Last Updated: January 10, 2026
1. Data Controller Identification
The Data Controller for pinex.co.uk is PineX LTD, Company Number 11218552, with a registered office at 34 Trentbridge Cl, Ilford, Essex, England, IG6 3DG. For all privacy inquiries, please contact our Data Compliance Team at support@pinex.co.uk.
The Data Controller for pinex.co.uk is PineX LTD, Company Number 11218552, with a registered office at 34 Trentbridge Cl, Ilford, Essex, England, IG6 3DG. For all privacy inquiries, please contact our Data Compliance Team at support@pinex.co.uk.
2. Legal Basis for Processing
Under the UK General Data Protection Regulation, we process personal data based on:
Under the UK General Data Protection Regulation, we process personal data based on:
- Contractual Necessity:Â Processing required to fulfill purchase orders and deliver high-ticket goods.
- Recognised Legitimate Interests: As defined by the Data (Use and Access) Act 2025, we process data for fraud prevention, network security, and internal administration without a balancing test.
- Legal Obligation:Â Processing required for HMRC tax records and regulatory compliance.
- Consent:Â Voluntarily provided for marketing communications and non-essential analytical cookies.
3. International Data Transfers (Special Disclosure)
To facilitate the fulfillment of specialized high-ticket orders, PineX transfers your Identity and Contact Data to third-party suppliers located in China. These transfers are conducted under the following safeguards:
To facilitate the fulfillment of specialized high-ticket orders, PineX transfers your Identity and Contact Data to third-party suppliers located in China. These transfers are conducted under the following safeguards:
- Data Protection Test:Â We ensure the level of protection in the recipient country is “not materially lower” than UK standards, as mandated by the 2025 Act.
- Standard Clauses: We utilize the International Data Transfer Agreement (IDTA) or the UK Addendum to ensure your rights remain enforceable overseas.
4. Automated Decision-Making (ADM)
We may use automated systems to process your data for fraud screening during checkout.
We may use automated systems to process your data for fraud screening during checkout.
- Rights:Â Under the 2025 Act, you have the right to challenge any significant automated decision, request human intervention, and express your point of view.
- Logic:Â Our systems evaluate transaction patterns and IP data to mitigate risk.
5. Cookie & Tracking Technologies
In accordance with the latest Privacy and Electronic Communications Regulations (PECR) updates:
In accordance with the latest Privacy and Electronic Communications Regulations (PECR) updates:
- Exemptions:Â Consent is not required for non-intrusive cookies used for website analytics, performance improvement, or security.
- Transparency: Users are informed of all active trackers via our Cookie Management Tool and may opt out of non-essential tracking at any time.
6. Your Data Rights & The Complaints Process
You have the right to access, rectify, or erase your data, and to restrict or object to its processing.
You have the right to access, rectify, or erase your data, and to restrict or object to its processing.
- Subject Access Requests (SARs):Â We conduct “reasonable and proportionate” searches for your data. We may “stop the clock” on our 30-day response window if identity verification or clarification is required.
- Complaints: You must lodge complaints with us directly in the first instance. We will acknowledge your complaint within 30 days. If unsatisfied, you may escalate to the Information Commissioner’s Office (ICO).
7. Data Retention
We retain transactional data for a period of 6 years to satisfy UK statutory tax and financial reporting requirements. Personal data used for marketing is retained until consent is withdrawn.
We retain transactional data for a period of 6 years to satisfy UK statutory tax and financial reporting requirements. Personal data used for marketing is retained until consent is withdrawn.