Privacy Policy

NEXUS AUTO SPARES LTD

Privacy Policy

Last updated: 9 June 2026

Introduction

NEXUS AUTO SPARES LTD ("we", "us", "our") takes your privacy seriously. This policy sets out how we use and protect your personal data when you visit our website at www.nexusautospares.co.uk.

As the data controller, we are responsible for your personal data. We are registered in England and Wales and operate in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

What is personal data?

Personal data is any information about a person which identifies them, or which could be used together with other information to identify them.

 

What type of personal data do we collect?

We collect the following types of personal data:

       Identity information — e.g. your name and delivery address.

       Contact information — e.g. your email address and telephone number.

       Financial data — e.g. your payment details (processed securely via Shopify Payments; we do not store card details directly).

       Order information — e.g. details of products purchased, order history, and shipping information.

       Technical data — e.g. your IP address, browser type, and website usage data collected via cookies (see our Cookie Policy).

       Preference information — e.g. your marketing and communication preferences.

We do not knowingly collect sensitive personal data or data relating to children under the age of 16.

 

How do we collect your personal data?

We collect personal data when you:

       Place an order on our website.

       Create a customer account.

       Contact us by email or through any contact form on our website.

       Subscribe to our marketing communications.

       Browse our website (via cookies and analytics tools — see our Cookie Policy).

       Submit a product review via Judge.me.

 

How and why do we use your personal data?

In accordance with UK data protection law, we can only use your personal data if we have a valid legal basis for doing so. We use your personal data for the following purposes:

 

       To process and fulfil your orders, including arranging delivery and handling returns. Our legal basis is the performance of a contract with you.

       To manage your customer account and provide customer support. Our legal basis is the performance of a contract with you.

       To send you order confirmations, shipping updates, and essential service communications. Our legal basis is the performance of a contract with you.

       To send you promotional communications and marketing (where you have not opted out). Our legal basis is our legitimate interests, or your consent where required.

       To improve our website and user experience through analytics. Our legal basis is our legitimate interests.

       To process payments securely. Our legal basis is the performance of a contract with you.

       To comply with our legal and regulatory obligations. Our legal basis is compliance with a legal obligation.

 

Marketing

We will send you promotional communications if you have requested information from us or purchased a product from us, and you have not opted out of receiving marketing.

You can opt out at any time by:

       Clicking the unsubscribe link in any marketing email we send you.

       Contacting us directly at info@nexusautospares.co.uk.

If you opt out of marketing, you will still receive essential communications related to your orders and account.

 

Do we share personal data?

We only share your personal data with trusted third party service providers where necessary to operate our business and fulfil your orders. Our current third party providers are listed below:

 

Third Party Provider

Purpose

Location

Shopify Inc.

E-commerce platform hosting our website and processing orders

United States (EU/UK adequacy safeguards apply)

Google LLC (Google Analytics 4)

Website analytics — anonymised visitor data only

United States (EU/UK adequacy safeguards apply)

Meta Platforms Inc. (Facebook Pixel)

Advertising and marketing attribution

United States (EU/UK adequacy safeguards apply)

Judge.me

Product review platform

United States (EU/UK adequacy safeguards apply)

Xero Limited

Accounting and invoicing software

New Zealand (UK adequacy decision applies)

Shipping carriers (e.g. Royal Mail, DPD, etc.)

Order fulfilment and delivery

United Kingdom

 

We will obtain your express consent before sharing your data with any third party for their own independent marketing purposes.

Where we share your personal data, we ensure that the third party will take appropriate steps to protect your data, and that their use is limited to acting on our instructions.

We may also share your personal data with legal or regulatory bodies where required to comply with the law or applicable regulations.

 

International transfers

Some of our third party service providers are located outside the United Kingdom (see the table above). Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, such as adequacy decisions recognised by the UK, or standard contractual clauses.

We do not sell or transfer your personal data internationally for any purpose beyond what is necessary to provide our services.

 

Do we use third party links on our website?

Our website may contain links to third party websites or content. We have no control over those websites and are not responsible for their privacy practices. We recommend that you read the privacy policy of any third party website you visit.

 

Is the personal data secure?

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it, including:

       Secure HTTPS encryption across our website.

       Payment processing handled exclusively through Shopify's PCI-DSS compliant infrastructure — we never store card details.

       Access to personal data is restricted to those with a legitimate business need and who are bound by confidentiality obligations.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform you where required.

 

How long is the personal data kept for?

We only keep your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected.

       Customer account and profile data: retained for as long as your account is active, or until you request deletion.

       Order and payment records: retained for 6 years after the end of our relationship with you, in accordance with UK tax and accounting obligations.

       Marketing preferences: retained until you opt out or withdraw your consent.

       Analytics and technical data: retained in accordance with the cookie expiry periods set out in our Cookie Policy.

 

Your legal rights

Under UK GDPR, you have the following rights in relation to your personal data:

       The right to access — to receive a copy of the personal data we hold about you.

       The right to rectification — to ask us to correct inaccurate or incomplete data.

       The right to erasure — to ask us to delete your personal data in certain circumstances.

       The right to restriction — to request that we limit the processing of your data in certain circumstances.

       The right to data portability — to request a transfer of your data to yourself or a third party.

       The right to withdraw consent — where we rely on consent as our legal basis, you may withdraw it at any time.

       The right to object — to the processing of your data for direct marketing purposes, or where we rely on legitimate interests.

For more information on these rights, you can visit the Information Commissioner's Office (ICO) website at www.ico.org.uk.

 

How can you exercise your rights?

To exercise any of your rights, please contact us at info@nexusautospares.co.uk. You will not be charged a fee to exercise your rights.

We may need to verify your identity before we can act on your request. We will respond to legitimate requests within one month. If a request is complex or we receive a high volume of requests, this may take up to three months — we will notify you if this is the case.

 

Keeping us up to date

Please let us know if any personal data we hold about you is incorrect or out of date by contacting us at info@nexusautospares.co.uk.

 

Changes to this policy

This policy is reviewed and updated regularly. The date at the top of this page indicates when it was last revised. Please check this page each time you visit our website to ensure you are aware of any changes.

 

Contact us

If you have any questions about this policy or wish to exercise any of your data protection rights, please contact us:

 

NEXUS AUTO SPARES LTD

Email: info@nexusautospares.co.uk

Website: www.nexusautospares.co.uk

Registered in England and Wales. Company Number: 17219687

 

Complaints

We would appreciate the opportunity to resolve any concerns you may have. Please contact us in the first instance at info@nexusautospares.co.uk.

However, you have the right to make a complaint to the Information Commissioner's Office (ICO) at any time:

       Website: www.ico.org.uk/make-a-complaint

       Telephone: 0303 123 1113

       Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF