Privacy policy

Privacy Policy

How we handle your data.

We only collect what we need. We keep it safe. We never sell it. This page explains exactly what that looks like in practice.

On this page
  1. Who we are
  2. What data we collect
  3. How we use your data
  4. Our legal basis for processing
  5. Who we share your data with
  6. Cookies
  7. How long we keep your data
  8. Your rights under UK GDPR
  9. How we keep your data safe
  10. International transfers
  11. Changes to this policy
  12. How to contact us

01. Who we are.

For the purposes of UK GDPR, the data controller is:

Mit Kit — Accessories FZCO (trading as Mit Kit)
Dubai Silicon Oasis, Dubai, United Arab Emirates
Company registration number: 68393
Email: info@mitkit.com

Throughout this policy, "we", "us" and "our" refer to the company above. "You" and "your" refer to the person whose personal data we process.

02. What data we collect.

We only collect personal data that we genuinely need to run our business and serve you well. This includes:

Identity & contact data Name, delivery address, billing address, email address, phone number (if you provide one).
Order data Details of the products you buy, order history, delivery preferences.
Payment data We do not store card or bank details on our systems. All payments are processed by our payment providers (Shopify Payments, Stripe, PayPal, or similar). We receive only a transaction confirmation and the last four digits of the card used.
Marketing preferences Whether you've opted in to our newsletter, SMS, or other marketing, and the preferences you've set.
Technical & usage data IP address, browser type, device information, the pages you visit on our website, and how you got there. Collected via cookies and similar technologies.
Communications data Emails, messages, and enquiries you send us, along with our responses.

We do not knowingly collect personal data from anyone under the age of 18. Our products are intended for adult customers only. If you believe a minor has provided us with their personal data, please contact us and we will delete it.

03. How we use your data.

We use your personal data for the following specific purposes:

  • To process and deliver your order, including arranging payment and shipping
  • To communicate with you about your order — order confirmations, dispatch notifications, delivery updates
  • To manage returns, refunds, and customer service enquiries
  • To send you marketing communications (only if you've opted in), such as newsletters, new product announcements, and offers
  • To improve our website, products, and customer experience based on how our site is used
  • To detect and prevent fraud, and to meet our legal obligations under UK tax, consumer, and accounting law

04. Our legal basis for processing.

Under UK GDPR, we can only process personal data if we have a valid legal reason. Ours are:

Contract To fulfil the order contract you enter into when you buy from us — delivery, payment, customer service.
Consent For marketing communications (email, SMS) and for non-essential cookies. You can withdraw consent at any time.
Legitimate interests To improve our website and products, prevent fraud, and communicate with existing customers about similar products — always balanced against your rights.
Legal obligation To meet UK tax, accounting, and consumer protection requirements (for example, keeping order records for 6 years as required by HMRC).

05. Who we share your data with.

We only share your data with carefully selected third parties who help us run our business. Each of them is contractually bound to protect your data and use it only for the purposes we instruct. We share data with:

  • Our e-commerce platform — Shopify, which hosts our online store
  • Payment providers — Shopify Payments, Stripe, PayPal, or equivalent, to process your payment securely
  • Shipping and fulfilment partners — Royal Mail, DPD, or similar, to deliver your order
  • Email marketing platforms — Klaviyo, Mailchimp, or similar, to send you communications you've subscribed to
  • Analytics providers — Google Analytics, TikTok Pixel, and similar, to understand website usage (subject to your cookie consent)
  • Customer service tools — Gorgias, Zendesk, or similar, to help us respond to your enquiries
  • Professional advisors — accountants, lawyers, and auditors, where legally required
  • Law enforcement or regulators — if required by law, court order, or a legitimate legal request

We never sell your personal data to third parties. We do not share your data with advertisers for their own marketing purposes.

06. Cookies.

Our website uses cookies and similar technologies to make the site work, to remember your preferences, and to understand how visitors use the site. Some cookies are essential; others are optional and require your consent.

For a detailed explanation of which cookies we use and how to manage them, see our Cookie Policy. You can adjust your cookie preferences at any time using the cookie banner at the bottom of the site.

07. How long we keep your data.

We keep your personal data only as long as we need it for the purposes we collected it for — or as required by law.

Order & transaction records 6 years from the date of your last order (HMRC requirement)
Account data For as long as your account is active, plus 2 years if inactive
Marketing data Until you unsubscribe, or after 3 years of inactivity — whichever is sooner
Customer service communications 3 years from the date of the conversation
Website analytics (cookies) Up to 26 months

08. Your rights under UK GDPR.

You have strong legal rights over the data we hold about you. You can exercise any of these rights by emailing us at info@mitkit.com. We'll respond within one month.

  • Right to access: ask for a copy of the personal data we hold about you
  • Right to rectification: ask us to correct data that's inaccurate or incomplete
  • Right to erasure ("right to be forgotten"): ask us to delete your data, where we have no ongoing legal reason to keep it
  • Right to restrict processing: ask us to pause how we use your data while a concern is resolved
  • Right to data portability: ask us to send you, or another provider, your data in a commonly used electronic format
  • Right to object: object to our use of your data for marketing, or for anything based on legitimate interests
  • Right to withdraw consent: withdraw consent at any time, for anything we rely on consent for (such as marketing emails)
  • Right to lodge a complaint: if you're not satisfied with how we've handled your data, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk
Quick access

If you want to exercise any right above — including simply finding out what data we hold about you — just email info@mitkit.com. We'll respond within 30 days.

09. How we keep your data safe.

We take data security seriously. The specific measures we use include:

  • HTTPS encryption across every page of our website
  • Secure payment processing through PCI-DSS compliant providers (we never handle your card details directly)
  • Access controls, so only authorised team members can access customer data
  • Regular security reviews of our platform and third-party integrations
  • Encrypted passwords and two-factor authentication on admin accounts

If a data breach occurs that puts your rights or freedoms at risk, we will notify the UK Information Commissioner's Office within 72 hours of becoming aware of it, and we will inform you directly if you're affected.

10. International transfers.

Some of our service providers (for example, email marketing platforms or analytics tools) may process data outside the UK, including in the United States and the European Economic Area.

Where we transfer your data outside the UK, we ensure an equivalent level of protection by using one of the following safeguards:

  • Transfers to countries that the UK government has formally recognised as providing adequate protection (for example, the EU under the UK Adequacy Decision)
  • The UK's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, for transfers to other countries
  • Certifications such as the UK-US Data Bridge, where the receiving provider is certified

11. Changes to this policy.

We may update this Privacy Policy from time to time, to reflect changes in our practices or in UK data protection law. The "last updated" date at the bottom of this page will tell you when we last made changes. If the changes are significant, we'll also let existing customers know by email.

12. How to contact us.

If you have any questions about this policy, about how we handle your data, or if you want to exercise any of the rights listed above — please get in touch.

Email: info@mitkit.com
Response time: Within 30 days (usually much faster)

Want to know more about our cookies? Read our Cookie Policy →
Last updated: April 2026