1.1 This Privacy Policy explains how WeightWorld is an e-commerce brand operated and managed by Comfort Click LTD a company registered in UK under number 5614133, whose
registered office is at unit 8, Sevenoaks Enterprise Centre, Bat & Ball Road, Sevenoaks, Kent TN14 5LJ (‘Company’) together, with its subsidiaries and affiliates operating in India (“Group
entities”), collects, uses, discloses, retains, and protects personal data of customers who are using this website.

1.2 Comfort Click Ltd acts as the “data controller” for the purposes of the UK General Data
Protection Regulation (UK GDPR) and EU GDPR in relation to your personal data collected
through the website and associated platforms. And our appointed Data Protection Officer (DPO)
oversees our compliance with applicable data protection laws, and the contact details of the DPO
is shared in article 15 of the policy.

1.3 Comfort Click LTD is headquartered in the United Kingdom. Accordingly, personal data
collected via cookies, web forms, or other means may be transferred and processed outside the
European Economic Area (EEA), including in the UK and India, where our group companies or
service providers may be located. We ensure that any such transfers are conducted in
compliance with applicable international data transfer mechanisms, including Standard
Contractual Clauses or UK International Data Transfer Agreements, as required.

1.4 To make it easy for you when reading this policy, 'we' and 'us' refer collectively to
WeightWorld, an e-commerce platform managed and operated by Comfort Click Ltd, its various
brands and all operational subsidiaries, including those incorporated in India, which form part of
our global operations.

1.5 Our services are intended for use by adults only. We do not knowingly collect, use, or
process personal data relating to children under the age of 18 (or the age of majority as defined
by applicable law in your country). If you are under 18, you must not use our services or provide
us with any personal information. If we discover that we have inadvertently collected personal
data from a child, we will take immediate steps to delete such information from our records. If you
believe that a child may have provided us with their personal data, please contact us at:
dpo@comfortclick.co.uk so that we can take appropriate action.

1.6 We are committed to maintaining transparency and accountability in how we manage your
personal data. From time to time, we may update this Privacy Policy to reflect changes in the law,
our data processing practices, or service offerings. We encourage you to periodically review this
page to stay informed about how we protect your privacy.

2.1 In accordance with UK GDPR Article 5(1)(a), 6(1), 13, EU GDPR Articles 5-6, and 13, we
collect only the personal data necessary for legitimate business purposes, lawful processing, and
to enhance user experience and transparency.

This may include:
a) Identity and Contact Information
● Full name, and (gender/ title, date of birth)
● Billing and shipping addresses
● Email address and telephone numbers

b) Transactional and Purchase Data
● products ordered or returned, purchase history, receipts, and delivery records
● Payment method (note: we do not store full payment card numbers or CVV codes)
● Promo code usage and loyalty activity
● Wishlist or saved items

c) Identity Verification Documentation (If required)
● Copies of identification documents (e.g. passport, driver’s license, utility bill) for age
verification, fraud prevention, or legal compliance.
● This may include your date/place of birth, gender, photo ID, and nationality.

d) Customer Interaction and Engagement Data
● Notes or recordings from your calls or messages with customer support
● (Survey responses), feedback, product reviews, or complaints submitted
● Correspondence by email, social media and other messaging platforms.

e) Technical and Usage Data
● IP address, device identifiers, and language settings.
● Referrer URL, pages visited, time spent on each page
● Search terms entered, interaction through marketing emails, and ad impressions.

f) Cookie and Online Tracking Data
● Data captured through cookies, pixels, and similar technologies
● Preferences related to marketing and cookies (via Consent management platform)
● Geo-location data (city or region level, not precise GPS unless explicitly consented

g) Marketing and Preference Data
● Your preferences for receiving marketing communications
● Your response to promotions, competitions, and surveys
● Interest-based profiling (e.g. preferred products or categories based on your browsing/
purchase behaviour.

h) Social Media Data
● Your public social media handle or username if you interact with us via platforms such as
Instagram, TikTok, etc.)
● Any message, mentions, or tagged content you direct us publicly.

2.2 We collect your personal data either directly from you, from your interactions with our website
or customer service team, from third-party platforms, analytics partners and advertising networks.
We will always seek your explicit consent when required by law (e.g. for marketing, cookies, or
sensitive information) and ensure any processing is limited to legitimate, specified purposes only.
We at WeightWorld strongly hold the principles of transparency, security, and accountability in
every stage of your data journey with us.

3.1 The law on data protection lists a number of different reasons for which a company may
obtain, collect and process your personal data, including the UK/EU GDPR Under these laws, we
rely on the following legal bases:

3.2 Consent: In accordance with UK/EU GDPR Article 6 (1) (a), in certain situations, we can
collect and process your data with your explicit consent. For example,

a) When you sign up to receive our email newsletters or marketing communications.
b) When you accept cookies through our websites.
c) When you provide personal data for surveys, competitions, or promotions.

(Amazon Vendor Note: We do not request your consent where Amazon, as an independent data controller, processes personal data via its own platform; such consent is governed by Amazon’s own privacy policies.)

3.3 Contractual Obligations: In accordance with the UK/EU GDPR Article 6 (1) (b) in certain situations, we may need your personal data to comply with our contractual obligations. For instance:

● For processing your orders and fulfilling your product orders.
● For managing shipping, returns and customer service;
● For providing access to your account and processing payments.

If you refuse to provide this information, we may not be able to fulfil our contractual obligations.

3.4 Compliance and Legal Obligations: In accordance with the UK/EU GDPR Article 6 (1) (c),
we process your personal data where we are legally required to do so; for instance, such as:

● Complying with consumer protection, e-commerce, tax, or product safety regulations;
● Responding to court orders or regulatory inquiries;
● Preventing and detecting crime, including fraud or money laundering (e.g., reporting under UK Proceeds of Crime Act 2002 or equivalent EU directives).

3.5 Legitimate Interest: In accordance with the UK/EU GDPR Article 6 (1) (f), we may process your personal data where it is necessary for the Legitimate interests, provided those interests are
not overridden by your fundamental rights and freedoms. These interests include:

● Improving our website functionality and product offerings;
● Performance data analytics to optimise inventory and personalise marketing;
● Sending marketing communications to existing customers under the “soft opt-in” rule (as permitted by PECR Regulation 22);
● Detecting fraudulent activity or misuse of our services;
● Asserting or defending legal claims.

3.6 We balance our interests with your rights through legitimate interest assessments (LIAs) to ensure appropriate safeguards.

3.7 This Privacy Policy shall be governed by the laws of England and Wales. Where applicable,
we also comply with the local law obligations under the EU GDPR (for users located within the
EEA).

4.1 We collect personal data at various points of interaction between you and Weightworld. This
data collection is governed by the principles of lawfulness, fairness, and transparency, as
required under Article 5 (a) of the UK/EU GDPR. The data is collected under appropriate legal
bases as described in the above Clause 3 of this policy, as relevant to the context.

4.2 We collect your personal data in the following scenarios:

● When you visit any of our websites and use your account to buy products and services, or
redeem vouchers/promo codes from Comfort click on the telephone or online.
● When you check out as a guest without creating or logging into an account.
● When you create an account with us or update your account details.
● When you interact with our website, we collect data using cookies and similar tracking
technologies (you can manage your preferences in our Cookie Consent manager, in
accordance with the PECR and GDPR e-privacy directives).
● When you buy a product via the telephone but don't have (or don't choose to use) an
account.
● When you engage with us on social media platforms such as Facebook and/or Instagram,
amongst others.
● When you join our customer loyalty programs.
● When you sign up for our Email Newsletters or sign up to have an account.
● When you contact us by any means with queries, complaints, suggestions, etc.
● When you enter competitions or prize draws, or promotional events.
● When you complete any surveys that we send you.
● When you comment on or review our products or our entire service.
● When you request access to the personal data we hold about you under Articles 15-22 of the
GDPR (data subject rights)
● When your personal data is shared with us by authorised third parties- such as logistic
providers, marketing partners, or identity verification services- under your consent or
contractually permitted basis.
● We collect data from publicly available sources when you have given your consent to share
information or where the information is made public as a matter of law

5.1 We are committed to delivering the best possible customer experience. One way to achieve
that is to get the richest and most accurate picture of you possible by combining the data we hold
about you. This enables us to offer relevant products, promotions, services, and tailored
communications aligned with your interests. And to the members (those who have created
accounts with us), we’ll try to offer you relevant rewards.

5.2 The data privacy laws allow this as part of our legitimate interest in understanding our
customers and providing the highest possible standards of products and services.

5.3 Here’s how we’ll use your personal data and why:

a. To process and fulfil your order: We process your personal data to manage orders placed
on our websites. This includes passing details to third-party logistics providers to deliver goods
and handling post-sale obligations such as refunds, guarantees or warranties.

b. To handle customer service interactions: This includes responding to queries, refund
requests, complaints, or support cases across email, phone, live chat, or social media.
Records may be retained to improve the service quality and resolve future issues.

c. To send basket abandonment or order tracking email: We may remind you when you
leave items in your cart or send you tracking information post-purchase to enhance your shopping experience.

d. To prevent and detect fraud or other illegal activities: This includes verifying login attempts, monitoring IP addresses, securing payment processes, and detecting fraudulent
transactions.

e. To send you direct marketing (with your consent or soft opt-in): We may use your contact details and transaction history to send tailored marketing by email, SMS, telephone, web push, or post. You can opt out any time.

f. To send legally required communications: These include updates to our terms, privacy
notices, service changes, or product recalls. These messages are purely informational, and consent is not required.

g. To personalise your shopping experience and to improve our service system: we use cookies and similar technologies to display personalised content and remember preferences.
And to better understand your preferences, we may combine data collected through your interaction with our business, third parties, and public sources to display the most interesting
content, brand or products. We may also apply segmentation or profiling to help tailor your experience. Additionally, we use anonymised and pseudonymised data to test website features, resolve issues, and enhance performance. To know more about the Cookies we use, kindly refer to the Cookies Policy on the web page. Click here

h. To fulfil your orders by third parties: When your order is delivered or serviced directly by a
third-party vendor, we share only the data necessary to complete the transaction. (If a third-
party vendor intends to process your data for additional purposes (e.g. marketing), they are
responsible for informing you and obtaining your consent where necessary.

i. To administer any of our prizes: draws or competitions which you enter, based on your consent given at the time of entering the event.

j. To develop, test and improve: the systems, services and products we offer to you. We’ll do
this on the basis of our legitimate business interests. For example, we’ll save your browser’s Session ID to help us understand more when you leave us online feedback about any
problems that you’re having.

k. To comply with our contractual or legal obligations : To share data with law enforcement agencies and authorities. For example, when a court order is put forward to us to share data
with law enforcement agencies or a recognised court of law.

l. To send you surveys and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email
or text message. We have a legitimate interest in doing so as this helps make our products and services more relevant to you.

m. For our member or logged in area: to decide which information to show you, with the help
of technological algorithms. We do so on the basis of your consent when you become a member by creating an account. If you don’t want to continue receiving offers, you’ll be unable
to continue your account with us. For example, if you consent through our website, we may use your shopping preferences to offer you tailored rewards.

n. Use Of Demographic and Geographic Data For Artificial Intelligence Training and
Analytics- The Company may collect, process, and utilise non-personal demographic and geographic data, including but not limited to age range, gender, postal code/PIN code, city,
and province/region (collectively, “Demographic Data”), strictly for the limited purposes of
training and enhancing artificial intelligence (AI) models, optimising product performance,
improving service functionality, and conducting aggregated service analytics. Such Demographic Data shall be processed solely in a de-identified, pseudonymised, or aggregated
format, and shall not be used to directly or indirectly identify any natural person.

The Company expressly affirms that no Personally Identifiable Information (“PII”), whether direct or indirect, will be utilised for AI training or related analytical activities. All processing
activities shall be executed in accordance with the principles of data minimisation, purpose limitation, and pseudonymisation as mandated under the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. Any PII collected for other lawful purposes shall remain segregated from AI training environments and shall be processed solely to fulfil contractual or regulatory obligations or to deliver core services to users.

The Company shall implement robust organisational and technical safeguards to protect data subjects’ rights and freedoms, and will ensure that any processing of Demographic Data for the aforementioned purposes does not compromise the anonymity or privacy expectations of
individuals.

6.1 To provide the most relevant offers, promotions, and content at the most appropriate times,
we build a fuller picture of your preferences and shopping behaviour. We do this by combining
personal data collected through your interactions with our websites (such as purchase history,
browsing behaviour, and account activity) with data obtained from carefully selected third-party
sources-where you have lawfully consented to such sharing.

6.2 For example, we may enhance our understanding of you by using publicly available data,
such as the Land Registry, or marketing data from trusted partners, to complement and enrich
the information we already hold.

6.3 This data combination enables us to tailor our marketing communications and product
recommendations to better reflect your preferences and interests. We rely on our legitimate
interests in promoting and improving our business, or your explicit consent, where required by
law, as the lawful basis for this activity. You have the right to object to this type of data
processing at any time.

7.1 We understand that the security of your personal data is of paramount importance. That’s
why we take robust technical and organisational measures to safeguard it at every stage. We
implement appropriate security measures to protect your data from unauthorised access,
unlawful processing, accidental loss, destruction, or damage.
This includes:

a) Securing all transactional areas of our websites with Secure Sockets Layer (SSL) encryption,
identifiable by the ‘https’ prefix and padlock symbol in your browser address bar.
b) Ensuring that access to personal data is restricted to authorised personnel only, and is
controlled through secure authentication protocols, including password protection and Role-
Based Access Controls (RBAC).
c) Protecting payment data through encryption, tokenisation, and secure third-party payment
processors that comply with the Payment Card Industry Data Security Standard (PCI DSS).
d) Regularly monitoring our IT systems and infrastructure for potential vulnerabilities, threats, or
breaches, and implementing corrective actions where required.
e) Conducting periodic security reviews and penetration testing to ensure the continued resilience of our security posture.

7.2 While no system is entirely immune to cyber threats, we are committed to maintaining and
continuously improving our security practices to ensure your data remains safe.

8.1 We will retain your personal data only for as long as necessary to fulfil the purposes for which
it was collected, including to meet any legal, regulatory, tax, accounting, or reporting
requirements. Once the relevant retention period has expired, we will either delete your data
securely or anonymise it so that it can no longer be associated with you. Anonymised data may
be used for statistical analysis and business planning purposes (without identifying your personal
data).
Examples of our data retention periods include:
Orders: We retain personal data related to orders for a period of five (6) years from the date of
transaction. This enables us to comply with our contractual obligations, including processing
returns, refunds, and responding to queries. For certain products (e.g., electrical or high-value
items), we may retain data for up to ten (10) years where necessary to support product lifecycle
or safety obligations.
Warranties: Where a product includes a warranty, we will retain the associated personal data for
the duration of the warranty period, to ensure we can honour our obligations under the warranty
terms.

8.2 The Company maintains a structured data retention and archival policy, whereby relevant
data is retained for a period of ten (10) years in the active storage environment, after which such
data is transitioned to a secure inactive archival repository. Archived data shall be retained solely for statutory compliance, regulatory obligations, or bona fide litigation or dispute resolution
purposes, and shall not be accessed or processed for any other operational activities.

Security and Information Technology functions shall maintain and periodically update the
technical architecture related to data protection and shall preserve comprehensive audit logs
evidencing access events and data processing operations. Such documentation shall be
available for inspection by competent supervisory authorities upon lawful request.

9.1 We only share your personal data when it is necessary, proportionate, and lawful to do so.
This typically includes sharing with third parties who provide essential services that support our
business operations and enhance your experience as a customer. These parties act either as
data processors, under our strict instructions, or as independent data controllers where they
determine their own purpose and means of processing.

9.2 In accordance with the principles of accountability and data minimisation under the UK and
EU GDPR, and as guided by the UK Information Commissioner’s Office (ICO), we apply the
following safeguards when sharing your data:

a. Purpose Limitation: Third parties only receive personal data necessary to fulfil their
specific tasks or functions.
b. Contractual Safeguards: All data processors are bound by written agreements that
include GDPR-compliant data protection clauses.
c. Restricted Use: Third parties may not use your personal data for any purpose other than
as instructed by us.
d. Security and Confidentiality: We assess and monitor the security practices of third
parties to ensure your data is protected at all times.
e. Data Disposal: Where a third party no longer provides services to us, any personal data
they hold on our behalf is either securely deleted or anonymised.

9.3 We share your personal data with the following categories of recipients:

a. IT and Cloud Infrastructure Providers- who host and maintain our websites, CRM system, and
data storage platforms.
b. Operational Partners- such as couriers, logistics providers, and order fulfilment centres, to
enable the delivery of products and services.
c. Marketing Technology Partners- who assist us in sending communications or providing
relevant content (e.g. email platforms, SMS providers).
d. Advertising and Analytics Providers- including Google and Meta, where you have consented
to marketing cookies, to show you personalised content based on your browsing activity. For
more details, see our [Cookie Notice].
e. Fraud prevention and Cybersecurity Partners- to help detect and prevent fraudulent or
malicious activity on our platform.
f. Regulators and Law Enforcement- where required to do so under applicable laws or pursuant
to valid legal process (e.g. court order or warrant). All such requests are subject to a robust
legal review to ensure they are lawful and proportionate.
g. Auditors, Insurers and Legal Advisor: where necessary to support legal claims, compliance
audits, or risk management functions.
h. Successors in title- if our business undergoes a reorganisation, merger, acquisition, or sale, we may transfer your personal data to the new entity under terms that uphold your rights and protections.

9.4 We do not sell your personal data to any third party. If we ever plan to do so in the future, we will only do so with your explicit consent and in accordance with the law.

9.5 Third-Party Marketing Complaints

In the event that customers or users receive unsolicited marketing or promotional communications from third parties with whom they have not directly engaged, they may report
such concerns to the Company’s Data Protection Officer (DPO) using the contact details provided herein.

Upon receipt of such a complaint, the Company shall initiate an internal review and coordinate with the relevant third-party processors, service partners, or data recipients in accordance with
applicable contractual obligations, data processing agreements, and regulatory requirements.
The Company will take appropriate remedial measures where necessary to ensure compliance
with applicable data protection legislation and to safeguard data subjects’ rights.

9.6 For more details about how we ensure third parties protect your data, or to request a list of
key third-party recipients, you can contact our Data Protection Officer (DPO) using the details
provided at the end of this Privacy Policy.

10.1 Comfort Click is headquartered in the United Kingdom. As such, your personal data may be processed in the UK, which, while outside the European Economic Area (EEA), has been recognised by the European Commission as offering an adequate level of data protection.

10.2 In the course of providing our services, we may also need to transfer your personal data to third-party partners, service providers, or affiliate companies located in countries outside the UK and EEA, including jurisdictions that may not offer the same level of data protection as your home country.

10.3 Safeguards for Cross-Border Transfer: To ensure that your personal data continues to receive a high standard of protection, all international data transfers are conducted in full compliance with the UK and EU GDPR, and any other applicable data protection laws. We implement appropriate safeguards, including:

a. Adequacy Decisions: Where applicable, we transfer data to countries formally recognised by the UK Government or European Commission as providing adequate protection.
b. Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we use the most current versions of SCCs approved by the UK and EU regulators. These contractual obligations bind recipients to uphold data protection standards equivalent
to those in the UK and EU.
c. Supplementary Measures: Where required, we apply additional technical, contractual, and organisational measures- such as encryption, access controls, and audit rights- to further protect your data.
d. Vendor Due Diligence and Contractual Controls: All third parties handling your data outside
the UK/EEA are subject to rigorous due diligence and bound by enforceable contractual commitments to use your data only for specific purposes and to maintain appropriate security standards.

10.4 We continually monitor legal developments in international data transfer requirements and
adjust our practice as needed to remain compliant and accountable.

11.1 We are committed to ensuring you remain in control of your personal data. Under data protection laws, including the UK GDPR, you have the following rights, which we honour and support without delay or undue burden:

a. Right To Access: You have the right to request confirmation of whether we process your personal data, and to receive a copy of the data, along with clear information about how and
why it is being used.

b. Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you may request that it be corrected or updated promptly.

c. Right to Erasure (“Right to be Forgotten”): In certain instances, you can ask us to delete your data – for example, where it is no longer necessary for the purpose for which it was collected, or where you withdraw your consent and no other legal basis applies.

d. Right to Restrict Processing: You may ask us to temporarily stop using your data while a concern is being resolved – for example, if you consent to the accuracy of data or object to our
processing.

e. Right to Data Portability: Where we process your data based on your consent or contract and to do so by automated means, you have the right to receive that data in a structured,
commonly used, and machine-readable format- and to have it transferred to another data controller where technically feasible.

f. Right to Object: You can object to the use of personal data where it is processed for: Our Legitimate interests, unless we can demonstrate compelling legal grounds to continue; or
Direct marketing, at any time, with immediate effect.

g. Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time. This will not affect the lawfulness of any processing carried out prior to
withdrawal.

h. Rights Related to Automated Decision-Making: You have the right not to be subject to decisions made solely by automated means (including profiling) where such decisions have a
legal or similarly significant impact on you. Where automated processing is used, we will ensure appropriate safeguards, including the right to Human review. In such instances, you
may request human intervention or challenge the decision.

i. Right to Lodge Complaint: If you have concerns about how we handle your data, you have the right to lodge a complaint with the relevant supervisory authority, such as the International
Commissioner’s Office (ICO) in the UK or your local EU data protection authority.

11.2 Exercising Your Rights: To exercise any of your rights, please contact us using the details provided at the end of the policy (article 15). For security and fraud prevention, we may need to verify your identity before fulfilling your request. If a third party acts on your behalf, they will need to show appropriate authority. We are committed to responding promptly and transparently, and will always explain our decisions, in limited cases, we are unable to comply fully with your
request.

12.1 The Company may issue marketing, promotional, and informational communications to customers and users on a default opt-out basis, whereby such communications may be sent unless and until the user withdraws consent.

Users may opt out at any time by selecting the unsubscribe checkbox within any marketing email
or by following the unsubscribe instructions provided in the confirmation message. Upon receipt
of an opt-out request, the Company will cease sending marketing or promotional emails to the
user.

The Company may, however, continue to send:
(i) internal testing or review emails strictly for bulk campaign quality assurance; and
(ii) transactional or service-related communications required to fulfil contractual or legal
obligations, including essential service notices or account updates.

12.2 Direct Marketing Communication: You can opt out of direct marketing messages (e.g. email, SMS, telephone, or postal) at any time.You have the right to object at any time to the use of your
personal data for direct marketing purposes, including profiling related to such marketing. We provide clear, simple ways to manage your preferences and opt out of both direct communication and cookie-based advertising.

12.3 Clicking the “unsubscribe” link in any marketing email you receive from us. This will unsubscribe you from marketing communication for that particular brand or business. Updating
your Preferences in your online account settings, where applicable.

12.4 Contact our Customer Support team, who can assist you in managing your marketing preferences. Please note that it may take a short time for all our systems to update your request.
You may continue to receive service communications (such as order confirmations, delivery updates, or important policy notices), which are necessary and not subject to marketing opt-out.

12.5 If a user continues to receive promotional emails after opting out, they may contact the Company’s Data Protection Officer (DPO) directly. The Company will investigate and resolve
such concerns in accordance with applicable data protection laws, including GDPR provisions on
purpose limitation and user rights.

13.1 If you feel that your data hasn't been treated properly, or you are unhappy with our response
to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the ICO. However, we would appreciate the opportunity to resolve your concerns directly before you contact a supervisory authority.

13.2 You can contact them by visiting https://ico.org.uk/make-a-complaint/

13.3 If you are based outside the UK, you have the right to lodge your complaint with the relevant
data protection regulator in your country of residence.

13.4 We encourage you to contact our Data Protection Officer (DPO) first so we can attempt to resolve your issue directly, promptly, and in accordance with your local legal timeframes.

14.1 This Privacy Policy shall be provided in English as well as other languages. Should there be any conflict in the meanings between the English and translated versions, the English version shall prevail.

14.2 When placing an order with us, browsing our website, including for analytics and website usage research, and/or agreeing to receive direct marketing electronic communications as described in this Privacy Policy and our Cookies Notice, your personal data will be processed by us or on our behalf. Your personal data may be processed in the UK or other jurisdictions where our trusted service providers operate.

14.3  We may transfer your personal data:

1. To our servers or service providers in the UK and EU and other countries as necessary to fulfil your requests;
2. To third parties (including delivery partners, IT providers, and data analytics companies) involved in providing our services to you.
3. Between jurisdictions as required for customer support, order fulfilment, and analytics.

14.4 Where we transfer your personal data outside of your home country, we ensure an appropriate level of data protection is maintained. This included using safeguards such as:

1. Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities;
2. Adequacy decision where applicable;
3. Binding Corporate rules or equivalent legal mechanisms.

14.5 While we strive to ensure that all third-party recipients of your data uphold privacy standards consistent with the GDPR, please note that local laws in those countries may differ and may not always offer the same level of Protection as in your jurisdiction.

14.6  For EU/EEA Customers
If you are located in the European Union or European Economic Area, your data is transferred outside the EEA only where appropriate safeguards are in place as required under Chapter V of the EU GDPR.

14.7  If you are using our website or purchasing products as part of your personal or household activities, the GDPR will govern how your personal data is collected and used. For business-related purchases or wholesale inquiries, please contact our commercial team.

14.8 If you have any concerns, requests, complaints or suggestions regarding your personal data, you may contact our Data Protection Officer. We will respond within the timeframes prescribed by local data protection laws and aim to resolve your concern in a fair and timely manner.

15.1 We really hope that this Privacy Policy has been helpful in setting out the way we handle your personal data and your ways to control it. If you have any questions, please contact our Data Protection Officer, who would be delighted to help:

Email at: dpo@comfortclick.co.uk.
Telephone: +4420 3322 1668.
Postal address: Unit 8, Sevenoaks Enterprise Centre, Bat & Ball Road, Sevenoaks, Kent, TN14 5LJ. 

This Policy shall be deemed effective as of the approved date and will be reviewed annually or upon legal updates. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

 This Privacy Policy was last updated on 15/01/2026.