Last Updated: March 2026
1. WHO WE ARE
DirectCutting.com ("we", "us", "our") is the online trading domain of Direct Cutting Limited, a company registered in England and Wales.
Company Registration Number: 16325632
Registered Office: 23 Chester Road, Streetly, Sutton Coldfield, England, B74 2HP
Trading Address: Unit 215-217 Sams Lane, West Bromwich, West Midlands, B70 7EX
VAT Number: GB 511 1465 37
Contact Details:
Email:
[email protected]Phone: 0121 296 6307
Hours: Monday - Thursday, 9:30am - 1:30pm
For data protection queries, contact us at:
[email protected]2. WHAT PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data:
When You Place an Order:
Full name
Email address
Phone number
Billing address
Delivery address (if different)
Order history and purchase records
Product preferences and specifications (including custom measurements for bespoke items)
Payment Information:
Payment method details (processed securely via Stripe or PayPal)
We do NOT store complete credit/debit card numbers on our servers
Transaction records (for accounting and VAT purposes)
Business Customer Information:
Company name and registration details
VAT registration number
Business contact details
Purchase order references
Website Usage Data:
IP address
Browser type and version
Operating system
Pages visited and time spent on pages
Referring website
Cookies (see our Cookie Policy for details)
Communications:
Emails you send us
Phone call records (for quality and training purposes)
Live chat transcripts (if you use our chat service)
Customer service correspondence
Marketing Data:
Email marketing preferences
Marketing consent records
Engagement with our marketing emails (open rates, click rates)
3. HOW WE COLLECT YOUR DATA
We collect personal data:
Directly from you: When you create an account, place an order, contact us, sign up for newsletters, or use our website
Automatically: Through cookies and similar technologies when you browse our website
From third parties: Payment confirmation from Stripe/PayPal, delivery updates from couriers
4. WHY WE USE YOUR DATA (LEGAL BASIS)
We process your personal data under the following legal bases as defined by UK GDPR:
Contractual Necessity (Article 6(1)(b)):
Processing and fulfilling your orders
Arranging delivery
Processing payments and refunds
Providing customer service and support
Managing your account
Legal Obligation (Article 6(1)(c)):
Maintaining accounting records for 7 years (Companies Act 2006)
Retaining VAT records (HMRC requirements)
Complying with tax obligations
Responding to legal requests or court orders
Legitimate Interests (Article 6(1)(f)):
Fraud prevention and detection
Improving our website and services
Analyzing customer behavior to enhance user experience
Internal business administration
Network and information security
Marketing to existing customers (who have purchased from us)
You have the right to object to processing based on legitimate interests.
Consent (Article 6(1)(a)):
Sending marketing emails to non-customers (you can withdraw consent anytime)
Using non-essential cookies (you can manage cookie preferences)
Storing your payment preferences for future orders
5. HOW WE SHARE YOUR DATA
We share your personal data with the following categories of recipients:
Payment Processors:
Stripe and PayPal - to process secure payments
These providers have their own privacy policies:
stripe.com/privacy |
paypal.com/privacyDelivery Couriers:
Courier companies (e.g., DX, DPD, Parcelforce) - to deliver your orders
We share: name, delivery address, phone number, order details
IT Service Providers:
Website hosting providers (Cloudways)
Email service providers
Cloud storage providers
These providers are data processors acting on our instructions
Professional Advisors:
Accountants, auditors, lawyers (where necessary for business operations)
Legal Requirements:
Law enforcement, regulators, or courts (where required by law)
We NEVER:
Sell your personal data to third parties
Share your data for third-party marketing purposes without your explicit consent
Transfer data outside the UK without appropriate safeguards
6. INTERNATIONAL DATA TRANSFERS
Your data is primarily stored and processed within the United Kingdom.
Where we use service providers that may process data outside the UK (e.g., cloud services), we ensure:
Adequate data protection safeguards are in place
Transfer mechanisms comply with UK GDPR (e.g., Standard Contractual Clauses, adequacy decisions)
We do not intentionally transfer personal data to countries without adequate data protection laws.
7. COOKIE POLICY
We use cookies on DirectCutting.com to ensure the website functions correctly, analyse site performance, and deliver relevant advertising. Cookies are small text files stored on your device when you visit our site.
We use the following categories of cookies:
Necessary — Required for the website to function (shopping cart, login sessions, payment processing). Always active.
Analytics — Help us understand how visitors use our site (e.g. Google Analytics). Only active with your consent.
Advertisement — Used to measure and improve the effectiveness of our advertising (e.g. Google Ads). Only active with your consent.
Functional — Remember your preferences and settings. Only active with your consent.
You can manage your cookie preferences at any time using our cookie consent banner or by clicking the cookie preferences icon on our site. For full details of all cookies we use, see our
Cookie Policy.
8. YOUR RIGHTS UNDER UK GDPR
You have the following rights regarding your personal data:
Right of Access (Article 15):
Request a copy of the personal data we hold about you (Subject Access Request)
Right to Rectification (Article 16):
Correct inaccurate or incomplete personal data
Right to Erasure / "Right to be Forgotten" (Article 17):
Request deletion of your data (subject to legal retention obligations)
Right to Restriction of Processing (Article 18):
Request we limit how we use your data in certain circumstances
Right to Data Portability (Article 20):
Receive your data in a structured, machine-readable format
Right to Object (Article 21):
Object to processing based on legitimate interests
Object to direct marketing (we will stop immediately)
Rights Related to Automated Decision-Making (Article 22):
Not be subject to solely automated decisions (see section 11 below)
Right to Withdraw Consent:
Where processing is based on consent, you can withdraw it anytime
How to Exercise Your Rights:
Email us at:
[email protected] with "Data Rights Request" in the subject line.
We will respond within 1 month (extendable to 3 months for complex requests).
There is usually no fee for exercising your rights, unless your request is manifestly unfounded or excessive.
9. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data:
Technical Measures:
SSL/TLS encryption for data transmission (https://)
Secure hosting infrastructure
Regular software and security updates
Password-protected admin systems
Encrypted data backups
Payment data processed via PCI-DSS compliant providers (Stripe, PayPal)
Organizational Measures:
Access controls (only authorized staff can access personal data)
Staff training on data protection
Confidentiality agreements with staff and suppliers
Regular security reviews
Data breach response procedures
Your Responsibility:
Keep your account password secure
Do not share login credentials
Log out after using public computers
10. DATA BREACHES
In the event of a personal data breach that poses a risk to your rights and freedoms:
We will notify the ICO within 72 hours
We will notify affected individuals without undue delay
We will take immediate steps to contain and remedy the breach
If you suspect a security breach, contact us immediately at:
[email protected]11. AUTOMATED DECISION-MAKING AND PROFILING
We do not use automated decision-making or profiling that produces legal effects or significantly affects you.
We may use basic analytics to understand customer behavior (e.g., popular products, website navigation patterns), but this does not involve automated decisions about individuals.
12. CHILDREN'S PRIVACY
Our website and products are not directed at children under 16. We do not knowingly collect personal data from children.
If you are under 16, please do not provide personal data through our website. If we become aware we have collected data from a child under 16, we will delete it promptly.
Parents/guardians: If you believe your child has provided us with personal data, contact us at
[email protected]13. THIRD-PARTY LINKS
Our website may contain links to third-party websites (e.g., manufacturers, suppliers, social media).
We are not responsible for the privacy practices of third-party websites. Please review their privacy policies before providing personal data.
14. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect:
Changes in our data processing practices
Legal or regulatory requirements
New features or services
The "Last Updated" date at the top shows when changes were last made.
Significant changes will be communicated via:
Prominent notice on our website
Email notification (for account holders)
Continued use of our website after changes constitutes acceptance of the updated policy.
15. COMPLAINTS AND SUPERVISORY AUTHORITY
Internal Complaints:
If you have concerns about how we handle your personal data, please contact us first:
Email:
[email protected]Phone: 0121 296 6307
We will investigate and respond within 10 working days.
External Complaints:
You have the right to lodge a complaint with the UK's data protection supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
16. MARKETING COMMUNICATIONS
How We Use Your Data for Marketing:
If you are an existing customer, we may send you marketing emails about similar products/services based on our legitimate interests
If you are not a customer, we will only send marketing emails if you have opted in
Unsubscribe:
Every marketing email includes an unsubscribe link. Alternatively, email
[email protected] with "Unsubscribe" in the subject.
We will process unsubscribe requests within 48 hours.
17. CONTACT US
For any questions about this Privacy Policy or how we process your data:
Email:
[email protected]Phone: 0121 296 6307
Post: Data Protection Officer, Direct Cutting Limited, Unit 215-217 Sams Lane, West Bromwich, West Midlands, B70 7EX
Office Hours: Monday - Thursday, 9:30am - 1:30pm
Response Time: We aim to respond to all queries within 2 working days
