Legal

Privacy Policy

Last updated: 25 April 2026

This Privacy Policy explains how Matthew Churchill Ltd ("we", "us", "our") collects, uses and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Intratek (Matthew Churchill Ltd) is the data controller for personal data collected via this website. Registered in England and Wales, Company No. 4862076. Registered office: 78 York Street, London W1H 1DP. Contact: [email protected].

2. Data we collect

When you place an order

  • Name, email address, company name
  • Delivery address
  • Order details (product, quantity, amount paid)
  • Stripe payment reference (we do not store card numbers)
  • IP address and derived country at time of purchase

When you submit a contact or quote form

  • Name, email address, company name, message content

Automatically collected

  • IP address (used for country detection and fraud prevention)
  • Session cookie (strictly necessary for cart function — see Cookie Policy)

3. Lawful basis for processing

  • Contract performance — processing your order and delivering goods
  • Legal obligation — retaining financial records for 7 years (HMRC requirement)
  • Legitimate interests — fraud prevention, sanctions compliance, export control due diligence, IP/country logging

4. How we use your data

We use your personal data to: process and fulfil your order; communicate about your order; comply with legal and regulatory obligations (tax, export controls, sanctions screening); prevent fraud and unauthorised transactions.

We do not use your data for marketing without separate explicit consent. We do not sell, rent or share your personal data with third parties for their own marketing purposes.

5. Data sharing

  • Stripe — payment processor. Stripe processes payment data under their own privacy policy and acts as a data processor on our behalf. Stripe is certified PCI DSS Level 1.
  • DHL — shipping provider. Your name and delivery address are shared with DHL to fulfil your order.
  • Legal authorities — we may disclose data if required by law, court order, or regulatory authority.

6. IP address and country logging

We record your IP address at time of purchase to determine your country of origin. This is used for VAT compliance, fraud prevention, and export control obligations. Your IP address is stored securely with your order record. This processing is based on our legitimate interests in legal compliance and fraud prevention.

7. Data retention

  • Order records — retained for 7 years from date of order (HMRC legal obligation)
  • Contact and quote enquiries — retained for 3 years then deleted
  • Session data — deleted when your browser session ends

8. Your rights

Under UK GDPR you have the right to: access your personal data; correct inaccurate data; request erasure (subject to legal retention obligations); object to processing; data portability; lodge a complaint with the ICO (ico.org.uk).

To exercise any right, email [email protected]. We will respond within one calendar month.

Note: we are legally required to retain financial records for 7 years. Where erasure is requested for order data, we will anonymise personal fields while retaining the financial record.

9. Security

All data is transmitted over HTTPS. Payment card data is handled exclusively by Stripe and never touches our servers. Access to order data is restricted to authorised personnel only.

10. Cookies

We use only strictly necessary session cookies. No advertising or analytics cookies are set without consent. See our Cookie Policy for full details.

11. International transfers

Stripe may process data outside the UK. Such transfers are subject to appropriate safeguards (Standard Contractual Clauses or adequacy decisions). We do not otherwise transfer personal data outside the UK.

12. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. Continued use of this website after changes constitutes acceptance.