Privacy Policy

Expo Direct (trading name of Expo Hire UK Limited) is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal information.

Information We Collect

When you use our website or place an order, we may collect the following information:

• Contact Information: Name, email address, phone number, company name
• Order Information: Products ordered, quantities, prices, delivery preferences
• Payment Information: Processed securely by Stripe (we do not store card details)
• Technical Information: IP address, browser type, device information, cookies
• Communications: Email correspondence, order notes, support queries

How We Use Your Information

We use your personal data for the following purposes:

• Order Processing: To process and fulfil your orders
• Communication: To send order confirmations, collection details, and updates
• Customer Service: To respond to your enquiries and provide support
• Legal Compliance: To comply with legal obligations including tax and accounting
• Business Operations: To improve our services and website functionality
• Marketing: To send promotional emails (with your consent, which you can withdraw at any time)

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfil our contract with you
• Legal Obligation: Compliance with tax, accounting, and other legal requirements
• Legitimate Interest: Operating our business, fraud prevention, website improvement
• Consent: Marketing communications (where you have opted in)

Information Sharing

We do not sell your personal data. We may share your information with:

• Payment Processors: Stripe (for secure payment processing)
• Delivery Services: If you arrange delivery through us
• Professional Advisers: Accountants, lawyers, auditors (when necessary)
• Law Enforcement: If required by law or to protect our rights

All third parties are required to keep your data secure and use it only for specified purposes.

Data Retention

We retain your personal data for as long as necessary to:

• Fulfil the purposes for which it was collected
• Comply with legal, accounting, or reporting obligations (typically 6–7 years)
• Resolve disputes and enforce our agreements

After the retention period, personal data will be securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Secure SSL/TLS encryption for data transmission
• Secure password-protected admin access
• Regular security updates and monitoring
• Limited access to personal data on a need-to-know basis

No internet transmission is 100% secure. We take security seriously but cannot guarantee absolute security.

Cookies

Our website uses cookies to:

• Remember your shopping basket contents
• Keep you logged in (if you have an account)
• Understand how visitors use our website
• Improve website functionality and performance

You can control cookies through your browser settings. Disabling cookies may limit website functionality. See our Cookies Policy for full details.

Your Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Unsubscribe from marketing at any time

To exercise any of these rights, please contact us using the details below.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies separately.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated “Last updated” date.