• Your shopping cart is empty!

Sale Icon
Review Icon
Free Delivery Icon

Privacy Policy

1. Introduction

At Tan Sales (London) Ltd (trading as SparksDirect - “we”, “us”, “our”, ), we respect your privacy and are committed to protecting your personal data. This Privacy Notice explains how we collect, use, share, store and protect your personal information, and your rights in relation to that data, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Registered Address: 659-661 Holloway Road, Archway, London, N19 5SE, United Kingdom.
Company Number: 1666847.
VAT Registration Number: GB370911853.
If you have any questions or want to exercise your rights, our Data Protection Officer (or equivalent contact) is:
Email: office@sparksdirect.co.uk
Postal Address: 659-661 Holloway Road, Archway, London, N19 5SE, United Kingdom

2. What personal data do we collect

We collect and process different kinds of personal data about you. This may include:
  • Identity Data - Name; username; title
  • Contact Data - Billing address, delivery address, email address, and telephone numbers
  • Financial Data - Payment card details, bank account or payment provider information
  • Transaction Data - Details of purchases you make, orders placed, products you have bought, return/refund history
  • Technical / Usage Data - IP address; browser type and version; time zone setting; browser plug-in types; operating system; device identifiers; information about how you use our website, products and services
  • Profile Data - Preferences, feedback, reviews, marketing and communication preferences
  • Marketing & Communications Data - Your choices regarding receiving marketing from us, information on your communications with us

3. How we collect your personal data

We obtain personal data:
  • Directly from you when you register an account, place an order, subscribe to a newsletter, contact us or provide feedback.
  • Automatically as you use our website (cookies, log files, analytics).
  • From third parties, for example, payment processors, or delivery or logistics partners.

4. Purposes & lawful basis for processing

We use your personal data only when we have a valid, lawful basis. Below is a summary of what we do with your data, and on what basis:
  • Purpose: To perform or fulfil your order.
    What we do: Process payments; arrange delivery; provide customer support; handle returns and refunds.
    Lawful basis: Contractual necessity (i.e. to perform our contract with you)
  • Purpose: To maintain your account.
    What we do: Enable you to register, log in, access order history etc.
    Lawful basis: Contractual necessity / legitimate interest
  • Purpose: To comply with legal obligations.
    What we do: Keeping records for tax, audit; complying with consumer rights; anti-fraud; law enforcement requests.
    Lawful basis: Legal obligation
  • Purpose: To improve our website, products & services.
    What we do: Analytics; testing and development, monitoring website performance.
    Lawful basis: Legitimate interest (we believe such improvements benefit both you and us)
  • Purpose: To send you marketing communications.
    What we do: Newsletters; special offers; product recommendations.
     Lawful basis: this happens only with your consent (except where we have legitimate interest and applicable law allows, e.g. for related products after purchase)
  • Purpose: To provide customer support.
    What we do: Handling enquiries, complaints, feedback.
    Lawful basis: Contractual necessity / legitimate interest

5. Cookies, tracking & profiling

We and our trusted third-party service providers use cookies, web beacons and similar technologies to collect technical and usage data, and sometimes for profiling or behavioural marketing. Before non-essential cookies are placed, we obtain your consent. You can manage or withdraw consent to cookies at any time via our cookie banner or your browser settings. 

6. Who we share personal data with

We may share your personal data with:
  • Service providers who help us with payment processing, delivery/logistics, fraud prevention, IT hosting, website maintenance, customer support, marketing.
  • Analytics providers or data aggregators, for improving our services and website performance.
  • Professional advisers, including lawyers, auditors & accountants.
  • Regulators, law enforcement or other authorities, where required by law or to protect our or others’ rights.
If we transfer data outside the UK or the European Economic Area (EEA), we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses, adequacy decisions, or binding corporate rules).

7. Data retention

We only keep your personal data for as long as is necessary for the purpose(s) for which we collected it. How long that is depends on what data it is, and what we need it for. For example:
  • Type of Data: Order, billing, delivery, tax and accounting records.
    Retention period: For a minimum of \[6 or 7] years (to comply with UK tax / accounting regulations)
  • Type of Data: Account data (if you have an account).
    Retention period: As long as the account is active, and for up to \[X] years after last interaction, unless you ask us to delete it sooner
  • Type of Data: Marketing & communications preferences.
    Retention period: Until you withdraw consent or opt-out
  • Type of Data: Usage / analytics data.
    Retention period: For a limited period, typically up to 1-2 years, unless aggregated in anonymous form                                  |
After the retention period, your data will be securely deleted or anonymised.

8. Security of your data

We maintain appropriate technical and organisational measures to safeguard your personal data, including:
  • Encryption in transit (HTTPS/TLS) and at rest (where applicable).
  • Access controls and restrictions; only staff and contractors who need access to data will have it; regular staff training.
  • Regular security testing and review of our systems.
  • Physical security of facilities and backups.
If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) where required by law, within prescribed time limits.

9. Your rights

Under the UK GDPR, you have the following rights:
  1.  Right of access — you can ask for a copy of the personal data we hold about you.
  2. Right to rectification — you can ask us to correct inaccurate or incomplete data.
  3. Right to erasure (“right to be forgotten”) — you can request deletion of your personal data in some cases.
  4. Right to restrict processing — you can request that we stop or limit how we use your data.
  5. Right to data portability — you can receive your personal data in a structured, commonly used, machine-readable format, or ask us to transfer it to another controller.
  6. Right to object — in certain circumstances, especially for direct marketing or profiling.
  7. Right to withdraw consent at any time, where we are relying on consent. This will not affect processing lawfully done before the withdrawal.
To exercise any of these rights, or to contact us about your data, please contact our Data Protection Officer at:
Email: office@sparksdirect.co.uk
Postal Address: 659-661 Holloway Road, Archway, London, N19 5SE, United Kingdom.
We will respond to your request promptly and in any event within one month of receipt. This may be extended by a further two months in complex cases, but we will inform you of any extension and the reasons for it within one month.

10. Automated decision-making & profiling

We do not (choose as appropriate) engage in automated decision-making or profiling of individuals that produces legal effects concerning you or significantly affects you.
If we do, you have the right to request human intervention, express your viewpoint, and challenge the decision. We will provide meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing.

11. International transfers

Where your personal data is transferred outside the UK or European Economic Area (EEA), we ensure that it is protected by appropriate safeguards, such as:
  • Adequacy decisions,
  • Standard Contractual Clauses, or
  • Binding Corporate Rules.
We will inform you which transfers take place and what safeguards are used.

12. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. When we do, we will post the revised version with a “Last updated” date. If changes are significant, we may provide additional notice (e.g. via email or on our website).

13. Contacting the Information Commissioner’s Office

If you believe we have breached your data protection rights, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).