Privacy Policy

1. Who we are

TopsLaptops operates this website. We are committed to protecting your personal data and acting in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

We are the Data Controller for the data collected through this website.

2. What data we collect

When you place an order (guest checkout)

• Full name and email address
• Delivery address
• Order contents and payment confirmation (payment is processed by Stripe — we do not store card details)

When you register an account

• Full name and email address
• Phone number (optional)
• Encrypted password (we never store your password in plain text)
• Order history

When you book a service

• Name, email address, date & time preference
• Any notes you provide about the service

Analytics (with your consent only)

If you accept analytics cookies, we collect:

• Anonymised IP address (first two octets only, e.g. 192.168.x.x — we cannot identify you from this)
• Pages visited and time of visit
• Browser type, operating system, and device category (desktop/mobile/tablet)
• Referring website (the site you came from, if any)

We do not use third-party analytics services (such as Google Analytics). All analytics data is stored on our own servers and is never shared with any third party.

3. How we use your data

We use your data only for the following purposes:

• Processing and fulfilling your orders and bookings
• Sending transactional emails (order confirmation, receipts)
• Providing customer support
• Improving our website (using anonymised analytics, with consent)
• Complying with our legal obligations

We will never sell, rent, or share your personal data with any third party for marketing purposes.

4. Cookies

Essential cookies (always active)

Analytics cookies (optional — with consent)

We do not use any advertising, tracking, or third-party cookies. You can withdraw your analytics consent at any time by clearing your cookies or updating your browser settings.

5. Data retention

• Order data: retained for 7 years (UK tax law requirement)
• Account data: retained while your account is active; deleted upon request
• Booking data: retained for 2 years after the booking date
• Analytics data: retained for 12 months, then automatically purged

6. Your rights under UK GDPR

You have the right to:

• Access the personal data we hold about you
• Rectify any inaccurate or incomplete data
• Erase your data ("right to be forgotten") where there is no legal obligation to retain it
• Restrict processing of your data
• Object to processing based on legitimate interests
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent for analytics at any time (this will not affect orders already placed)

To exercise any of these rights, please contact us. We will respond within 30 days.

7. Third-party services

We use the following third-party processors to deliver our service:

• Stripe — payment processing. Your card details are handled entirely by Stripe and never pass through our servers. Stripe's privacy policy: stripe.com/gb/privacy

No other third parties receive your personal data.

8. Security

We take appropriate technical and organisational measures to protect your data, including:

• HTTPS encryption for all data in transit
• Passwords stored as bcrypt hashes (industry-standard, never plain text)
• Access to admin systems restricted to authorised personnel only
• Regular backups of data stored securely

9. Complaints

If you have a concern about how we handle your data, please contact us first and we will do our best to resolve it. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ico.org.uk/make-a-complaint

10. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated date.