For the Processing of Personal Data by Ruposhi Global Limited
Effective Date: February 2026 | Last Updated: February 2026
Ruposhi Global Limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website (www.ruposhi.co.uk), purchase our products or services, or otherwise interact with us.
We are a company registered in England and Wales (Company No. 14162541) with our registered office at Unit 15, Block B Lakesview Business Park, Sparrow Way, Canterbury, England, CT3 4AL.
This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1.1 Ruposhi Global Limited is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us at:
Email: sales@ruposhi.co.uk
Phone: 0333 207 0700
Post: Ruposhi Global Limited, Unit 15, Block B Lakesview Business Park, Sparrow Way, Canterbury, England, CT3 4AL
2.1 We may collect and process the following categories of personal data:
First name, last name, title, job title, and company name.
Billing address, delivery address, email address, and telephone numbers.
Bank account details, payment card details (processed securely via our payment provider), purchase order references, and credit account information.
Details of products and services you have purchased from us, order history, delivery records, and payment history.
Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
Information about how you use our website, products, and services, including pages visited, time spent on pages, and navigation paths.
Records of correspondence and communications between you and us, including emails, telephone calls, and live chat transcripts.
3.1 We collect personal data through the following means:
(a) Direct interactions: When you create an account, place an order, request a quotation, complete a credit application, subscribe to communications, submit a contact form, or correspond with us by post, phone, email, or otherwise.
(b) Automated technologies: As you interact with our website, we may automatically collect Technical Data and Usage Data using cookies, server logs, and similar technologies. Please see Section 11 (Cookies) for further details.
(c) Third parties: We may receive personal data from third parties including credit reference agencies, business partners, payment service providers (such as Stripe), and publicly available sources such as Companies House.
4.1 We will only process your personal data where we have a lawful basis to do so under the UK GDPR. The lawful bases we rely on are:
(a) Performance of a contract (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract. This includes processing orders, delivering goods, providing managed IT services, and managing your account.
(b) Legitimate interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include operating and improving our business, marketing our products and services to business customers, preventing fraud, and ensuring network and information security.
(c) Legal obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject, including tax and accounting obligations, regulatory requirements, and responding to lawful requests from public authorities.
(d) Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications. You may withdraw consent at any time by contacting us or using the unsubscribe link in any marketing email.
5.1 We use your personal data for the following purposes:
(a) To register you as a new customer and manage your account.
(b) To process and fulfil your orders, including delivery of goods and provision of services.
(c) To manage payments, fees, and charges, and to collect debts owed to us.
(d) To assess credit applications and manage trade credit accounts.
(e) To provide managed IT services, technical support, and helpdesk services.
(f) To communicate with you about your orders, account, and our services.
(g) To send you marketing communications where you have opted in or where we have a legitimate interest to do so (B2B soft opt-in under the Privacy and Electronic Communications Regulations 2003).
(h) To administer and protect our business and website, including troubleshooting, data analysis, testing, and system maintenance.
(i) To comply with our legal and regulatory obligations.
(j) To detect and prevent fraud, unauthorised access, and other illegal activities.
6.1 We may share your personal data with the following categories of recipients where necessary:
(a) Service providers: IT hosting providers, payment processors (including Stripe), courier and logistics companies, and accounting software providers (including Xero) who process data on our behalf under written data processing agreements.
(b) Supply chain partners: Authorised manufacturers, distributors, and fulfilment partners who dispatch goods on our behalf, where necessary to fulfil your order. Only the minimum data required for delivery (name, address, contact number) is shared.
(c) Credit reference agencies: Where you apply for a trade credit account, we may share your data with credit reference agencies to assess creditworthiness.
(d) Professional advisers: Including lawyers, auditors, and insurers where necessary for the provision of their professional services.
(e) HM Revenue & Customs, regulators, and other authorities: Where required by law or to comply with a legal obligation.
(f) Business transfers: In connection with any merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.
6.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes in accordance with our instructions.
7.1 Some of our service providers may be based outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data, including:
(a) Transfers to countries that the UK Secretary of State has deemed to provide an adequate level of protection for personal data.
(b) Use of the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as approved by the Information Commissioner’s Office (ICO).
(c) Where the recipient is certified under an approved certification mechanism or is subject to binding corporate rules.
7.2 You may request further details of the safeguards in place by contacting us.
8.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
8.2 The retention periods we apply are as follows:
Customer account data: For the duration of your account plus 6 years after the last transaction, in line with HMRC requirements.
Transaction and financial records: 6 years from the end of the financial year in which the transaction occurred, as required by the Companies Act 2006 and tax legislation.
Quotation and enquiry data: 2 years from the date of enquiry, unless a contract results.
Marketing consent records: For as long as consent is active, plus 1 year after withdrawal.
Website analytics data: 26 months from the date of collection.
8.3 Where we no longer require your personal data, we will securely delete or anonymise it.
9.1 Under the UK GDPR, you have the following rights in relation to your personal data:
(a) Right of access (Article 15): You have the right to request a copy of the personal data we hold about you (commonly known as a “Subject Access Request”).
(b) Right to rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
(c) Right to erasure (Article 17): You have the right to request that we delete your personal data in certain circumstances (the “right to be forgotten”).
(d) Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
(e) Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
(f) Right to object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing your data for that purpose immediately.
(g) Rights related to automated decision-making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
9.2 To exercise any of these rights, please contact us using the details in Section 1. We will respond to your request within one month. There is no fee to exercise your rights unless your request is clearly unfounded, repetitive, or excessive.
9.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
10.1 We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing your personal data, including:
(a) Encryption of data in transit using SSL/TLS (our website uses HTTPS).
(b) Secure server infrastructure with access controls, firewalls, and intrusion detection.
(c) Payment card data is processed by PCI DSS-compliant payment providers and is not stored on our servers.
(d) Regular security assessments and updates to our systems.
(e) Staff access to personal data is restricted on a need-to-know basis.
(f) Procedures for dealing with any suspected personal data breach.
10.2 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you without undue delay.
11.1 Our website uses cookies and similar technologies to distinguish you from other users. This helps us provide you with a good experience when you browse our website and also allows us to improve our site.
11.2 We use the following types of cookies:
(a) Strictly necessary cookies: Required for the operation of our website, including session management, shopping basket functionality, and security. These cookies do not require your consent.
(b) Analytical/performance cookies: Allow us to recognise and count the number of visitors and see how visitors move around our website. This helps us improve the way our website works. These cookies are set only with your consent.
(c) Functionality cookies: Used to recognise you when you return to our website, enabling us to personalise our content and remember your preferences.
11.3 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly.
12.1 We may send you marketing communications where:
(a) You have requested information from us or purchased goods or services from us, and you have not opted out of receiving marketing (soft opt-in under PECR Regulation 22).
(b) You have provided your explicit consent to receive marketing communications.
(c) We are sending B2B marketing communications to your business email address, which is permitted under the Privacy and Electronic Communications Regulations 2003 where relevant conditions are met.
12.2 You can opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email, or by contacting us directly.
13.1 Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information.
14.1 Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.
15.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated “Last Updated” date.
15.2 Where changes are significant, we will notify you by email or by placing a prominent notice on our website.
16.1 If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
16.2 We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Ruposhi Global Limited
Unit 15, Block B Lakesview Business Park
Sparrow Way, Canterbury, England, CT3 4AL
Email: sales@ruposhi.co.uk
Phone: 0333 207 0700
Website: www.ruposhi.co.uk
This Privacy Policy was last updated in February 2026.
