BrillBuy.co.uk

Privacy Policy

Last updated: February 2026

Data Controller

This website is operated by S Waterman Limited (trading as BrillBuy), Company No. 12957620, registered in England and Wales.

For any privacy-related enquiries, please contact us at help@brillbuy.co.uk.

Information We Collect

When you make a purchase on BrillBuy, we collect:

  • Name
  • Email address
  • Phone number
  • Delivery and billing address
  • Order details and purchase history
  • Payment information (processed securely by Stripe — your card details never touch our servers)

Why We Collect Your Data

We collect and process your personal data on the lawful basis of contract performance — it is necessary to fulfil your orders and provide customer service. Specifically, we use your information to:

  • Process and fulfil your orders
  • Send order confirmations and shipping updates
  • Generate invoices
  • Respond to customer service enquiries

Third-Party Services

We share data with third-party service providers to process payments, fulfil orders, and analyse website usage. These include Stripe, Auctane, IDDQD, and Google. We never sell your personal data.

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 compliant payment processor. Your card details are entered directly into Stripe's secure payment form and never pass through or are stored on our servers.

Cookies

We use the following cookies:

  • Session cookie (essential) — maintains your login session and shopping basket. Expires when you close your browser.
  • XSRF-TOKEN (essential) — protects against cross-site request forgery. Expires when you close your browser.
  • Google Analytics cookies — used to collect anonymised usage statistics (pages visited, time on site). You can opt out using Google's browser add-on.

We do not use advertising or tracking cookies.

Data Retention

We retain your order information for 6 years from the date of purchase, as required for tax and accounting purposes under UK law (HMRC requirements). After this period, your data will be securely deleted.

You can request early deletion of your data (where it is no longer required for legal obligations) by contacting us.

Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data (subject to legal obligations)
  • Portability — request your data in a machine-readable format
  • Object — object to the processing of your data in certain circumstances

To exercise any of these rights, please contact us at help@brillbuy.co.uk. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

If you have any questions about this privacy policy, please email help@brillbuy.co.uk or use our contact page.