BURECHO

Privacy Policy

Last updated: [add date]

BURECHO ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect when you visit our website or place an order, how we use it, who we share it with, and the rights you have over your data.

This template is provided as a starting point. Review and adapt it with qualified legal counsel for the laws of the jurisdictions you operate in (e.g. UK GDPR, EU GDPR, CCPA).

1. Who We Are

The data controller responsible for your personal data is BURECHO, contactable at [your contact email] / [your registered address]. If you have any questions about this policy or how we handle your data, please get in touch.

2. Information We Collect

We collect the following categories of personal data:

  • Identity data: first name, last name, username, date of birth (where applicable).
  • Contact data: billing address, delivery address, email address, telephone number.
  • Financial data: payment card details (processed by our payment provider — we do not store full card numbers on our servers).
  • Transaction data: details of products you have purchased from us and order history.
  • Technical data: IP address, browser type and version, time zone, operating system, device identifiers.
  • Usage data: information about how you use our website, including pages viewed and time spent.
  • Marketing data: your preferences in receiving marketing from us.

3. How We Use Your Data

We process your personal data only where we have a lawful basis to do so. Specifically:

  • To fulfil your order (contract): processing payments, arranging delivery, providing customer support, and handling returns.
  • To manage your account (contract): allowing you to log in, view your orders, save addresses, and manage preferences.
  • To comply with our legal obligations (legal obligation): retaining tax records, responding to lawful requests from authorities.
  • To improve our service (legitimate interests): analysing how customers use our site to make it better, preventing fraud, and securing our systems.
  • To send marketing communications (consent): only where you have opted in. You can withdraw consent at any time.

4. Who We Share Your Data With

We share your data only with carefully selected third parties who help us run our business. These include:

  • Payment processors (e.g. our card payment provider) to take payment securely.
  • Shipping and delivery carriers to deliver your order.
  • Email and notification providers to send transactional messages.
  • Analytics and infrastructure providers to host and improve our website.
  • Government bodies or regulators where required by law.

We do not sell your personal data to third parties.

5. International Transfers

Some of our service providers are based outside your country. Where personal data is transferred outside the UK or EEA, we ensure adequate safeguards are in place — typically Standard Contractual Clauses approved by the relevant supervisory authority.

6. Cookies

Our website uses cookies and similar technologies to remember your preferences, keep you logged in, analyse traffic, and (with your consent) personalise marketing. See our Cookie Policy for full details and to manage your preferences.

7. Data Retention

We keep your personal data only for as long as we need it for the purposes set out in this policy. Typical retention periods:

  • Order and transaction records: 6–7 years (to meet tax and accounting obligations).
  • Customer accounts: while the account is active, plus 12 months after closure.
  • Marketing preferences: until you unsubscribe.

8. Your Rights

Under data protection law, you have the right to:

  • Request a copy of the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to delete your data ("right to be forgotten") in certain circumstances.
  • Restrict or object to our processing of your data.
  • Receive your data in a portable format and transfer it to another controller.
  • Withdraw any consent you've given, at any time.
  • Complain to a supervisory authority (in the UK, the Information Commissioner's Office).

To exercise any of these rights, contact us at [your contact email]. We aim to respond within one month.

9. Security

We use industry-standard technical and organisational measures to protect your data, including encryption in transit (HTTPS), restricted access controls, and regular security reviews. No system is perfectly secure, but we take this seriously.

10. Children

BURECHO is not directed at children. We do not knowingly collect personal data from anyone under [16]. If you believe a child has provided us with personal data, please contact us so we can remove it.

11. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision. Material changes will be highlighted on this page and, where appropriate, communicated to you directly.

12. Contact Us

For any privacy-related questions or to exercise your rights, contact us at [your contact email] or write to us at [your registered address].