Privacy Policy

NovaTech Systems is a trading name of Andrei Cosma, a sole trader registered in the United Kingdom. We operate an online store for custom PC systems and IT hardware components.

Data Controller: Andrei Cosma trading as NovaTech Systems
Registered Address: 184 Dalriada Crescent, Motherwell ML1 3XS, Scotland, UK
Email: contact@coscomtech.co.uk

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the address above. We are registered with the Information Commissioner's Office (ICO) as required under the UK GDPR.

We collect and process the following categories of personal data:

Account and Identity Data — Your first name, last name, and email address when you create an account or place an order.

Contact and Delivery Data — Your delivery address(es) and telephone number, used to fulfil and deliver your orders.

Transaction Data — Details of orders you have placed, including product details, quantities, prices, and order status. We do not store your full payment card details; payment processing is handled securely by Stripe, our PCI-DSS compliant payment provider.

Technical Data — IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, and other technology identifiers from the devices you use to access our website.

Usage Data — Information about how you use our website, products, and services, including pages visited and actions taken.

Communications Data — Any communications you send to us, including enquiries, support requests, and feedback.

We collect data in the following ways:

Directly from you — When you create an account, place an order, contact us by email or via our contact form, or subscribe to any communications from us.

Automatically — When you browse our website, we may collect technical and usage data via cookies and similar technologies. Please see our Cookie Policy for full details.

From payment providers — Stripe provides us with a payment reference and confirmation of payment status. We do not receive or store your full card details.

We only process your personal data when we have a lawful basis to do so under UK GDPR. The legal bases we rely on are:

Performance of a Contract — Processing your order, managing your account, arranging delivery, and handling returns and refunds. Without this data, we cannot fulfil your purchase.

Legal Obligation — We are required to retain certain financial and transaction records under UK tax law (HMRC requirements). We may also be required to disclose information to law enforcement or regulatory authorities where legally compelled.

Legitimate Interests — We may use your data to prevent fraud, improve our website and services, and maintain the security of our systems. We always balance these interests against your rights and only proceed where our interests are not overridden by yours.

Consent — Where we send you marketing communications, we will only do so with your explicit consent. You may withdraw consent at any time by contacting us or using the unsubscribe link in any marketing email.

We retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Order and transaction data — Retained for 7 years following the date of transaction to comply with HMRC record-keeping requirements.

Account data — Retained for as long as you maintain an active account with us, plus a further 12 months after account closure to handle any post-sale queries.

Communications — Retained for up to 3 years, or for as long as may be required for ongoing support or legal purposes.

Marketing consent records — Retained until you withdraw consent, plus a reasonable period thereafter as evidence of consent.

When data is no longer required, we securely delete or anonymise it.

We do not sell your personal data. We share it only with the following categories of third parties, and only to the extent necessary:

Stripe, Inc. — Our payment processing provider. Stripe processes payment card transactions on our behalf and is PCI-DSS Level 1 certified. Stripe's privacy policy is available at stripe.com/privacy. Stripe may process data outside the UK; where it does so, appropriate safeguards are in place including Standard Contractual Clauses and the UK adequacy framework.

Delivery and Courier Services — We share your name, delivery address, and contact details with our chosen courier or delivery partner(s) for the sole purpose of fulfilling your order.

Hosting and Infrastructure Providers — Our website is hosted on cloud infrastructure. These providers act as data processors under our instruction and are contractually bound to protect your data.

Legal and Regulatory Authorities — We may disclose your data to the police, courts, HMRC, or other regulatory bodies where required to do so by law.

We do not transfer your personal data to countries outside the UK/EEA without ensuring appropriate safeguards are in place in accordance with UK GDPR.

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

Right of Access — You have the right to request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one calendar month.

Right to Rectification — If any data we hold about you is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure — Also known as the "right to be forgotten". You may request that we delete your personal data where there is no compelling reason for us to continue processing it.

Right to Restriction — You may ask us to restrict the processing of your data in certain circumstances, for example while the accuracy of data is being contested.

Right to Data Portability — Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.

Right to Object — You have the right to object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds that override your interests.

Rights in Relation to Automated Decision-Making — We do not make any solely automated decisions (including profiling) that produce legal or similarly significant effects on you.

To exercise any of these rights, please contact us at contact@coscomtech.co.uk. You will not be charged a fee and we will respond within one calendar month of receiving your request (this may be extended by a further two months for complex requests, in which case we will notify you).

We use cookies and similar tracking technologies on our website. Cookies are small text files placed on your device when you visit a website. We use them for essential site functions (such as maintaining your shopping cart and login session) and, where you consent, for analytics purposes.

Please refer to our full Cookie Policy for detailed information about the cookies we use, their purposes, and how to manage your preferences.

We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These include:

- Encrypted connections (HTTPS/TLS) for all data in transit
- Secure password storage using industry-standard hashing
- Access controls limiting data access to those who need it
- Use of PCI-DSS compliant payment processing (Stripe)

Please be aware that no method of transmission over the internet or electronic storage is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify you without undue delay where required by law.

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites and we are not responsible for their privacy practices. We encourage you to read the privacy policy of any third-party website you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the "Last Updated" date at the top of this page. Where changes are material, we will notify you by email or by prominently displaying a notice on our website.

We encourage you to review this policy periodically to stay informed about how we are protecting your data.

If you have any concerns about how we handle your personal data, please contact us first at contact@coscomtech.co.uk and we will do our best to resolve the matter promptly.

If you remain dissatisfied, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk