Last updated: 25/09/2025

1. Who We Are

RPM Power Limited (“we”, “our”, “us”) operates in compliance with the UK General Data Protection Regulation and the Data Protection Act 2018. We are the data controller for the personal data we collect and process in connection with our business activities.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

• Customer information (name, contact details, shipping/billing address, order history).

• Account details (login credentials, preferences).

• Payment details (processed securely by third-party payment processors; we do not store full card data).

• Business contact data for suppliers, partners, and contractors.

• Technical data (IP address, browser type, device identifiers) to operate and secure our services.

We only collect data directly from individuals (e.g. when creating an account, placing an order, or contacting us) or from trusted partners who have confirmed their lawful basis for sharing it.

3. Where & How We Store Data

All primary systems and databases are hosted on our own servers, owned and managed by us and located in a secure colocation facility at CIX (Cork Internet eXchange), Cork, Ireland. We control physical access to our servers and apply industry-standard security measures, including firewalls, encryption, and regular backups.

4. Who We Share Data With

We share personal data only where necessary and lawful, including:

• Payment providers (to process transactions securely).

• Logistics/shipping partners (to deliver orders).

• Professional advisors and banks (for regulatory, accounting, and compliance purposes).

• IT service providers (e.g. backup, monitoring, security support) under written data processing agreements.

We do not sell personal data to third parties.

5. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

• Contract – to fulfil orders or provide requested services.

• Legitimate interests – e.g. improving our website, preventing fraud.

• Legal obligation – to comply with accounting, tax, or regulatory requirements.

• Consent – where explicitly required (e.g. marketing emails).

6. Data Retention Schedule

We retain personal data only as long as necessary for the purposes it was collected and to meet legal, tax, and accounting obligations. In general:

• Customer account & order data: retained for 6 years after the last transaction (aligning with UK tax/audit rules).

• Marketing lists: until you withdraw consent or unsubscribe.

• Supplier/partner records: kept while the relationship is active + 6 years.

• Technical logs & backups: typically retained for 12–24 months, then securely deleted or anonymised.

When data is no longer needed, we delete it or anonymise it securely.

7. Your Rights

You have the right to:

• Access, rectify, or erase your personal data.

• Restrict or object to our processing.

• Port your data to another provider.

• Withdraw consent where processing is based on consent.

• Lodge a complaint with the Information Commissioner’s Office (ICO).

Requests can be made by contacting: info@rpmpower.com

8. Contact

If you have questions about how we handle your personal data or wish to exercise your rights, please contact:

info@rpmpower.com