Privacy policy

Privacy Policy

Last updated: [22 April 2026]

This Privacy Policy explains how [LEGAL ENTITY NAME] ("Sunpura Energy", "we", "us" or "our") collects, uses, stores, shares and otherwise processes your personal data when you visit or use our website, purchase products from us, contact us, create an account, subscribe to our marketing communications, or otherwise interact with us (together, the "Services").

Our online store is hosted on Shopify, which provides the e-commerce platform that enables us to sell our products and services to you. This Privacy Policy should be read together with any other privacy notices or just-in-time notices that we provide when we collect or process your personal data.

Please read this Privacy Policy carefully. By using our Services, you acknowledge that you have read this Privacy Policy.

1. Who we are

Data Controller: [FULL LEGAL ENTITY NAME]
Trading name: Sunpura Energy
Registered address: [REGISTERED ADDRESS]
Email: [PRIVACY EMAIL ADDRESS]
Phone: [PHONE NUMBER]

If you are located in the United Kingdom and we are required to appoint a UK representative under applicable data protection law, our UK representative is:
UK Representative: [NAME OF UK REPRESENTATIVE, IF APPLICABLE]
Address: [UK REPRESENTATIVE ADDRESS]
Email: [UK REPRESENTATIVE EMAIL]

If we have appointed a Data Protection Officer ("DPO"), you may contact the DPO at: [DPO CONTACT DETAILS, IF APPLICABLE].

2. What personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity and contact data, such as your name, billing address, delivery address, email address and telephone number.
  • Order and transaction data, such as the products you view, add to cart, purchase, return, exchange or cancel, as well as order history, invoices and payment status.
  • Account data, such as your login details, account preferences, saved items and account settings.
  • Payment data, such as payment method details and transaction confirmations. Payment card data is generally processed by our payment service providers rather than stored directly by us, except where necessary for payment administration, fraud prevention or recordkeeping.
  • Communications data, such as the information you provide when you contact customer support, send us emails, complete forms, or otherwise communicate with us.
  • Technical and device data, such as your IP address, browser type, device type, operating system, referring URLs, time zone and network information.
  • Usage data, such as information about how you browse and interact with our website, products, Services, emails and advertisements.
  • Marketing preference data, such as your subscription status, consent choices and communication preferences.

3. How we collect personal data

We collect personal data from the following sources:

  • Directly from you, when you place an order, create an account, subscribe to emails, fill in forms, participate in promotions, or contact us.
  • Automatically, through cookies, pixels, tags, log files and similar technologies when you browse or use our Services.
  • From service providers and partners, including Shopify, payment processors, fulfilment and delivery partners, analytics providers, advertising partners and customer support tools.
  • From other third parties, where permitted by law, such as fraud prevention providers or public sources used for compliance and verification purposes.

4. How we use your personal data and our lawful bases

Under UK data protection law, we must have a lawful basis for processing your personal data. Depending on the circumstances, we rely on one or more of the following lawful bases: performance of a contract, compliance with a legal obligation, our legitimate interests, and your consent where required.

Purpose Examples Lawful basis
Provide our Services and fulfil orders Processing payments, confirming orders, arranging shipping, managing returns, exchanges and warranty requests Performance of a contract
Manage accounts and provide customer support Creating and maintaining your account, responding to enquiries, providing after-sales support Performance of a contract; legitimate interests
Operate, improve and secure our website and Services Troubleshooting, analytics, diagnostics, service optimisation, fraud prevention, network and information security Legitimate interests; consent where required for non-essential cookies or similar technologies
Marketing and promotions Sending newsletters, promotional emails or SMS, showing relevant advertising, measuring campaign effectiveness Consent where required by law; otherwise legitimate interests where permitted
Compliance and legal enforcement Tax, accounting, recordkeeping, regulatory compliance, responding to lawful requests, establishing or defending legal claims Legal obligation; legitimate interests
Prevent fraud and misuse Monitoring suspicious activity, verifying transactions, protecting our business, customers and platform Legitimate interests; legal obligation where applicable

Where we rely on legitimate interests, these interests generally include operating and improving our business, maintaining the security of our website and Services, preventing fraud, understanding customer demand, improving user experience, and marketing our products in a proportionate manner where permitted by law.

5. Cookies and similar technologies

We and our partners use cookies and similar technologies, such as pixels, tags, SDKs and local storage, to operate our website, remember your preferences, keep your shopping cart active, understand how our Services are used, measure performance, and support advertising and marketing activities.

Some cookies are strictly necessary for the operation of the website. Other cookies, including analytics, functionality, personalisation and advertising cookies, are used only where permitted and, where required by law, based on your consent.

You can manage your cookie preferences through our cookie banner or cookie settings tool. You can also control certain cookies through your browser settings. Please note that disabling some cookies may affect website functionality.

6. Direct marketing

Where permitted by law, we may send you marketing communications by email, SMS or other electronic means about our products, offers and updates. Where UK law requires us to do so, we will only send such communications with your consent or where another valid rule applies, such as the soft opt-in for existing customer relationships.

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails, following the opt-out instructions in the message, adjusting your account preferences, or contacting us using the details below.

7. How we share personal data

We may share your personal data with the following categories of recipients:

  • Shopify, as the platform provider hosting and supporting our online store.
  • Payment processors and financial service providers, to process transactions and help prevent fraud.
  • Logistics, shipping and fulfilment partners, to deliver orders and manage returns or replacements.
  • IT, hosting, analytics, communications and customer support providers, who help us operate the website and Services.
  • Marketing and advertising partners, where permitted, to help us measure campaigns and show relevant advertising.
  • Professional advisers, such as lawyers, accountants, auditors and insurers.
  • Regulators, courts, law enforcement agencies and other authorities, where required by law or necessary to protect rights, property or safety.
  • Affiliates and group companies, where relevant for internal administration, support, reporting or business operations.
  • Successors or transaction parties, in connection with a merger, acquisition, restructuring, financing, asset sale or insolvency event.

8. Shopify and third-party platforms

Our store is hosted on Shopify. Shopify may process personal data to provide and improve the e-commerce infrastructure, payment support, fraud prevention, checkout functionality, hosting and related services.

We may also use third-party tools and services for payments, analytics, advertising, customer communications and order management. These third parties may process personal data in accordance with their own privacy notices and contractual arrangements with us.

9. International transfers

Your personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom. This can happen, for example, when we use service providers, cloud infrastructure, support tools or platform providers that operate internationally.

Where required, we take appropriate steps to ensure that personal data transferred outside the UK is protected by appropriate safeguards, such as adequacy regulations, the International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms recognised under applicable data protection law.

You may contact us if you would like more information about the safeguards used for international transfers.

10. Data retention

We keep personal data only for as long as is reasonably necessary for the purposes described in this Privacy Policy, including to provide our Services, maintain business and tax records, resolve disputes, enforce agreements, prevent fraud, and comply with legal, accounting and regulatory obligations.

Retention periods may vary depending on the type of data and the reason it was collected. Where it is not possible to specify exact periods in advance, we determine retention by considering the nature of the data, the purpose of processing, legal and operational requirements, and the need to protect our legal interests.

11. Your rights

If you are in the United Kingdom, you may have the following rights under applicable data protection law, subject to legal limitations and exceptions:

  • Right of access – to request access to the personal data we hold about you.
  • Right to rectification – to ask us to correct inaccurate or incomplete personal data.
  • Right to erasure – to request deletion of your personal data in certain circumstances.
  • Right to restriction – to ask us to restrict processing in certain circumstances.
  • Right to data portability – to receive certain personal data in a structured, commonly used and machine-readable format and, where feasible, have it transferred to another controller.
  • Right to object – to object to certain processing, including processing based on legitimate interests and direct marketing.
  • Right to withdraw consent – where we rely on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal.
  • Rights relating to automated decision-making – if we carry out solely automated decision-making with legal or similarly significant effects, you may have additional rights. We do not currently carry out such decision-making unless specifically stated at the point of collection.

You may exercise your rights by contacting us using the details in the Contact section below. We may need to verify your identity before processing your request. In some cases, we may refuse or limit a request where permitted by law.

12. Complaints

If you have concerns about how we process your personal data, please contact us first so that we can try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office ("ICO").

13. Children’s data

Our Services are not directed to children, and we do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us and we will take reasonable steps to delete the information where appropriate.

14. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

15. Third-party websites and services

Our website may contain links to third-party websites, plug-ins or services. If you follow a link to any third-party site, please note that those websites have their own privacy notices and practices. We are not responsible for the privacy, security or content of such third parties.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, legal requirements, technologies or data processing practices. When we do so, we will post the updated version on this page and update the "Last updated" date above.

17. Contact us

If you have any questions about this Privacy Policy or would like to exercise your rights, please contact us:

[LEGAL ENTITY NAME]
Email: [PRIVACY EMAIL ADDRESS]
Phone: [PHONE NUMBER]
Address: [POSTAL ADDRESS]