Privacy Policy
1. Who We Are
ARVO LINE LTD, trading as BUYIT ('we', 'us', 'our'), operates the online store at buy-it.io (the 'Website'). We are committed to protecting your privacy and to handling personal data in a transparent, fair and lawful way. This Privacy Policy explains what personal data we collect, how and why we use it, the legal bases on which we rely, how long we keep it, who we share it with, and the rights available to you under the UK GDPR and other applicable data protection law. ARVO LINE LTD is the data controller responsible for the personal data described in this policy and can be reached using the details below.
For any privacy question, or to exercise a data protection right, contact us at info@buy-it.io, or write to us at the postal address above with 'Privacy request' in the subject line. We will respond within the timeframes required by applicable law and may first ask you to verify your identity.
2. How We Use Your Information
We use personal data to fulfil and manage your orders, including processing, packing, shipping and delivering Products, handling returns, refunds and invoicing, and keeping you informed about the status of your purchases. We also use it to provide customer service and to respond to enquiries and support requests, to manage your account, and to take and verify payments through our payment providers. In addition, we use personal data to protect the Website, our services and our customers against fraud, abuse and security threats, to comply with our legal, tax and accounting obligations, and to analyse and improve the performance, usability and content of the store. Where required by law, we send marketing or newsletter communications only with your consent, and you can opt out of them at any time.
3. Information We Collect
Depending on how you use the Website, we may collect identity and contact information such as your name, email address, billing and shipping addresses, phone number and account username, with your password stored only in hashed form. We collect order and payment information, including the items you buy, totals, VAT, delivery preferences and limited payment metadata; we never store full card numbers or CVV codes. We collect the content of your communications with us, including messages sent through forms, by email, support requests and reviews. We also automatically collect technical and usage information such as your IP address, device identifiers, browser and operating system, referral URLs, the pages you view, time spent on pages and related analytics. We do not intentionally collect special categories of data, and we ask that you do not submit such information to us.
4. Legal Bases and Payments
We rely on different lawful bases depending on the activity in question. We process personal data where it is necessary to perform our contract with you, for example to fulfil an order; where you have given consent, for example for certain marketing communications or for analytics and other non-essential cookies; where processing is necessary to comply with a legal obligation; and where it is in our legitimate interests to operate, secure and improve our services, balanced against your rights and freedoms. Card payments are handled by third-party payment providers over encrypted connections, and we receive only the payment status and limited metadata, never the full card number or CVV. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out beforehand.
5. Data Security and Retention
We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, monitoring and regular backups; however, no method of transmission or storage over the internet is completely secure. We keep personal data only for as long as necessary for the purposes set out in this policy and to meet legal requirements: order and invoice records are typically retained for up to seven years, customer support records for up to three years, and marketing preferences until you opt out or withdraw consent. We may keep limited data for longer where this is necessary to prevent fraud, to establish, exercise or defend legal claims, or to enforce our terms.
6. Sharing and International Transfers
We share personal data only where it is necessary to run the store. This includes service providers that support payments, hosting, email and messaging, IT, analytics, customer support and similar functions; shipping and logistics partners used to deliver your order; and professional advisers or public authorities where disclosure is required by law. Personal data may also be transferred as part of a merger, acquisition or other business reorganisation, subject to appropriate safeguards. We do not sell your personal data and do not share it with third parties for their own independent marketing. Where personal data is transferred outside the United Kingdom or the European Economic Area, we rely on adequacy decisions or on UK or EU Standard Contractual Clauses together with appropriate safeguards.
7. Cookies and Marketing
We use cookies and similar technologies to operate the Website, to remember your cart, account, language and currency choices, to strengthen security, to measure performance and to understand how the store is used. Cookies that are strictly necessary for a service you request may be used without consent, while analytics, marketing and other non-essential cookies are used only where you have given consent, which you can manage through your browser and through the cookie banner shown on the Website. You may receive marketing communications where you have opted in or where otherwise permitted by law, and you can unsubscribe at any time using the links in our messages or by emailing us, although we may still send transactional or service messages relating to your orders.
8. Your Rights
Under the UK GDPR and other applicable privacy law, you may have the right to request access to your personal data, to have inaccurate data corrected, to have your data erased, to restrict or object to certain processing including direct marketing, to data portability, and to withdraw consent at any time. You also have the right to lodge a complaint with a supervisory authority; in the United Kingdom this is the Information Commissioner's Office, which can be reached at ico.org.uk. To exercise any of these rights, contact us at info@buy-it.io. We may need to verify your identity before acting on a request, and we will respond within the timeframes set by law.
9. Children, Changes and Contact
Our Website is intended for adults and is not directed to children; we do not knowingly collect personal data from children under 13, and if you believe a child has provided us with such data, please contact us so that we can delete it. We may update this Privacy Policy from time to time and will post any changes on this page together with a revised last-updated date, so please review it periodically. For any question about this policy or about how we handle personal data, contact ARVO LINE LTD at info@buy-it.io, by phone on +44 20 7946 0958, or by post at Dept 6800, 196 High Road, Wood Green, London N22 8HH, United Kingdom.