At LR Direct we are committed to protecting and processing your personal information in accordance with the EU General Data Protection Regulation and associated laws in the UK. Whether you are an occasional user or a regular customer, we will always treat your data security very seriously.
LR Direct will only use your personal information in accordance with the contract, our legitimate business interests or explicit consent that you have given us. For legal purposes, Fourtrack Logistics Ltd (LR Direct) is a data controller. We also act as a data processor for Global E (UK) Ltd, our processing and shipping partner.
How we use your information
Contact, billing and shipping details
Processing of your personal data is necessary for the purpose of correctly supplying goods to your address, to properly distinguish your order or wish list from that of other users and to communicate with you about your order by email or telephone. We have a legitimate interest in storing your order details and linking them to your personal data for the purposes of tax reporting, customer service, returns and refund processing.
Your details may be collected by our processing and shipping partner Global-E on their SSL-protected checkout webform. Global-E are GDPR and PCI compliant. UK customers, or international customers who register first on the LRDirect website, will enter their details on our own SSL-protected registration and checkout pages. All personal data collected by these methods is stored on our GDPR-compliant server in the USA. Please email us if you wish to review data security arrangements or certification for the data processors that we work with to secure your information.
Your personal details and order history may also be stored on firewall-protected and password-protected offline networks at our business premises. It is in our legitimate interests to process and track your order on our warehouse management systems so that we can send your order out as efficiently as possible. Encrypted transfers of personal data are also necessary between our two UK locations.
Our PCI-compliant card processing partners will obtain your cardholder data from you on their own secure web pages when you make a purchase. Occasionally they will ask us to gather further information from you for the legitimate purpose of fraud prevention and detection. You are only obliged to send us additional information if you wish to complete the purchase at that time. Any sensitive data you do send to us will be erased after viewing by our processing manager and sensitive documents such as passport / id copies will never be forwarded to any third party.
Cardholder data obtained from you by our processing partners is not obtainable or readable by anyone at LRdirect and is not stored anywhere on our servers or offline.
Marketing contact details
We will only use your name and email address for marketing purposes where we have your consent. Our email marketing partner, Mailchimp, monitors and records your ongoing consent and allows you to unsubscribe from further emails in footer of each email you receive. You may also email us at firstname.lastname@example.org to be removed from the mailing list. We will remove your details within 5 working days.
Customer service emails and phone calls
We need to email or phone you about your order, tracking, returns, refunds or other customer service issues. It is in our mutual necessary interests to store your name, email address and message history so that aftersales issues can be followed up and we can provide you with the best possible service.
Please do no not email any unsolicited sensitive information such as cardholder data, passport copies, bank details etc as standard emails are not encrypted. We will erase any sensitive data that we receive on receipt.
Other third parties
Your shipping and contact details will be shared with one of our 3 delivery partners by LRdirect and Global E for the legitimate interest of sending your goods to your correct address and contacting you if there is a delivery problem. We use DHL, Parcelforce and DPD, all of whom are GDPR-compliant and we have access to your details on their cloud-based systems.
We use Google Analytics as our data processor to track website performance and global sales. Google uses your i.p address to compile anonymised data for statistical analysis and they are committed to GDPR-compliance by the May 25th 2018 deadline.
We use Trustpilot to gather reviews from our customers for the necessary interest of improving our service and ironing out operational issues. When you reply to a review invite your contact details, review scores and feedback text are controlled by Trustpilot and we have no access to your data. The average review score and the last review received are embedded and displayed by Trustpilot in the left panel of our website. You are not obliged to reply to review invites in order to use our mail order service. Trustpilot are committed to full GDPR compliance by May 25th.
We never share customer data with any other third party for any reason.
We do not subject your data to any automated decision making or profiling.
Keeping your information
We store your contact, billing and shipping details in our online system for as long as you have an account with us. Your details will also be saved on past invoices in our offline invoicing system for up to 6 years for UK/EU tax compliance.
All personal and order information older than 6 years is erased.
Names, email addresses and non-sensitive email messages are stored in our online and offline email software for a period of up to 2 years before permanent deletion. This task is scheduled by our customer service manager for the 31st March each year.
Accessing and correcting your information
You have the right to view the information we hold about you.
The personal information we hold can be accessed by logging into your account page and you can also request a screenshot of your personal data on our offline invoicing system. Your complete email history with us can be also be forwarded. Please email us email@example.com and allow 5 business days to complete the request.
IMPORTANT: To ensure your privacy and data security we will only send personal information we hold to the email address shown in your account. If you are no longer contactable at this address, please telephone to identify yourself using your order and email history.
You can correct your contact, billing and shipping details by logging into your account page at any time. Please note we cannot change shipping and billing details on orders that have already been placed.
You have the right to request that we transfer your personal information to another service provider. Please email us at firstname.lastname@example.org and we will process your request within 5 business days.
Having your information deleted
You have the right to request that we delete your data. To close your account and have most of your details removed from our servers and offline systems please email us at email@example.com.
To have your email history with all of our departments permanently deleted please email firstname.lastname@example.org or phone us. We do not recommend this option as past conversations may need to be reviewed in order to process returns and refunds.
It may be necessary for us to keep hold of some of your personal information and message history to meet tax, legal or regulatory requirements, resolve disputes, prevent fraud or abuse or enforce our terms and conditions, even after you have closed your account or we no longer need it to provide services to you.
We will process data-removal requests within 5 business days.
Please contact our GDPR-compliant partners directly to request your data is removed from their systems. We are unable to issue instructions to them on your behalf but we will gladly back up your request by email if required.
We hope it will never be necessary but you have the right to complain to the data protection regulator in the UK, the Information Commissioner's Office. You also have the right to object to the way that we process your data. Any objection will be considered by management within 5 business days. To exercise any of your rights, or if you have a complaint about any aspect of our service, please call or email us and we will do our very best to help.
Please Note: For data protection and other legal reasons we cannot accept sales orders from minors. We do not authorise persons under 18 years old to register an account on our website. Although we cannot reasonably prevent any user from registering an account, we will delete any data provided by unauthorised users where it comes to our attention.
The LRdirect site will normally store a first-party cookie on your computer when you start the ordering process or add an item to your cart. This cookie does not contain any personal information and any information it contains for the purposes of site functionality is stored solely on your computer. The cookie may be deleted by yourself at any time by accessing your browser options. We never use third-party cookies.