Privacy Policy
Privacy Policy
Last updated: 17 July 2026
Page title: Privacy Policy · Shopify slug: privacy-policy
At ACCORD ("we", "us", "our"), the protection of your personal data is something we take seriously. The purpose of this Privacy Policy is to inform you transparently about the personal data we collect, the reasons for which we collect it, and how we handle it. The applicable legal frameworks include the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.
1. Data Controller
The data controller within the meaning of the UK GDPR is the operator of the website accord.com. For any queries relating to this policy or the processing of your personal data, please get in touch at contact@accord.com. Detailed provider information can be found in our Legal Notice.
2. Categories of Data We Process
Within the context of an order or a contact request, we process the following data:
- First and last name, together with email address
- Delivery and billing address
- Telephone number (optional — used for delivery status notifications)
- Payment information (securely handled by our payment partner — card details are not stored by us)
- Your order and purchase history
- Technical data about your device and browsing behaviour (IP address, browser type, pages visited)
3. Purposes of Processing and Legal Bases
- Order processing — name, address, email, and payment details are required in order for us to fulfil the purchase contract concluded with you (Art. 6(1)(b) UK GDPR).
- Customer communication — order confirmations, delivery notifications, and customer service enquiries (Art. 6(1)(b) UK GDPR).
- Improvement of our offering — through the analysis of usage patterns we are able to improve our website on an ongoing basis (Art. 6(1)(f) UK GDPR — legitimate interest).
- Compliance with legal obligations — business records are retained in accordance with the applicable requirements of tax and commercial law (Art. 6(1)(c) UK GDPR).
4. Payment Processing
Payments are handled by our partners (such as Stripe, PayPal, Klarna, or Viva Wallet), all of which hold PCI DSS Level 1 certification. Your card details are entered directly within their secure environment — the full card number, CVV security code, and expiry date are at no point visible or accessible to ACCORD.
5. Data Retention Period
Order-related data is retained for a period of six to ten years, in line with the applicable requirements of UK tax and accounting law (in particular under HMRC requirements and the Companies Act 2006). Your marketing preferences are stored until you choose to unsubscribe. Non-essential data is deleted or anonymised as soon as the purpose of its processing no longer applies.
6. Recipients of the Data
Data is shared with third parties only to the extent required for the processing of your order:
- Shipping providers (e.g. Royal Mail, DHL, DPD, Evri, UPS) for the purposes of delivery
- Payment partners for secure processing of payment
- Email service providers for transactional communications
- Hosting providers for the technical operation of the website
- Accountants and legal advisers, insofar as required to fulfil legal obligations
We have entered into appropriate data processing agreements with each of our processors in accordance with Art. 28 UK GDPR.
7. Data Transfers to Third Countries
Any transfer of data to countries outside the United Kingdom or the European Economic Area (EEA) is undertaken only where an adequacy decision is in place, or where appropriate safeguards — such as the Standard Contractual Clauses adopted by the UK or the EU Commission — are in place, in accordance with Art. 45 ff. UK GDPR.
8. Cookies and Tracking
Our website makes use of cookies and similar technologies. Detailed information can be found in our Cookie Policy. Non-essential cookies may be rejected or configured at any time via the cookie banner and the settings in your browser.
9. Your Rights as a Data Subject
The following rights are available to you in respect of your personal data:
- Right of access (Art. 15 UK GDPR) — you may enquire what data we process about you
- Right to rectification (Art. 16 UK GDPR) — inaccurate data may be corrected
- Right to erasure (Art. 17 UK GDPR) — provided no legal retention obligation applies
- Right to restriction of processing (Art. 18 UK GDPR)
- Right to data portability (Art. 20 UK GDPR)
- Right to object (Art. 21 UK GDPR) — to processing carried out on the basis of legitimate interest
- Right to withdraw consent at any time (Art. 7(3) UK GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 UK GDPR)
To exercise your rights, simply drop us a brief message at contact@accord.com.
10. Security of Your Data
In order to safeguard your data against unauthorised access, loss, or misuse, we have put in place appropriate technical and organisational measures. These include SSL/TLS encryption, secured server environments, restricted access permissions, and regular security reviews.
11. Automated Decision-Making
We do not employ automated decision-making or profiling within the meaning of Art. 22 UK GDPR.
12. Right to Complain
If you consider that the processing of your data violates UK GDPR, you have the right to lodge a complaint with a data protection supervisory authority — in particular the Information Commissioner's Office (ICO) in the United Kingdom (www.ico.org.uk), or any supervisory authority in the EU member state of your habitual residence, place of work, or the alleged infringement.
13. Updates to This Policy
We reserve the right to update this Privacy Policy from time to time in order to reflect changes in legislation or in our business operations. The version currently in force is always available for review on this page.