;
- customers who purchase our products;
- individuals who contact us (for example by email, through contact forms, or via social media);
- potential customers who receive our marketing messages (where this is permitted).
The Policy does not cover websites, apps or services run by third parties – including carriers (such as DHL or any other delivery partner), payment providers or social media platforms. Those are subject to their own privacy notices.
Categories of personal data we collect
The types of personal data we collect depend on how you interact with us. Depending on that interaction, we may collect and process:
Identity and contact data
- name;
- billing and delivery address;
- email address;
- telephone number (if you give it).
Order and transaction data
- the products you order;
- order dates and amounts;
- payment status;
- delivery status and tracking details;
- information about returns, reversals and chargebacks.
Payment data
- limited payment information, such as the payment method and transaction references. We do not retain full card details; these are handled on our behalf by our third-party payment processors.
Technical and usage data
- IP address;
- browser type and version;
- device identifiers;
- time-zone setting and approximate location;
- details of how you use our Website (pages visited, on-page interactions, referring URLs, length of session and similar statistics), gathered automatically through means such as server logs and comparable technologies.
Marketing and communication data
- your preferences regarding marketing from us;
- records of your communication preferences and any consent you have given;
- information about how you engage with our marketing (for example whether you open or click our emails).
Customer support and communication data
- the messages you send us (by email, contact form, webchat or social media);
- information concerning complaints, returns, reversals and chargebacks;
- any further details you choose to share when communicating with us.
Social media and online community data (where relevant)
If you engage with us through social media – by following our page, leaving a comment, sending a direct message or joining a promotion we run on a platform – we may receive:
- your public profile details (name, username or handle, profile photo);
- the content of any messages, comments or posts you direct to us;
- other information the platform makes available to us according to your settings there.
How we collect your personal data
We obtain personal data both directly from you and from certain third parties.
Data you give us directly
We collect personal data when you:
- complete forms on our Website (for instance at checkout or via a contact form);
- set up or update an account (where this is available);
- sign up for our newsletters or other marketing;
- get in touch with us by email, phone, webchat, social media or other means;
- take part in promotions, surveys or similar activities we run.
By completing the submission form and clicking “send” / “checkout” on our Website, you accept this Policy and give the Controller your informed consent to process your personal data where consent is the applicable legal basis, and you recognise that we may also process your data on the other legal bases described in section 7.
We also proceed on the following understanding:
- that the information you supply is entirely accurate. We do not check its authenticity, and you bear all risk arising from giving false or incomplete information;
- that you are entitled to give the relevant consent. If for any reason you are not, that consent must come from your legal representative.
By consenting to the processing of personal data and accepting this Policy, you also agree to your data being passed on, including to third parties.
Data we collect automatically
While you use our Website, certain technical and usage data (see section 5.4) is captured automatically by our IT systems (for example server logs and similar technologies). This helps us run, secure and improve the Website and understand how it is used.
Data we receive from third parties
We may obtain personal data about you from third parties, including:
- payment service providers (for instance payment confirmations, limited payment details, and information on chargebacks and reversals);
- delivery and logistics partners (for instance shipment and delivery status, proof of delivery, and return information);
- analytics and advertising providers (for instance aggregated or pseudonymised information about how you use our Website or our adverts);
- social media platforms, when you engage with our content or contact us through them;
- fraud-prevention and risk-management providers, where applicable.
Where we receive your data from another source, we process it in accordance with this Privacy Policy and, where the law requires, we will tell you about that processing within the applicable time limits.
Purposes and legal bases for processing
We only process your personal data where we have a lawful basis. Depending on the purpose, we rely on one or more of the following bases under the UK GDPR:
- processing necessary to perform a contract with you, or to take steps you have requested before entering into one (Art. 6(1)(b) UK GDPR);
- processing necessary to comply with a legal obligation that applies to us (Art. 6(1)(c) UK GDPR);
- processing necessary for our legitimate interests or those of a third party, except where your interests or fundamental rights and freedoms override them (Art. 6(1)(f) UK GDPR);
- in certain cases, your consent (Art. 6(1)(a) UK GDPR).
The purposes and their corresponding bases are set out below.
To process and fulfil your orders
Purposes: to take and process orders; to collect payment and manage transactions; to organise shipping, delivery and returns; to keep you informed about your order, including dispatch, delays or problems; to deal with reversals and chargebacks. Legal basis: performing a contract or taking pre-contractual steps at your request (Art. 6(1)(b)); our legitimate interest in running our business properly and preventing abuse (Art. 6(1)(f)).
Customer service and after-sales support
Purposes: to answer your enquiries and support requests; to handle complaints, reversals, chargebacks and disputes; to administer our return and refund policy (including any statutory cooling-off period or other consumer right). Legal basis: performing a contract (Art. 6(1)(b)); our legitimate interest in delivering good customer service, protecting our rights and defending legal claims (Art. 6(1)(f)).
Website operation, security and fraud prevention
Purposes: to operate and maintain the Website; to monitor and protect the security and integrity of our systems; to detect, investigate and prevent fraud, abuse or misuse (including product theft, fraudulent use of payment methods, and unusual ordering, reversal and chargeback patterns); to enforce our terms and conditions. Legal basis: our legitimate interest in keeping our services secure and functioning and in protecting our business and customers from fraud and other unlawful conduct (Art. 6(1)(f)); in some cases, compliance with legal obligations (for example record-keeping and cooperation with law enforcement) (Art. 6(1)(c)). Where we use automated tools to flag potentially fraudulent transactions (based on technical signals, chargeback history or other risk indicators), these tools generally do not produce legal effects concerning you or similarly significantly affect you within the meaning of the UK GDPR. Should we ever introduce automated decision-making of that kind, we will give you specific information and explain your related rights (see section 13).
Marketing and analytics
Purposes: to send you newsletters and other marketing about our products, services, offers and promotions where the law permits; to tailor that marketing to your purchase history and preferences where permitted; to understand how visitors use our Website, products and campaigns; to analyse and improve our services, user experience, Website performance and marketing effectiveness. Legal basis: your consent (Art. 6(1)(a)), for example where the law requires it for email or SMS marketing; our legitimate interest in promoting and growing our business, understanding our customers and improving our services (Art. 6(1)(f)). You may withdraw your marketing consent at any time, or object to marketing carried out on the basis of our legitimate interests (see section 11).
Compliance with legal obligations and legal claims
Purposes: to meet legal obligations under applicable law (for example tax, accounting, consumer-protection and data-protection law); to establish, exercise or defend legal claims (for example in disputes, fraud investigations or regulatory enquiries); to respond to requests from public authorities, regulators, law enforcement or courts where we are legally required or permitted to. Legal basis: compliance with legal obligations (Art. 6(1)(c)); our legitimate interest in protecting our rights, defending claims and cooperating with authorities where necessary (Art. 6(1)(f)).
Who we share your personal data with
We share your data only where it is necessary and lawful. We may disclose it to the following categories of recipient, and only to the extent needed for the purposes in this Policy:
- payment service providers that process your payments for us;
- delivery and logistics partners, including DHL and other carriers, to deliver orders and manage returns;
- IT and hosting providers, including those supplying website hosting, email, cloud storage and maintenance;
- analytics and marketing providers, where we use such services in line with the law;
- customer support tools (such as webchat or ticketing systems), where used;
- fraud-prevention, risk-management and security providers, where applicable;
- professional advisers such as lawyers, accountants or auditors, where needed for advice or to protect our legal position;
- public authorities, regulators, law enforcement or courts, where the law requires it or it is necessary to protect our rights or those of others.
In a corporate transaction such as a merger, acquisition, restructuring, sale of assets or business transfer, we may pass your personal data to the prospective or actual buyer, investor or successor entity, subject to suitable confidentiality and data-protection commitments. In that event we will make sure any recipient continues to handle your data in accordance with this Privacy Policy and applicable data-protection law.
International transfers
Your personal data may be sent outside the UK. Some of the third parties we rely on (certain carriers, IT, analytics or payment providers) may process it abroad. Where that happens, we make sure appropriate safeguards are in place, such as:
- an adequacy decision by the UK Government covering the destination country; or
- standard contractual clauses or other suitable contractual safeguards approved under the UK GDPR.
Contact us if you would like more detail on the specific safeguards we use for international transfers.
How long we keep your personal data
We retain your data only for as long as is reasonably necessary for the purposes in this Policy, including to satisfy legal, regulatory, tax, accounting or reporting requirements. Subject to applicable legal duties:
- technical and usage data of Website visitors is generally held for up to 12 months from your last interaction with the Website, unless security or legal reasons require longer;
- order and transaction data, along with the related identity and contact data, is normally kept for the statutory retention period under tax and accounting law (usually up to 6 years from the end of the relevant financial year, or longer where needed for legal claims);
- records of customer-support communications are usually retained for as long as needed to resolve your matter, plus a reasonable period afterwards (up to 3 years, depending on the issue);
- marketing data (your contact details and marketing preferences) is held until you withdraw consent or object to further marketing, or for a shorter period if the law requires, and in any case no longer than 3 years from your last interaction with us.
Once the relevant period ends, we securely delete or anonymise your data. In some cases we may keep certain information in aggregated or anonymised form that no longer identifies you.
Security of your personal data
We apply appropriate technical and organisational measures to guard your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage, taking into account the nature of the data and the risks involved. These may include:
- access controls, authentication and role-based permissions;
- encryption or pseudonymisation of data where appropriate;
- secure hosting environments and regular security updates;
- internal policies and staff training on data protection and information security;
- procedures to detect, assess and respond to data breaches.
No system, however, is wholly secure. We cannot guarantee absolute security, but we work to keep risks low and to react quickly to any incident in line with our legal duties.
Your rights as a data subject
The UK GDPR gives you a number of rights over your personal data, subject to certain conditions and limits:
- Right to be informed – to receive clear, transparent information about how we use your data (which this Policy aims to provide).
- Right of access – to confirm whether we process your data and, if so, to receive a copy along with certain related information.
- Right to rectification – to have inaccurate or incomplete data corrected or completed.
- Right to erasure – to ask us to delete your data in certain circumstances (for example where it is no longer needed, or where you withdraw consent and there is no other basis).
- Right to restriction of processing – to ask us to limit processing in certain situations (for instance while we check the data's accuracy or consider an objection).
- Right to data portability – to receive the data you gave us in a structured, commonly used, machine-readable format and to transmit it to another controller where this is technically feasible and the processing is based on consent or contract and carried out by automated means.
- Right to object – to object, on grounds relating to your situation, to processing based on our legitimate interests (including related profiling). We will stop unless we can show compelling legitimate grounds overriding your interests, rights and freedoms, or the processing is for establishing, exercising or defending legal claims.
- Right to object to direct marketing – you have an absolute right to object at any time to your data being used for direct marketing, including profiling connected with it. If you object, we will stop.
- Rights regarding automated decision-making, including profiling – where relevant, to obtain meaningful information about the logic of automated decisions producing legal or similarly significant effects, to request human involvement, to give your view and to challenge the decision.
To exercise any right, contact us at info@venturleyltd.com. We may need to confirm your identity before we respond.
You also have the right to complain to a supervisory authority. In the UK this is the Information Commissioner's Office (ICO); details on contacting it are at ico.org.uk. We would, though, welcome the chance to address your concerns first, so please come to us before approaching the ICO if you can.
Automated decision-making and profiling
We do not normally make automated decisions with legal or similarly significant effects. We may use some automated tools (for example fraud-detection tools) to monitor transactions for possible fraud or abuse, taking account of factors such as technical information, transaction patterns or chargeback history. As at the date of this Policy, however, we do not take decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects on you within the meaning of the UK GDPR. If we adopt such decision-making in future, we will update this Policy and give you the information the law requires, including about your rights.
Children's data
Our Website and products are not aimed at children under 18, and we do not knowingly collect their personal data. If we discover that we have collected data from a child under 18, we will take steps to delete it as soon as reasonably practicable. If you believe a child has given us personal data, please contact us using the details in section 2.
Changes to this Privacy Policy
We may revise this Policy from time to time – for instance to reflect changes in our processing, the law or official guidance. The current version is always on our Website, and the “Last updated” date at the top shows when it was last revised. Continuing to use the Website after changes are posted constitutes acceptance of the updated Policy. Where we make material changes that significantly affect your rights, we will take reasonable steps to notify you beforehand (for example by email or a prominent notice on the Website).