Privacy Policy

At Brightex LED, we are committed to respecting and protecting your privacy. This policy explains how we collect, use, store and protect your personal data when you visit our website or make a purchase with us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Brightex LED is the data controller responsible for your personal data. If you have any questions about how we handle your data, please contact us using the details at the bottom of this page.

2. Information We Collect

• Personal information: Name, shipping/billing address, email address, phone number
• Payment details: Payment method type (card, PayPal, bank transfer). Card numbers are processed directly by our PCI DSS-compliant payment processors — we never see or store full card numbers
• Order details: Products purchased, transaction amounts, payment status, order history
• Account information: Username and password if you create an account
• Website usage data: IP address, device and browser type, pages visited, time on site, referring URLs, and cookie data collected for analytics, preferences and security purposes
• Communications: Any messages or enquiries you send us by email or contact form

3. Our Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so:

• Contract performance — processing your orders, managing your account, and delivering your products
• Legal obligation — complying with tax, accounting and regulatory requirements
• Legitimate interests — fraud prevention, website security, improving our services
• Consent — sending marketing emails or newsletters (you can withdraw consent at any time)

4. How We Use Your Data

• To process and fulfil your orders and arrange delivery
• To send order confirmations, payment receipts and shipping updates
• To manage returns, refunds and customer support queries
• To create and manage your customer account (if applicable)
• To improve our website, products and customer experience
• To detect and prevent fraud or abuse
• With your consent, to send promotional offers, product updates or newsletters — you may unsubscribe at any time via the link in any email
• To comply with legal and regulatory obligations

5. Who We Share Your Data With

We do not sell your personal data. We only share it with trusted third parties where necessary:

• Payment processors (e.g. Stripe, PayPal, Revolut, bank transfer providers) — for secure payment processing
• Shipping and courier partners — to deliver your order (your name and delivery address are shared)
• IT and hosting providers — who host and maintain our website under strict data processing agreements
• Analytics services (e.g. Google Analytics) — using anonymised or aggregated data to help us understand website usage
• Legal and regulatory authorities — when we are required to do so by law

All third parties we work with are contractually required to handle your data securely and in accordance with UK GDPR.

6. How We Protect Your Data

• All pages on our website use SSL/TLS encryption (https) to protect data in transit
• Full card numbers are never stored on our servers — all payment data is handled by PCI DSS-compliant processors
• Access to customer data is restricted to authorised personnel only, on a need-to-know basis
• We regularly review our security practices to protect against unauthorised access, loss or disclosure

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and regulatory requirements. Typically:

• Order and transaction records are kept for 7 years in line with HMRC requirements
• Account data is retained while your account is active, or up to 2 years after your last interaction
• Marketing consent records are kept for as long as you remain subscribed, plus a reasonable period afterwards

8. Cookies

We use cookies and similar tracking technologies to improve your browsing experience, remember your preferences, analyse site traffic and support our marketing. Cookies we use include:

• Essential cookies — required for the website and shopping cart to function
• Analytics cookies — to understand how visitors use our site (e.g. Google Analytics)
• Marketing cookies — to show relevant ads and track campaign performance (with your consent)

You can manage or disable cookies at any time through your browser settings. Note that disabling essential cookies may affect website functionality.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies before providing any personal information.

10. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete information
• Erasure — request deletion of your data where it is no longer necessary for us to keep it
• Restriction — ask us to limit how we use your data in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests or for direct marketing
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us using the details below. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.

11. Contact Us

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be posted on this page with an updated date. We encourage you to review this page periodically.

Last updated: 23 February 2026