PRIVACY POLICY AND COOKIE STATEMENT – VIDAXL.CO.UK
version 2025.1
This Privacy Policy and Cookie statement applies to the Processing of Personal data in connection with purchases and activities on this website.
The website is operated by vidaXL Marketplace International B.V., a company registered in the Netherlands, and which facilitates transactions and operates the online sales platform. Products sold through the website are offered by HBI Commerce LTD – C/O Tmf Group.
Throughout this Policy, “vidaXL” refers to vidaXL Marketplace International B.V., HBI Commerce LTD – C/O Tmf Group and, where relevant, to other vidaXL related entities involved in operating, servicing, or supporting the Webshop.
SUMMARY:
Category |
Details |
Who Collects Data? |
vidaXL Marketplace International B.V. (Webshop operator), HBI Commerce LTD – C/O Tmf Group (Product seller), Other third parties depending on interaction (see Section 4 of policy). |
Legal Basis & Processing Processing Scenarios |
Contract performance, legal obligation, legitimate interest, consent, or judicial claims. Examples: • Visitors → IP, device, behaviour data (analytics/personalization) • Customers → Contact data for order & support • Account holders → Login, order tracking, fraud prevention • Orders/Payments → Billing & delivery info processed securely • Auctions → Bidding data collected to ensure fair use • Wish lists → Stored to personalize experience • Reviews → Shared directly or via partners, used for verification • Customer service → Calls, emails, chats logged; calls may be recorded • Newsletter → Sent via consent or legitimate interest |
Data Sharing |
Shared with joint/independent controllers (e.g. payment, delivery, marketing), |
Your Rights |
Access, rectify, erase, restrict, object, request portability, |
International Transfers |
Data may be transferred outside the EEA with safeguards such as Standard Contractual Clauses. |
Data Retention |
Retained only as needed, e.g. 10 years for tax, 2 years for inactive accounts. |
Security Measures |
Technical (SSL/TLS), organizational (staff training, limited access), |
Cookies & Trackers |
Used for functionality, analytics, personalization, ads. |
CONTENTS
2. WHO COLLECTS PERSONAL DATA?
3. LEGAL BASIS AND PROCESSING ACTIVITIES
3.2.1 WEBSHOP VISITORS (collection may vary depending on your cookie settings).
3.2.2 WEBSHOP CUSTOMERS. Same as above, plus:
3.2.8 Customer Service Interactions
4. WHO WE SHARE YOUR DATA WITH
7. HOW LONG WILL MY DATA BE KEPT?
8. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?
In this Privacy and Cookie statement, the following terms are used with the meanings defined below:
Webshop: The online store accessible via www.vidaXL.co.uk andany other website,application,or URL designated by vidaXL for the online sale of products.
Interaction: The use of features on the Webshop such as creating a Wish List, completing a Checkout,subscribing to the Newsletter,using "My Account," participating in Auctions,using the Chat function, or engaging with other interactive functionalities.
WebShop Visitor: a customer visiting the Web Shop for the first time that does not interact with the Web Shop.
Web Shop Customer: a customer who interacts with the Web Shop.
Account: the account a customer has to create through the Webshop to be able to place an order.
Privacy Policy and Cookie Statement: vidaXL’s Privacy Policy and Cookie Statement.
All terms used in this Privacy Policy and Cookie statement that are defined in under the UK General Data Protection Regulation (hereinafter referred to as “UK GDPR”) and the Data Protection Act 2018 shall have the meaning assigned to them in the UK GDPR, including but not limited to: “Personal data”, “Processing”, “Pseudonymisation”, “Recipient”, “Third Party”, “Consent”, “Personal data breach”, “Supervisory Authority”, “Cross-border processing”, “Controller”, “Processor”, “Data subject”, and “Data Protection Officer”.
2.1 Your Personal data may be collected and processed by multiple parties depending on how you interact with the Webshop.
2.2 Responsibility for your data.
2.2.1 Main Controllers (collectively referred herein as vidaXL):
2.2.2 Other entities involved. Depending on your Interaction, your data may also be processed by other entities the list of which is provided under article 4.
We process your Personal data only when we have a valid legal basis. Under the UK GDPR, the following lawful grounds may apply:
Legal Basis | Explanation |
Contract Performance | To fulfil a contract or to take steps at your request before entering a contract |
Legal Obligation | To comply with legal and regulatory obligations |
Legitimate Interest | When we (or a Third Party) have a business or commercial reason to use your data, balanced against your rights |
Consent | When you have given clear and explicit permission |
Legal Claims |
When necessary to establish, exercise, or defend legal claims |
Public Interest | Not applicable to our current Processing activities |
In the below tables, we have highlighted the core types of data and how they’re processed by vidaXL.
3.2.1 WEBSHOP VISITORS (collection may vary depending on your cookie settings).
Data |
Purpose |
Legal Basis |
IP Address, Device Type, Referrer, Country, Browsing Behaviour |
To optimize the user experience, load correct version, analyse Webshop usage, and display ads |
Legitimate interest, Consent |
3.2.2 Webshop Customers. Same as above, plus:
Data |
Purpose |
Legal Basis |
Contact info, Preferences, Ordered Products |
Order fulfilment, personalized suggestions, customer support |
Contract, Legitimate Interest, Consent |
Data |
Purpose |
Legal Basis |
Name, Email, Password |
Manage user Account, track orders, handle abuse |
Contract, Legitimate Interest |
Data |
Purpose |
Legal Basis |
Name, Address, Contact Info, Payment Method, IP Address |
Order delivery, billing, fraud prevention |
Contract, Legitimate Interest, Legal Obligation |
Data |
Purpose |
Legal Basis |
Bidder nickname |
Enable bidding functionality; transparency during auction |
Contract, Legitimate Interest |
Account/order info linked to auction |
Prevent abuse, manage disputes, process auction outcomes |
Legitimate Interest |
When you create your own Wish List in our Webshop and add products to your Wish List while logged out they will remain on the list for 30 days. If you add products to your Wish List while logged in you can always find them under Wish List in My Account.
Data |
Purpose |
Legal Basis |
Wishlist items |
Remember saved preferences, show relevant offers |
Legitimate Interest, Consent |
IP address, browsing behaviour |
Associate items with session, improve experience |
Consent (cookies), Legitimate Interest(logged-in personalization) |
vidaXL enables customers to review products and services after placing an order. These reviews help us improve our services and inform other customers. Additionally, we may invite you to participate in customer satisfaction surveys. The data collected varies based on the type of review or survey and who is managing the Interaction (vidaXL or a Third Party).
3.2.7.1 Product and service review managed by vidaXL.
Data |
Purpose |
Legal Basis |
Name, email address, product purchased, order number, residence (for service reviews) |
Display with review, enable contact in case of complaints, link review to order, allow follow-ups on complaints, associate review with specific items, verify reviewer is a customer, understand customer region for context |
Legitimate Interest, Consent |
3.2.7.2 Reviews submitted via third-party platforms. When clicking “Write a review” or similar links on our Webshop, you may be redirected to a third-party review platform (one of vidaXL’s contracted partners). These parties collect and process your data under their own privacy policies. vidaXL does not control how they handle your information.
Data |
Purpose |
Legal Basis |
Name, email address |
Display on third-party site, customer verification |
Consent (via Third Party) |
Note: we invite you to consult the Third Party’s privacy policy before submitting a review.
3.2.7.3 Comparison sites with review functionality. You may also review vidaXL through independent comparison sites showing our product listings.
Data |
Purpose |
Legal Basis |
Name, email address |
Contact in case of complaints, display on platform |
Consent, Legitimate interest |
3.2.7.4 Customer satisfaction surveys. After you purchase or interact with our customer service, you may be invited to complete a customer satisfaction survey. These surveys are conducted by Third Party service providers on behalf of vidaXL.
Data |
Purpose |
Legal Basis |
Name, email address and/or phone number, experience details, order information, IP-address, feedback text |
Contact for feedback, validate input, distribute survey, follow-up if needed, improve services and training, link experience to specific transaction, prevent multiple entries form the same user, evaluate quality service |
Consent, Legitimate interest |
3.2.8 Customer Service Interactions.
You may contact vidaXL’s customer service to ask questions, request support, or file complaints. Contact options include phone, email, chat, or the online complaints form available on our Webshop. We collect and process Personal data to respond to and manage your request.
3.2.8.1 Customer Service interactions.
Data |
Purpose |
Legal Basis |
First and last name, email address, phone number, order number (operational/if applicable), description of the issue/question |
Identify the customer and personalize service, respond to inquiries and send updates, contact for real-time or follow-up support, identify purchase for compliant handling, understand and resolve your requests |
Legitimate Interest, Contract Performance |
Chat-specific: first and last name, email, chat subject |
Live assistance |
Legitimate Interest, Contract Performance |
Where Processing is required to comply with applicable consumer protection or tax laws, the legal basis may also be a legal obligation.
3.2.8.2 Recording of interactions. Phone conversations with customer service may be recorded for the following purposes:
Data |
Purpose |
Legal Basis |
Voice recording of the call |
Staff training, service improvement, complaint validation |
Legitimate Interest, Consent (with notice at call start) |
Note: you will always be informed when a call is being recorded. Recordings are secured and retained only as long as necessary for the stated purpose and not more than 28 days
Data |
Purpose |
Legal Basis |
Name, Email, Preferences |
Send general and personalized marketing communications |
Consent (opt-in), Legitimate Interest (existing customer) |
4.1 vidaXL shares your Personal data with various third parties for the purposes of fulfilling your orders, providing services, maintaining our operations and complying with legal obligations. These Recipients can be categorized as Independent or Joint Controllers or Processors under UK GDPR.
4.2 Independent or Joint Controllers. These entities determine, independently or jointly with vidaXL, the purposes and means of Processing Personal data:
Entity |
Purpose |
Legal Basis |
Customer Service Providers (vidaXL related entity) |
Handling customer inquiries and complaints |
Contract Performance, Legitimate Interest |
Payment Service Providers (PSPs) (e.g., PayPal, Klarna, Visa, Adyen) |
Secure payment processing |
Contract Performance, Legal Obligation |
Logistics Companies |
Delivery and return of orders |
Contract Performance |
Marketing & Survey Providers |
Newsletter delivery, customer feedback |
Consent, Legitimate Interest |
Product Development / Quality Teams |
Analyse anonymized feedback for improvements |
Legitimate Interest |
Note: this list may not be exhaustive.
4.3 Processors.These entities process Personal data strictly on vidaXL’s instructions under article 28 UK GDPR:
Processor Type |
Purpose |
Cloud Hosting & IT Infrastructure |
Website and systems operation |
CRM & Customer Service Systems |
Customer Interaction and support tracking |
Email/Newsletter Platforms |
Newsletter delivery and opt-in handling |
Chat and Interaction Tools |
Real-time customer support |
Debt collection services |
Subcontracting debt collection |
Customer Service Providers (external) |
Handling customer complaints on behalf of vidaXL |
Note: this list may not be exhaustive.
4.4 Subprocessors. Where vidaXL’s processors rely on subprocessors, the following measures are in place:
- There is a binding agreement with the subprocessor;
- The obligations mirror or exceed those in our Data Processing Agreements;
- Subprocessors are vetted for adequate safeguards.
4.5 Other specific external recipients. vidaXL may share Personal data with the following parties:
Category |
Examples |
Purpose |
Legal Basis |
Public Bodies |
Tax Authority, Financial Conduct Authority, Police, Customs |
Legal compliance, fraud prevention |
Legal Obligation |
Financial & Fraud Control Partners |
Anti-fraud, debt recovery agencies |
Risk management |
Legitimate Interest |
Marketing Partners |
Print/mail services, email marketing |
Marketing & content customization |
Consent, Legitimate Interest |
External counsels |
Law firms, accountants |
Litigation, compliance |
Legitimate Interest |
4.6 Restructuring or corporate changes. In the event of a sale, merger, or restructuring of vidaXL or its affiliates, your Personal data may be shared with prospective buyers or group entities under strict confidentiality and only as permitted under UK GDPR.
5.1 Under data protection legislation, you have rights including:
Please note that these rights are not absolute. For example, if you request erasure of your Personal data, we may still need to retain certain details to comply with legal obligations (e.g. tax regulations).
5.2 How to exercise your rights. You can exercise your rights in the following ways:
By post:
vidaXL
Mary Kingsleystraat 1
5928 SK Venlo
The Netherlands
(Please include your full name, postal address, email address, and—if available—your customer reference number to help us locate your data.)
By email webservice@vidaxl.co.uk
By phone 0203 808 5745
5.3 Consequences of exercising a right under the GPDR. You are not required to pay any fare for exercising your rights. If you make a request, we have one month to respond to you. If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the relevant Data Protection Authority referred to under Section 10 of this Policy.
6.1 vidaXL operates within an international corporate network of affiliated and contractually linked companies (referred to as the “vidaXL consortium”). While some companies are part of the same legal group, others operate under the vidaXL brand through close commercial and operation collaboration. These companies are located both within and outside the UK and European Economic Area (hereinafter referred to as EEA).
6.2 Access within the vidaXL consortium. Personal data may be transferred by vidaXL entities, affiliates, third parties located in the following countries depending on operational requirements:
Each of these entities only accesses Personal data as required to perform their contractual role (logistics, customer service, IT supports, etc.).
6.3 Transfers outdside the Uk and non-EEA countries. Where Personal data is processed outside the UK or EEA – whether by vidaXL entities, contractors, or third-party service providers – we ensure that such transfers are protected by adequate safeguards under UK GDPR. These include:
Some external Processors or service providers located in non-EEA countries (e.g. Google, Meta, Amazon, Web Services, etc.) may process Personal data under these safeguards.
7.1 vidaXL does not retain your Personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law (e.g. for tax, accounting, regulatory or legal claims). The retention period depends on the nature of the data and Processing purposes and may vary accordingly.
7.2 To ensure compliance with article 5(1)(e) of the UK GDPR, which requires Personal data to be kept no longer than is necessary, we apply the following general criteria and statutory obligations when determining data retention durations in UK:
Type of data |
Purpose |
Retention Period |
Legal Basis/Justification |
Order and transaction data |
Fulfilling contracts, customer service, accounting |
Up to 10 years |
Revenue requirement (e.g. UK tax law and Regulation (EU) 282/2011), accounting obligations |
Customer Service Interactions |
Complaint resolution, service quality monitoring |
Up to 2-5 years (depending on issue) |
Legitimate interest in defending claims, training and service improvement |
Review and Survey responses |
Displaying reviews, service feedback |
Up to 2 years |
Consent, legitimate interest for internal quality improvement |
Email Communications (e.g. newsletters) |
Marketing, service updates |
Until withdrawal of Consent |
Consent under PECR or UK GDPR |
Inactive Account Data |
Fraud prevention, legal protection |
Typically deleted after 2 years inactivity |
Legitimate interest in preventing abuse; limitation period for civil claims |
Chat Transcripts |
Customer service reference |
Up to 2-5 years (depending on issue) |
Legitimate interest in improving customer experience |
Customer contact info, purchase history, product serials, delivery records |
Consumer warranties |
As long as required by regulators |
Consumer Rights Ac 2015 and warranty law |
Same as above, plus complaint handling records, support communications |
Product Liability Claims |
As long as required by regulators |
Consumer Protection Act 1987; Statute of Limitations |
Customer and product information necessary to identify affected users and perform notification |
Product Recalls / Safety Notices |
As long as required by regulators |
General Product Safety Regulations 2005 |
Customer Interaction data relevant to claims |
Legal Claims |
Up to the applicable status of limitation as provided in law |
Law governing limitation periods (e.g. Limitation Act 1980) |
7.3 Archiving and deletion. Once the applicable retention period expires, your Personal data will either be securely deleted, anonymised or archived in a way that it is no longer accessible or identifiable unless further retention is legally required.
8.1 General principles. vidaXL takes appropriate technical and organizational measures to protect your Personal data against unauthorized or unlawful Processing and against accidental loss, destruction or damage. These measures are proportionate to the sensitivity of the data, the scope of our activities, the volume of data processed, and the potential risks involved. We apply the principles of data protection by design and by default as required by article 25 of the GDPR.
8.2 Examples of security measures implemented. To safeguard your data, vidaXL employs the following categories of measures:
Category |
Examples of Measures |
Technical Security |
|
Organizational security |
|
Monitoring and Response |
|
Data minimization and retention |
|
8.3 Your responsibility. We also expect you to take steps to protect your Personal data by, for instance, always keeping your login credentials confidential, using a strong password and avoid using the same password for multiple accounts, log out when using public or shared devices, immediately notify vidaXL or any suspected misuse of your Account.
9.1 What are cookies, tags and trackers? Cookies are small text files stored on your device (e.g. computer, smartphone, or tablet). When you visit a website. Similar technologies such as tags, trackers, and web beacons may also be used (collectively referred to as “Cookies”). These tools help us, and our partners, understand how you interact with our Webshop and services.
9.2 Why do we use cookies? Cookies can be used to:
9.3 Cookies used on this website
Cookie Type |
Purpose |
Services/Tools Used |
Personal Data Collected |
Can Be Refused? |
Strictly Necessary Cookies |
Essential for site functionality (e.g. privacy settings, logging in, forms). Blocking may affect site operation. |
First party cookies: Onetrust, CloudFlare
Others: creativecdn.com, mgid.com, CloudFoundry |
No Personal data |
No |
Functional Cookies |
Enable enhanced features & personalization. Some services may not work without them. |
First party cookies: Zopim Live Chat ID, _flowbox,
Others: Swogo, Zendesk |
Possibly anonymous usage data |
Yes |
Performance Cookies |
Analyse visits and traffic for site improvement. Data is aggregated and anonymous. |
First party cookies: Google analytics, Hotjar, _hjSession_xxxxxx, Google conversion tracking cookies, Microsoft Bing Ads,
Others: staticw2.yotpo.com, |
No Personal data (aggregated usage data only) |
Yes |
Targeting Cookies |
Used by advertising partners to show relevant ads based on browsing profile. |
First Party: Bing, demandware ecommerce, Facebook, Criteo.
Others: |
Pseudonymous profile data (no direct Personal data ) |
Yes |
Affiliate Cookies |
Track referral and sale attribution from partners. |
|
No Personal data |
Yes |
Note: the specific details for each cookie category and each cookie can be found on the cookie banner on the Webshop.
9.4 Accepting and Declining Cookies
9.4.1 When you visit vidaXL.co.uk, a cookie banner will appear at the bottom of the Webshop. You have the following options:
9.4.2 Other cookie management options. You may also can control cookie usage by adjusting settings in your browser. Because each browser is different, vidaXL recommends referring to your browser’s help section or device manual for instructions. You can delete cookies manually from your computer, tablet or phone’s hard drive. Refer to your browser or device guide for instructions. If cookies are fully disabled, some functionality of the vidaXL Webshop may no longer work properly.
10.1 Data Protection Officer (DPO). vidaXL has appointed a DPO in accordance with Article 37 of the UK GDPR. The DPO is responsible for:
10.2 How can I contact the Data Protection Officer?
10.2.1 If you have any questions or concerns about how your Personal data is handled, or if you wish to exercise your data protection rights, you may contact the DPO directly.
You can contact our DPO at:
Attn: Data Protection Officer
vidaXL
Mary Kingsleystraat 1
5829 SK Venlo
The Netherlands
10.2.2 If you're not satisfied with how we’ve handled your concern, or if you believe we are not Processing your Personal data lawfully, you have the right to lodge a complaint with the relevant data protection authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Website:
10.2.2 If you're not satisfied with how we’ve handled your concern, or if you believe we are not Processing your Personal data lawfully, you have the right to lodge a complaint with the relevant data protection authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Website: https://ico.org.uk
Telephone: +44 (0)303 123 1113
The contents of this Privacy Policy and Cookie Statement can be amended. The most current version can always be found on the vidaXL Webshop. vidaXL advises that you regularly check this Privacy Policy and Cookie Statement, at least before you provide vidaXL with Personal data.