Toggle Nav
Search
Advanced Search
My Cart
Menu
Account

Privacy Policy

1. Introduction

MAINNET Limited ("we", "our", "us") operates www.mainnet.uk. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with UK GDPR and the Data Protection Act 2018.

Data Controller: MAINNET Limited
Company Number: 15690096
Contact: admin@mainnet.uk | 020 3488 4346

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email, password, phone number
  • Business Information: Company name, VAT number, job title, department
  • Transaction Data: Billing/shipping addresses, order history, payment method (not full card details)
  • Communication Data: Support tickets, emails, phone call records (not recordings)
  • Marketing Preferences: Email opt-in/out, communication preferences

2.2 Information We Collect Automatically

  • Device Data: IP address, browser type, operating system, device ID
  • Usage Data: Pages visited, time on site, click paths, download errors
  • Location Data: Country and city (from IP address)
  • Cookie Data: See Section 3 for details

2.3 Information from Third Parties

  • Credit Reference Agencies: Experian, Equifax (B2B accounts only)
  • Companies House: Company verification data
  • Fraud Prevention: Action Fraud, CIFAS databases
  • Payment Processors: Transaction confirmations from Stripe

3. Cookies We Use

3.1 Essential Cookies (Always Active)

Cookie Purpose Duration
PHPSESSID Session management Session
form_key Security/CSRF protection Session
mage-cache-storage Local cache management Session
mage-messages Error/success messages Session
private_content_version Content versioning Session

3.2 Functional Cookies

Cookie Purpose Duration
recently_viewed_product Recently viewed items 30 days
product_data_storage Product comparisons 30 days
section_data_ids Customer segment data Session
store Store view selection 1 year

3.3 Analytics Cookies

Cookie Purpose Duration
_ga Google Analytics - User ID 2 years
_gid Google Analytics - Session 24 hours
_gat Google Analytics - Rate limit 1 minute
_gac_* Google Ads conversions 90 days

4. How We Use Your Information

4.1 Order Processing (Legal Basis: Contract)

  • Process and fulfill orders
  • Send order confirmations and updates
  • Process payments and refunds
  • Deliver products
  • Handle returns and warranties

4.2 Customer Service (Legal Basis: Contract/Legitimate Interests)

  • Respond to inquiries and support tickets
  • Provide technical support
  • Send service messages (non-marketing)
  • Manage your account

4.3 Legal Compliance (Legal Basis: Legal Obligation)

  • Maintain records for tax purposes (6 years per HMRC requirements)
  • Comply with court orders
  • Anti-money laundering checks
  • Export control compliance

4.4 Business Operations (Legal Basis: Legitimate Interests)

  • Fraud prevention and detection
  • Credit checking (B2B accounts)
  • Website security and performance
  • Business analytics and reporting
  • Product development

4.5 Marketing (Legal Basis: Consent/Legitimate Interests)

  • B2C: Only with explicit consent
  • B2B: Soft opt-in for existing customers (legitimate interests)
  • Send promotional emails
  • Display targeted ads
  • Market research

5. Who We Share Data With

5.1 Service Providers

  • Payment Processing: Stripe (PCI DSS compliant)
  • Sub-processors: Apple Pay, Google Pay via Stripe
  • Email: Zoho Mail
  • Analytics: Google Analytics
  • Advertising: Google Ads
  • Chat Widget: Firebase (Google)
  • Hosting: Amazon Web Services (AWS EU-West-1, Ireland)
  • Delivery: DPD, UPS, Royal Mail, FedEx
  • Credit Reference: Experian, Equifax (B2B only)

5.2 Legal Disclosures

We may disclose data to:

  • Law enforcement agencies
  • Courts and tribunals
  • Regulatory bodies (ICO, Trading Standards)
  • HMRC for tax purposes

5.3 Business Transfers

If we sell or merge our business, customer data may be transferred to the new owners.

6. International Transfers

Your data may be transferred outside the UK/EEA to:

  • USA: Google (Analytics, Firebase, Ads), Stripe - Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework
  • India: Zoho Mail - Standard Contractual Clauses (SCCs)

We ensure appropriate safeguards via:

  • Standard Contractual Clauses (SCCs) approved by UK ICO
  • Adequacy decisions where applicable
  • Data Processing Agreements with all processors
  • Encryption in transit and at rest

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal obligations.

Data Type Retention Period Reason
Customer accounts Active + 6 years after last activity Tax/legal requirements (HMRC)
Order records 6 years Tax/accounting (HMRC)
Payment records 6 years Financial regulations
Email marketing Until unsubscribe + 2 years Suppression list
Website analytics 26 months Google Analytics default
Support tickets 3 years Service improvement
Warranty records Warranty period + 1 year Legal obligations

8. Your Rights

Under UK GDPR, you have the following rights. For detailed information on how to exercise each right, please see our GDPR Rights page.

8.1 Right to Access

Request a copy of your data within 30 days, free of charge

8.2 Right to Rectification

Correct inaccurate or incomplete data

8.3 Right to Erasure

Request deletion except where we have legal obligations to retain

8.4 Right to Restrict Processing

Limit how we use your data in certain circumstances

8.5 Right to Data Portability

Receive your data in machine-readable format (CSV or JSON)

8.6 Right to Object

Object to processing based on legitimate interests or direct marketing

To exercise your rights: Email admin@mainnet.uk or call 020 3488 4346 with proof of identity. See our GDPR Rights page for full details.

9. B2B Specific Processing

For business customers, we additionally:

  • Perform credit checks via Experian/Equifax
  • Verify directors via Companies House
  • Check VAT numbers via HMRC/VIES
  • Share data with trade credit insurers
  • Report payment performance to credit agencies
  • Apply for credit insurance on large orders
  • Screen against sanctions lists (OFAC, EU, UN)

10. Security Measures

We protect your data using:

  • SSL/TLS encryption (HTTPS) for all data transmission
  • PCI DSS compliance for payment processing via Stripe
  • Encrypted database storage (AES-256)
  • Access controls and multi-factor authentication
  • Regular security audits and vulnerability scanning
  • Staff training and confidentiality agreements
  • Incident response and breach notification procedures
  • Daily automated backups with 30-day retention
  • Firewall protection and intrusion detection
  • Regular security patches and updates

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. B2B purchases require authority to bind your organization.

12. Marketing Communications

12.1 B2C Marketing

  • Only with explicit opt-in consent (checkbox, not pre-ticked)
  • Unsubscribe link in every email
  • Preference center available in account settings
  • Compliant with PECR (Privacy and Electronic Communications Regulations)

12.2 B2B Marketing

  • Soft opt-in for existing customers (you've purchased from us before)
  • Similar products and services only
  • Clear unsubscribe in every email
  • Corporate email addresses only (not personal emails)
  • PECR compliant

13. Automated Decision-Making

We use automated decision-making for:

  • Fraud prevention screening: Orders may be automatically declined if they trigger fraud indicators (mismatched billing, high-risk IP, unusual patterns)
  • Credit checks: B2B credit applications are automatically scored

You have the right to request human review of any automated decision. Email admin@mainnet.uk with "Automated Decision Review" in the subject line.

14. Third-Party Links

Our site may contain links to third-party websites (manufacturers, partners, social media). We are not responsible for their privacy practices. Please review their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this policy periodically to reflect changes in our practices or legal requirements. Material changes will be notified via:

  • Email notification to registered customers
  • Prominent notice on our website
  • "Last Updated" date at the top of this page

Continued use of our services after changes constitutes acceptance of the updated policy.

16. Complaints

If you're unhappy with our data handling:

  1. Contact us first: admin@mainnet.uk or 020 3488 4346
  2. Escalate internally: Request escalation to management
  3. Lodge a complaint with the ICO:
    • Website: ico.org.uk/make-a-complaint
    • Phone: 0303 123 1113
    • Live chat: Available on ICO website
    • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

17. Contact Information

Data Controller:
MAINNET Limited
Company Number: 15690096
86-90 Paul Street, 3rd Floor
London, EC2A 4NE
United Kingdom

Data Protection Contact:
Email: admin@mainnet.uk
Phone: 020 3488 4346

Business Hours:
Monday - Friday: 9:00 AM - 5:30 PM GMT
Email support available 24/7 with response within 1 business day

MAINNET Support

We typically reply within minutes

👋 Welcome!

How can we help you today?

End Chat Session?

This will clear your chat history and end the conversation.