GDPR - Personal data & retention

Last updated: 28/10/2025

RPM Power Privacy Policy (UK GDPR Compliant)

1. Who We Are

RPM Power Limited (“we”, “our”, “us”) is the data controller responsible for your personal data. We operate in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: RPM Power Limited
Registered Office:

71-75 Shelton Street
Covent Garden
London
WC2H 9JQ
UNITED KINGDOM
Email: info@rpmpower.com
Phone: 050423969

If you have any questions or concerns about your personal data, please contact us at info@rpmpower.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk
Telephone: 0303 123 1113

2. What Personal Data We Collect

We may collect and process the following types of personal data:

  • Customer information: Name, contact details, shipping/billing address, and order history.

  • Account details: Login credentials, preferences, and saved items.

  • Payment details: Processed securely by third-party payment providers. We do not store full card numbers.

  • Business contact data: For suppliers, partners, and contractors.

  • Technical data: IP address, browser type, device identifiers, and analytics information for security and performance purposes.

We collect personal data directly from you (e.g. when placing an order, creating an account, or contacting us) or from trusted partners who confirm their lawful basis for sharing data.

3. Why We Collect and Use Personal Data

We collect and process personal data for the following purposes:

  • To process and fulfil orders and deliver products.

  • To manage customer accounts and provide customer support.

  • To send service updates (e.g. order confirmation, delivery notifications).

  • To send marketing communications (only where consent or legitimate interest applies).

  • To maintain website functionality, security, and performance.

  • To meet legal, tax, and accounting obligations.

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: To perform a contract with you or take steps before entering into one (e.g. to fulfil your order).

  • Legal obligation: To comply with UK laws such as tax, accounting, and consumer protection regulations.

  • Legitimate interests: To improve our services, prevent fraud, and carry out limited direct marketing to existing customers, provided these interests are not overridden by your rights.

  • Consent: Where you have explicitly agreed (e.g. email or SMS marketing).

You have the right to withdraw consent at any time by contacting info@rpmpower.com or using the unsubscribe options provided in our communications.

5. Data Retention

We only keep your personal data for as long as necessary to fulfil the purposes for which it was collected, and to meet legal or accounting requirements.

Typical retention periods include:

  • Customer account and order data: 6 years after your last transaction.

  • Marketing data: Until you withdraw consent or unsubscribe.

  • Supplier and contractor data: Active period of the relationship + 6 years.

  • Technical logs/backups: 12–24 months before deletion or anonymisation.

When data is no longer required, it is securely deleted or anonymised.

6. Data Sharing and International Transfers

We only share data where necessary and lawful. This includes:

  • Payment processors (for secure transaction processing).

  • Delivery and logistics partners (to deliver orders).

  • Professional advisers and banks (for legal and accounting purposes).

  • IT and hosting providers (for data storage and system maintenance).

We do not sell or rent personal data to third parties.

7. Your Rights

Under the UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure (“Right to be Forgotten”): Request deletion of personal data where applicable.

  • Restriction: Request limitation of how your data is used.

  • Data portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interests or direct marketing.

  • Withdraw consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact us at info@rpmpower.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled:
https://www.ico.org.uk/concerns

8. Data Security

We use robust technical and organizational measures to safeguard personal data against loss, misuse, unauthorized access, alteration, or disclosure.
These include:

  • Secure hosting in a colocation facility (CIX, Cork, Ireland).

  • Access control and authentication systems.

  • Encrypted communications and backups.

  • Regular security audits and staff confidentiality agreements.

9. Automated Decision-Making

We do not use automated decision-making or profiling that has a legal or significant effect on individuals. If this changes, we will update this notice and explain the logic and impact of such processing.

10. SMS and Email Marketing

By providing your phone number or email address for marketing, you consent to receive promotional messages and cart reminders from RPM Power.
You can unsubscribe at any time by replying STOP to an SMS or clicking the unsubscribe link in an email.

Consent is not a condition of purchase. Message frequency and rates may vary depending on your provider.

11. Contact Us

If you have any questions, concerns, or wish to exercise your data rights, please contact:
Email: info@rpmpower.com
Postal Address: RPM Sports ltd, Nenagh Road, Thurles, Co.Tipperary, E41 Y512