PRIVACY POLICY AND COOKIE STATEMENT – VIDAXL.CO.UK

version 2025.1

This Privacy Policy and Cookie statement applies to the Processing of Personal data in connection with purchases and activities on this website.

The website is operated by vidaXL Marketplace International B.V., a company registered in the Netherlands, and which facilitates transactions and operates the online sales platform. Products sold through the website are offered by HBI Commerce LTD – C/O Tmf Group.

Throughout this Policy, “vidaXL” refers to vidaXL Marketplace International B.V., HBI Commerce LTD – C/O Tmf Group and, where relevant, to other vidaXL related entities involved in operating, servicing, or supporting the Webshop.

SUMMARY:

Category

Details

Who Collects Data?

vidaXL Marketplace International B.V. (Webshop operator),

HBI Commerce LTD – C/O Tmf Group (Product seller),

Other third parties depending on interaction (see Section 4 of policy).

Legal Basis & Processing

Processing Scenarios

Contract performance, legal obligation, legitimate interest, consent, or judicial claims.

Examples:

•                 Visitors → IP, device, behaviour data (analytics/personalization)

•                 Customers → Contact data for order & support

•                 Account holders → Login, order tracking, fraud prevention

•                 Orders/Payments → Billing & delivery info processed securely

•                 Auctions → Bidding data collected to ensure fair use

•                 Wish lists → Stored to personalize experience

•                 Reviews → Shared directly or via partners, used for verification

•                 Customer service → Calls, emails, chats logged; calls may be recorded

•                 Newsletter → Sent via consent or legitimate interest

Data Sharing

Shared with joint/independent controllers (e.g. payment, delivery, marketing),
Processors (e.g. CRM, hosting, chat tools), subprocessors and other recipients (e.g. fraud monitoring, authorities).

Your Rights

Access, rectify, erase, restrict, object, request portability,
Lodge complaint with Data Protection Authority.
Contact vidaXL using details in full policy.

International Transfers

Data may be transferred outside the EEA with safeguards such as Standard Contractual Clauses.

Data Retention

Retained only as needed, e.g.  10 years for tax, 2 years for inactive accounts.
See Section 7 for details.

Security Measures

Technical (SSL/TLS), organizational (staff training, limited access),
Monitoring, data minimization, incident response planning.

Cookies & Trackers

Used for functionality, analytics, personalization, ads.
Managed via cookie banner or browser settings. See Section 9 for full details.

CONTENTS

1. DEFINITION.

2. WHO COLLECTS PERSONAL DATA?

3. LEGAL BASIS AND PROCESSING ACTIVITIES

3.1 LEGAL BASIS

3.2 OUR PROCESSING & REASONS

3.2.1 WEBSHOP VISITORS (collection may vary depending on your cookie settings).

3.2.2 WEBSHOP CUSTOMERS. Same as above, plus:

3.2.3 ACCOUNT HOLDERS

3.2.4 ORDERS AND PAYMENTS

3.2.5 AUCTIONS

3.2.6 Wish lists

3.2.7 Reviews

3.2.8 Customer Service Interactions

3.2.9 Newsletter.

4. WHO WE SHARE YOUR DATA WITH

5. YOUR RIGHTS

6. INTERNATIONAL TRANSFERS

7. HOW LONG WILL MY DATA BE KEPT?

8. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?

9. COOKIES, TAGS & TRACKERS

10. HOW TO MAKE A CLAIM

11. CHANGES TO THIS NOTICE

1. DEFINITION

In this Privacy and Cookie statement, the following terms are used with the meanings defined below:

Webshop:  The online store accessible via www.vidaXL.co.uk andany other website,application,or URL designated by vidaXL for the online sale of products.

Interaction: The use of features on the Webshop such as creating a Wish List, completing a Checkout,subscribing to the Newsletter,using "My Account," participating in Auctions,using the Chat function, or engaging with other interactive functionalities.

WebShop Visitor:  a customer visiting the Web Shop for the first time that does not interact with the Web Shop.

Web Shop Customer: a customer who interacts with the Web Shop.

Account:  the account a customer has to create through the Webshop to be able to place an order.

Privacy Policy and Cookie Statement:  vidaXL’s Privacy Policy and Cookie Statement.

All terms used in this Privacy Policy and Cookie statement that are defined in under the UK General Data Protection Regulation (hereinafter referred to as “UK GDPR”) and the Data Protection Act 2018 shall have the meaning assigned to them in the UK GDPR, including but not limited to: “Personal data”, “Processing”, “Pseudonymisation”,  “Recipient”, “Third Party”, “Consent”, “Personal data breach”, “Supervisory Authority”, “Cross-border processing”,  “Controller”, “Processor”, “Data subject”, and “Data Protection Officer”.

2. WHO COLLECTS PERSONAL DATA?

2.1 Your Personal data may be collected and processed by multiple parties depending on how you interact with the Webshop.

2.2 Responsibility for your data.

2.2.1 Main Controllers (collectively referred herein as vidaXL):

  • vidaXL Marketplace International B.V.: as the operator of the Webshop, vidaXL Marketplace International B.V. is the primary Controller for Processing that occurs via your use of the Webshop and its features.
  • HBI Commerce LTD – C/O Tmf Group: the company that sells the products listed on the Webshop is also alternatively a joint or independent Controller with -                 vidaXL Marketplace International B.V.  for all activities related to the order, delivery, customer service, invoicing and any after-sales services.

2.2.2 Other entities involved. Depending on your Interaction, your data may also be processed by other entities the list of which is provided under article 4.

3. LEGAL BASIS AND PROCESSING ACTIVITIES

3.1 LEGAL BASIS

We process your Personal data only when we have a valid legal basis. Under the UK GDPR, the following lawful grounds may apply:

Legal Basis Explanation
Contract Performance                                     To fulfil a contract or to take steps at your request before entering a contract
Legal Obligation To comply with legal and regulatory obligations
Legitimate Interest When we (or a Third Party) have a business or commercial reason to use your data, balanced against your rights
Consent When you have given clear and explicit permission
Legal Claims

When necessary to establish, exercise, or defend legal claims
Public Interest Not applicable to our current Processing activities

3.2 Our Processing & reasons

In the below tables, we have highlighted the core types of data and how they’re processed by vidaXL.

3.2.1 WEBSHOP VISITORS (collection may vary depending on your cookie settings).

Data

Purpose

Legal Basis

IP Address, Device Type, Referrer, Country, Browsing Behaviour

To optimize the user experience, load correct version, analyse Webshop usage, and display ads

Legitimate interest, Consent

3.2.2 Webshop Customers. Same as above, plus:

Data

Purpose

Legal Basis

Contact info, Preferences, Ordered Products

Order fulfilment, personalized suggestions, customer support

Contract, Legitimate Interest, Consent

3.2.3 Account Holders

Data

Purpose

Legal Basis

Name, Email, Password

Manage user Account, track orders, handle abuse

Contract, Legitimate Interest

3.2.4 Orders and Payments

Data

Purpose

Legal Basis

Name, Address, Contact Info, Payment Method, IP Address

Order delivery, billing, fraud prevention

Contract, Legitimate Interest, Legal Obligation

3.2.5 Auctions

Data

Purpose

Legal Basis

Bidder nickname

Enable bidding functionality; transparency during auction

Contract, Legitimate Interest

Account/order info linked to auction

Prevent abuse, manage disputes, process auction outcomes

Legitimate Interest

3.2.6 Wish lists.

When you create your own Wish List in our Webshop and add products to your Wish List while logged out they will remain on the list for 30 days. If you add products to your Wish List while logged in you can always find them under Wish List in My Account.

Data

Purpose

Legal Basis

Wishlist items

Remember saved preferences, show relevant offers

Legitimate Interest, Consent

IP address, browsing behaviour

Associate items with session, improve experience

Consent (cookies), Legitimate Interest(logged-in personalization)

3.2.7 Reviews.

vidaXL enables customers to review products and services after placing an order. These reviews help us improve our services and inform other customers. Additionally, we may invite you to participate in customer satisfaction surveys. The data collected varies based on the type of review or survey and who is managing the Interaction (vidaXL or a Third Party).

3.2.7.1 Product and service review managed by vidaXL.

Data

Purpose

Legal Basis

Name, email address, product purchased, order number, residence (for service reviews)

Display with review, enable contact in case of complaints, link review to order, allow follow-ups on complaints, associate review with specific items, verify reviewer is a customer, understand customer region for context

Legitimate Interest, Consent

3.2.7.2 Reviews submitted via third-party platforms. When clicking “Write a review” or similar links on our Webshop, you may be redirected to a third-party review platform (one of vidaXL’s contracted partners). These parties collect and process your data under their own privacy policies. vidaXL does not control how they handle your information.

Data

Purpose

Legal Basis

Name, email address

Display on third-party site, customer verification

Consent (via Third Party)

Note: we invite you to consult the Third Party’s privacy policy before submitting a review.

3.2.7.3 Comparison sites with review functionality. You may also review vidaXL through independent comparison sites showing our product listings.

Data

Purpose

Legal Basis

Name, email address

Contact in case of complaints, display on platform

Consent, Legitimate interest

3.2.7.4 Customer satisfaction surveys. After you purchase or interact with our customer service, you may be invited to complete a customer satisfaction survey. These surveys are conducted by Third Party service providers on behalf of vidaXL.

Data

Purpose

Legal Basis

Name, email address and/or phone number, experience details, order information, IP-address, feedback text

Contact for feedback, validate input, distribute survey, follow-up if needed, improve services and training, link experience to specific transaction, prevent multiple entries form the same user, evaluate quality service

Consent, Legitimate interest

3.2.8 Customer Service Interactions.

You may contact vidaXL’s customer service to ask questions, request support, or file complaints. Contact options include phone, email, chat, or the online complaints form available on our Webshop. We collect and process Personal data to respond to and manage your request.

3.2.8.1 Customer Service interactions.

Data

Purpose

Legal Basis

First and last name, email address, phone number, order number (operational/if applicable), description of the issue/question

Identify the customer and personalize service, respond to inquiries and send updates, contact for real-time or follow-up support, identify purchase for compliant handling, understand and resolve your requests

Legitimate Interest, Contract Performance

Chat-specific: first and last name, email, chat subject

Live assistance

Legitimate Interest, Contract Performance

Where Processing is required to comply with applicable consumer protection or tax laws, the legal basis may also be a legal obligation.

3.2.8.2 Recording of interactions. Phone conversations with customer service may be recorded for the following purposes:

Data

Purpose

Legal Basis

Voice recording of the call

Staff training, service improvement, complaint validation

Legitimate Interest, Consent (with notice at call start)

Note: you will always be informed when a call is being recorded. Recordings are secured and retained only as long as necessary for the stated purpose and not more than 28 days

3.2.9 Newsletter.

Data

Purpose

Legal Basis

Name, Email, Preferences

Send general and personalized marketing communications

Consent (opt-in), Legitimate Interest (existing customer)

4.WHO WE SHARE YOUR DATA WITH

4.1 vidaXL shares your Personal data with various third parties for the purposes of fulfilling your orders, providing services, maintaining our operations and complying with legal obligations. These Recipients can be categorized as Independent or Joint Controllers or Processors under UK GDPR.

4.2 Independent or Joint Controllers. These entities determine, independently or jointly with vidaXL, the purposes and means of Processing Personal data:

Entity

Purpose

Legal Basis

Customer Service Providers (vidaXL related entity)

Handling customer inquiries and complaints

Contract Performance, Legitimate Interest

Payment Service Providers (PSPs) (e.g., PayPal, Klarna, Visa, Adyen)

Secure payment processing

Contract Performance, Legal Obligation

Logistics Companies

Delivery and return of orders

Contract Performance

Marketing & Survey Providers

Newsletter delivery, customer feedback

Consent, Legitimate Interest

Product Development / Quality Teams

Analyse anonymized feedback for improvements

Legitimate Interest

Note: this list may not be exhaustive.

4.3 Processors.These entities process Personal data strictly on vidaXL’s instructions under article 28 UK GDPR:

Processor Type

Purpose

Cloud Hosting & IT Infrastructure

Website and systems operation

CRM & Customer Service Systems

Customer Interaction and support tracking

Email/Newsletter Platforms

Newsletter delivery and opt-in handling

Chat and Interaction Tools

Real-time customer support

Debt collection services

Subcontracting debt collection

Customer Service Providers (external)

Handling customer complaints on behalf of vidaXL

Note: this list may not be exhaustive. 

4.4 Subprocessors. Where vidaXL’s processors rely on subprocessors, the following measures are in place: 

- There is a binding agreement with the subprocessor;

- The obligations mirror or exceed those in our Data Processing Agreements;

- Subprocessors are vetted for adequate safeguards.

4.5 Other specific external recipients. vidaXL may share Personal data with the following parties:

Category

Examples

Purpose

Legal Basis

Public Bodies

Tax Authority, Financial Conduct Authority, Police, Customs

Legal compliance, fraud prevention

Legal Obligation

Financial & Fraud Control Partners

Anti-fraud, debt recovery agencies

Risk management

Legitimate Interest

Marketing Partners

Print/mail services, email marketing

Marketing & content customization

Consent, Legitimate Interest

External counsels

Law firms, accountants

Litigation, compliance

Legitimate Interest

4.6 Restructuring or corporate changes. In the event of a sale, merger, or restructuring of vidaXL or its affiliates, your Personal data may be shared with prospective buyers or group entities under strict confidentiality and only as permitted under UK GDPR.

5. YOUR RIGHTS

5.1 Under data protection legislation, you have rights including:

  • Your right of access – You have the right to ask us for a copy of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.’
  • Your right to object to processing (only when based on consent) – You have the right to object to vidaXL processing under certain circumstances. 
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

Please note that these rights are not absolute. For example, if you request erasure of your Personal data, we may still need to retain certain details to comply with legal obligations (e.g. tax regulations).

5.2 How to exercise your rights. You can exercise your rights in the following ways: 

By post:

vidaXL
Mary Kingsleystraat 1
5928 SK Venlo
The Netherlands
(Please include your full name, postal address, email address, and—if available—your customer reference number to help us locate your data.)

By email    webservice@vidaxl.co.uk
By phone    0203 808 5745

5.3 Consequences of exercising a right under the GPDR. You are not required to pay any fare for exercising your rights. If you make a request, we have one month to respond to you. If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the relevant Data Protection Authority referred to under Section 10 of this Policy.

6.  INTERNATIONAL TRANSFERS

6.1 vidaXL operates within an international corporate network of affiliated and contractually linked companies (referred to as the “vidaXL consortium”). While some companies are part of the same legal group, others operate under the vidaXL brand through close commercial and operation collaboration. These companies are located both within and outside the UK and European Economic Area (hereinafter referred to as EEA).

6.2 Access within the vidaXL consortium. Personal data may be transferred by vidaXL entities, affiliates, third parties located in the following countries depending on operational requirements:

  • the EEA (the Netherlands, Romania, Poland, etc.)
  • Australia
  • The United States
  • Asia (India, China, etc.)

Each of these entities only accesses Personal data as required to perform their contractual role (logistics, customer service, IT supports, etc.).

6.3 Transfers outdside the Uk and non-EEA countries. Where Personal data is processed outside the UK or EEA – whether by vidaXL entities, contractors, or third-party service providers – we ensure that such transfers are protected by adequate safeguards under UK GDPR. These include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • International Dat Transfer Agreements (IDTAs) of Addendums where required by UK law;
  • Contractual data protection agreements;
  • Technical and organizational safeguards;

Some external Processors or service providers located in non-EEA countries (e.g. Google, Meta, Amazon, Web Services, etc.) may process Personal data under these safeguards.

7. HOW LONG WILL MY DATA BE KEPT?

7.1 vidaXL does not retain your Personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law (e.g. for tax, accounting, regulatory or legal claims). The retention period depends on the nature of the data and Processing purposes and may vary accordingly. 

7.2 To ensure compliance with article 5(1)(e) of the UK GDPR, which requires Personal data to be kept no longer than is necessary, we apply the following general criteria and statutory obligations when determining data retention durations in UK:

Type of data

Purpose

Retention Period

Legal Basis/Justification

Order and transaction data

Fulfilling contracts, customer service, accounting

Up to 10  years

Revenue requirement (e.g. UK tax law and Regulation (EU) 282/2011), accounting obligations

Customer Service Interactions

Complaint resolution, service quality monitoring

Up to 2-5 years (depending on issue)

Legitimate interest in defending claims, training and service improvement

Review and Survey responses

Displaying reviews, service feedback

Up to 2 years

Consent, legitimate interest for internal quality improvement

Email Communications (e.g. newsletters)

Marketing, service updates

Until withdrawal of Consent

Consent under PECR or UK GDPR

Inactive Account Data

Fraud prevention, legal protection

Typically deleted after 2 years inactivity

Legitimate interest in preventing abuse; limitation period for civil claims

Chat Transcripts

Customer service reference

Up to 2-5 years (depending on issue)

Legitimate interest in improving customer experience

Customer contact info, purchase history, product serials, delivery records

Consumer warranties

As long as required by regulators

Consumer Rights Ac 2015 and warranty law

Same as above, plus complaint handling records, support communications

Product Liability Claims

As long as required by regulators

Consumer Protection Act 1987; Statute of Limitations

Customer and product information necessary to identify affected users and perform notification

Product Recalls / Safety Notices

As long as required by regulators

General Product Safety Regulations 2005

Customer Interaction data relevant to claims

Legal Claims

Up to the applicable status of limitation as provided in law

Law governing limitation periods (e.g. Limitation Act 1980)

7.3 Archiving and deletion. Once the applicable retention period expires, your Personal data will either be securely deleted, anonymised or archived in a way that it is no longer accessible or identifiable unless further retention is legally required.

8. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?

8.1 General principles. vidaXL takes appropriate technical and organizational measures to protect your Personal data against unauthorized or unlawful Processing and against accidental loss, destruction or damage. These measures are proportionate to the sensitivity of the data, the scope of our activities, the volume of data processed, and the potential risks involved. We apply the principles of data protection by design and by default as required by article 25 of the GDPR.

8.2 Examples of security measures implemented. To safeguard your data, vidaXL employs the following categories of measures:

Category

Examples of Measures

Technical Security
  • SSL/TLS encryption for data in transit

Organizational security
  • Employee confidentiality agreements;
  • Mandatory data protection training;
  • Limited access to data based on job roles;
  • Vendor risk assessments for third parties

Monitoring and Response
  • Continuous system monitoring for unusual access attempts
  • Regular audits and penetration testing;
  • Incident response plan in case of data breach

Data minimization and retention
  • Personal data is only retained as long as necessary
  • Pseudonymisation/anonymization used where full identification is not required

8.3 Your responsibility. We also expect you to take steps to protect your Personal data by, for instance, always keeping your login credentials confidential, using a strong password and avoid using the same password for multiple accounts, log out when using public or shared devices, immediately notify vidaXL or any suspected misuse of your Account.

9. COOKIES, TAGS & TRACKERS

9.1 What are cookies, tags and trackers? Cookies are small text files stored on your device (e.g. computer, smartphone, or tablet). When you visit a website. Similar technologies such as tags, trackers, and web beacons may also be used (collectively referred to as “Cookies”). These tools help us, and our partners, understand how you interact with our Webshop and services.

 9.2 Why do we use cookies? Cookies can be used to:

  • Enable Webshop functionality (e.g. shopping cart, login);
  • Improve performance and user experience;
  • Conduct analytics and A/B testing
  • Show personalized ads and product recommendations;
  • Track marketing effectiveness across platforms;
  • Enable social media and affiliate integrations.

9.3 Cookies used on this website

Cookie Type

Purpose

Services/Tools Used

Personal Data Collected

Can Be Refused?

Strictly Necessary Cookies

Essential for site functionality (e.g. privacy settings, logging in, forms). Blocking may affect site operation.

First party cookies: Onetrust, CloudFlare

Others: creativecdn.com, mgid.com, CloudFoundry

No Personal data

 No

Functional Cookies

Enable enhanced features & personalization. Some services may not work without them.

First party cookies:  Zopim Live Chat ID, _flowbox,
simplybusiness.co.uk, Javascript, billabong.com

Others: Swogo, Zendesk

Possibly anonymous usage data

Yes

Performance Cookies

Analyse visits and traffic for site improvement. Data is aggregated and anonymous.

First party cookies: Google analytics, Hotjar, _hjSession_xxxxxx, Google conversion tracking cookies, Microsoft Bing Ads,

Others: staticw2.yotpo.com,
us.ck-ie.com

No Personal data (aggregated usage data only)

Yes

Targeting Cookies

Used by advertising partners to show relevant ads based on browsing profile.

First Party: Bing, demandware ecommerce, Facebook, Criteo.

Others:
ih.adscale.de, youtube, Skroutz, RTBHouse, AppNexus Inc, Casale Media, Criteo, Media.net, Pulsepoint, Adscale, RhythmOne, Yahoo, Bing, NetworkAd.net, Mediavine, Underdog Media, Adobe Audience Manager, IPONWEB,  Pubmatic partners, Yahoo, Doubleclick, Adtarget, Unruly Media,  Adobe Audience Manger, Tremor Video,

Pseudonymous profile data (no direct Personal data )

Yes

Affiliate Cookies

Track referral and sale attribution from partners.

Facebook

No Personal data

Yes

Note: the specific details for each cookie category and each cookie can be found on the cookie banner on the Webshop.

9.4 Accepting and Declining Cookies

9.4.1 When you visit vidaXL.co.uk, a cookie banner will appear at the bottom of the Webshop. You have the following options:

  • Accept all cookies: this includes essential, analytical and marketing cookies.
  • Personalize settings:
    • you can opt in to analytical and marketing cookies.
    • If you do not opt in and click “save settings” only essential cookies will be used.
  • Refuse all cookies: only strictly necessary cookies will be used.

9.4.2 Other cookie management options. You may also can control cookie usage by adjusting settings in your browser. Because each browser is different, vidaXL recommends referring to your browser’s help section or device manual for instructions. You can delete cookies manually from your computer, tablet or phone’s hard drive. Refer to your browser or device guide for instructions. If cookies are fully disabled, some functionality of the vidaXL Webshop may no longer work properly.

10. HOW TO MAKE A CLAIM

10.1 Data Protection Officer (DPO). vidaXL has appointed a DPO in accordance with Article 37 of the UK GDPR. The DPO is responsible for:

  • Monitoring compliance with the GDPR and other applicable data protection laws;
  • Advising the company and its employees on data protection obligations;
  • Serving as a contact point for Data Subjects and the Supervisory Authority;
  • Conducting risk assessments and advising on data protection impact assessments;
  • Ensuring Data Subject rights are upheld properly and timely.

10.2 How can I contact the Data Protection Officer?

10.2.1 If you have any questions or concerns about how your Personal data is handled, or if you wish to exercise your data protection rights, you may contact the DPO directly.

You can contact our DPO at:

Attn: Data Protection Officer

vidaXL

Mary Kingsleystraat 1

5829 SK Venlo

The Netherlands

10.2.2 If you're not satisfied with how we’ve handled your concern, or if you believe we are not Processing your Personal data lawfully, you have the right to lodge a complaint with the relevant data protection authority: 


Information Commissioner’s Office (ICO) 
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Website:

10.2.2 If you're not satisfied with how we’ve handled your concern, or if you believe we are not Processing your Personal data lawfully, you have the right to lodge a complaint with the relevant data protection authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

Website: https://ico.org.uk

Telephone: +44 (0)303 123 1113

11. CHANGES TO THIS NOTICE

The contents of this Privacy Policy and Cookie Statement can be amended. The most current version can always be found on the vidaXL Webshop. vidaXL advises that you regularly check this Privacy Policy and Cookie Statement, at least before you provide vidaXL with Personal data.