Privacy Policy

At Barbellworksco (“Barbellworksco”, “we”, “us”, or “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit barbellworksco.com, create an account, place an order, contact us, or otherwise interact with us.At ABC (“ABC”, “we”, “us”, or “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit barbellworksco.com, create an account, place an order, contact us, or otherwise interact with us. It is intended to be clear, transparent, and easy to understand, in line with GDPR transparency requirements.

1. Who we are

Data Controller: ABC
Company Number: 12345678
Address: Street address, city.
Email: hello@barbellworksco.com

For the purposes of data protection law, ABC is the controller of the personal data described in this Privacy Policy, meaning we decide how and why your personal data is processed. GDPR requires that individuals are told who is collecting their data, how to contact them, and the purposes and legal basis for the processing.

2. The personal data we collect

Depending on how you use our website, we may collect the following categories of personal data:

• Identity and contact data: name, billing address, shipping address, email address, phone number.
• Order and transaction data: products ordered, order history, delivery details, returns, and payment status.
• Account data: login details, saved preferences, wishlist items, and account activity if you create an account.
• Communications data: messages you send us through email, contact forms, chat, or customer support requests.
• Technical and usage data: IP address, browser type, device information, pages viewed, referring URLs, and similar analytics information.
• Marketing preferences: whether you have agreed to receive newsletters or promotional messages.
• Cookie and similar technology data: information collected through cookies or similar tools, subject to your choices where consent is required. GDPR transparency rules require privacy notices to describe the categories of personal data collected.

3. How we collect your data

We collect personal data:

• directly from you, such as when you place an order, create an account, subscribe to emails, or contact us;
• automatically when you browse our site, through server logs, cookies, and similar technologies;
• from service providers involved in payment processing, order fulfilment, delivery, analytics, website hosting, or marketing tools; and
• in limited cases, from publicly available sources or third parties where lawful and relevant.

Where personal data is collected from other sources, GDPR requires that individuals are informed about the source and the categories of data involved.

4. Why we use your personal data and our legal bases

We process personal data only where we have a lawful basis to do so. Depending on the context, we may rely on one or more of the following legal bases:

a) To process and deliver orders

We use your data to take payment, confirm your order, arrange shipment, provide order updates, handle returns, and provide customer support. The lawful basis is usually performance of a contract because this processing is necessary to fulfil your order or take steps at your request before entering into a contract.

b) To manage your account

If you create an account, we use your data to maintain your profile, authenticate you, and provide account features. The lawful basis is usually performance of a contract or our legitimate interests in operating our website and customer accounts. Legitimate interests can be used where the business need is real and the individual’s rights and freedoms are not overridden.

c) To respond to enquiries and provide support

We use your data to answer questions, resolve issues, and handle complaints or service requests. The lawful basis is our legitimate interests in running our business and providing support, and in some cases performance of a contract.

d) To improve our website, products, and services

We may use technical and usage data to understand how visitors use our site, fix issues, improve navigation, and enhance performance. The lawful basis is usually our legitimate interests in improving our website and services, except where consent is required for certain analytics or tracking tools.

e) To send marketing communications

Where you sign up to receive newsletters, product updates, or promotions, we may use your contact details to send you marketing communications. The lawful basis will usually be consent where required by law, and you can withdraw consent at any time. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link or contacting us. GDPR requires that people are told when consent can be withdrawn, and cookie/e-privacy rules also require active consent for certain tracking used in marketing.

f) To maintain security and prevent fraud

We may process personal data to protect our website, users, systems, and business from fraud, abuse, unauthorised access, chargebacks, and other security risks. The lawful basis is our legitimate interests in fraud prevention and network and information security. The European Commission identifies fraud prevention and network security as examples of legitimate interests.

g) To comply with legal obligations

We may process and retain certain records for accounting, tax, consumer protection, dispute resolution, or regulatory compliance purposes. The lawful basis is compliance with a legal obligation. GDPR requires organisations to identify the legal basis for their processing.

5. Cookies and similar technologies

We use cookies and similar technologies to operate our website, remember preferences, improve user experience, analyse traffic, and, where enabled, support marketing functions. We will clearly explain what cookies are used for and, where required, ask for your consent before placing non-essential cookies on your device. Strictly necessary cookies that are essential to provide a service you request, such as keeping items in a shopping basket or supporting security, may be used without consent where permitted by law. ICO guidance states that users must be told about cookies, what they do, and why, and that consent is generally required except for strictly necessary cookies.

You can manage cookies through our cookie banner or your browser settings. Blocking some cookies may affect site functionality.

6. Sharing your personal data

We do not sell your personal data. We may share your personal data with trusted third parties where necessary for the purposes described above, including:

• payment processors;
• website hosting and IT service providers;
• ecommerce platform providers;
• shipping, delivery, and logistics partners;
• analytics, customer support, and email service providers;
• professional advisers such as lawyers, accountants, or auditors;
• regulators, courts, law enforcement, or other authorities where required by law; and
• a buyer, investor, or successor entity in connection with a merger, acquisition, financing, or sale of all or part of our business.

GDPR requires privacy notices to tell individuals who may receive their personal data.

7. International data transfers

Some of our service providers may process personal data outside the European Economic Area. When we transfer personal data outside the EEA, we will use appropriate safeguards as required by law, such as a transfer to a country covered by an adequacy decision or the use of approved Standard Contractual Clauses where needed. EU guidance explains that when personal data is transferred outside the EEA, the GDPR requires safeguards so that protection “travels with the data.”

8. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to fulfil orders, provide customer support, meet legal or accounting obligations, resolve disputes, enforce agreements, and maintain security records. Retention periods may vary depending on the type of data and the reason for processing. The European Commission states that data should be kept for the shortest time possible, taking into account the purpose of the processing and any legal obligations to retain records.

As a general guide:

• order and transaction records may be kept for accounting, tax, warranty, and dispute-resolution purposes;
• customer service correspondence may be kept for as long as necessary to handle the matter and maintain an audit trail;
• account data may be kept while your account remains active and for a reasonable period afterward unless deletion is required sooner;
• marketing records may be kept until you withdraw consent or object, and for a limited period afterward to maintain suppression records; and
• technical logs may be retained for security, troubleshooting, and fraud prevention for a limited period.

9. Your GDPR rights

Under the GDPR, you may have the right to:

• be informed about how your personal data is used;
• access the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of your personal data in certain circumstances;
• request restriction of processing in certain circumstances;
• receive your personal data in a portable, machine-readable format where applicable;
• object to processing based on legitimate interests or to direct marketing; and
• request human review where a decision with legal or similarly significant effects is based solely on automated processing, where applicable.

The European Commission lists these as core rights under the GDPR.

To exercise any of these rights, contact us at hello@barbellworksco.com. We may need to verify your identity before responding. GDPR also gives individuals the right to lodge a complaint with a supervisory authority.

10. Children’s privacy

Our website is not intended for children, and we do not knowingly collect personal data from children in a way that requires parental consent under applicable law. If you believe a child has provided us with personal data unlawfully, please contact us so we can take appropriate steps. EU guidance notes that where processing is based on a child’s consent, parental or guardian consent is required under EU law.

11. Data security

We use appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include secure hosting, access controls, encryption where appropriate, and processes for handling security incidents. No method of transmission or storage is completely secure, but GDPR requires integrity and confidentiality as core data protection principles.

12. Third-party links and services

Our website may contain links to third-party websites, plugins, or services. If you follow those links or use those services, your personal data may be processed by the relevant third party under its own privacy practices. We encourage you to review their privacy notices before providing personal data. GDPR transparency rules require organisations to explain recipients and relevant transfers, but each third party remains responsible for its own processing where it acts as an independent controller.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first at hello@barbellworksco.com and we will try to resolve the issue. You also have the right to lodge a complaint with the data protection supervisory authority in the EU/EEA country where you live, work, or believe a breach has occurred. GDPR requires that individuals be informed of this right.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or website features. Any updates will be posted on this page with a revised effective date. GDPR requires privacy information to be kept clear and current.

15. Contact us

If you have any questions about this Privacy Policy or our handling of personal data, please contact:

ABC
Company Number: 12345678
Address: Street address, city.
Email: hello@barbellworksco.com