Privacy Policy

Privacy Policy


John Gordons Cheltenham Ltd is committed to protecting the privacy of our customers and website visitors. This Privacy Policy explains how we collect, use, share, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

Information We Collect

  • Personal Data You Provide: When you create an account, place an order, or contact us, we may collect:
    • Contact information (name, email address, postal address, phone number)
    • Payment information (credit/debit card details, billing address)
    • Purchase history
    • Marketing preferences
    • Information provided in surveys or feedback forms
  • Data Collected Automatically: We collect certain information automatically as you use our site:
    • IP address
    • Browser type and version
    • Device information
    • Pages visited and actions taken on our website
    • Cookies (small text files stored on your device – see our separate Cookie Policy)

How We Use Your Information

  • Processing Orders: To fulfil your orders, communicate about their status, and process payments.
  • Customer Service: To answer your questions, resolve issues, and improve customer support.
  • Personalised Marketing: With your consent, to send promotional offers, product recommendations, and updates tailored to your interests. You may withdraw consent at any time.
  • Website Improvement: To analyse website usage, enhance user experience, and optimise our services.
  • Security and Fraud Prevention: To protect our website, business, and customers from unauthorized access, fraudulent activities, and security threats.
  • Legal Compliance: To comply with legal obligations, court orders, or to establish/defend legal claims.

Data Sharing

We share your information in limited circumstances:

  • Third-party Service Providers: We work with service providers (e.g., shipping carriers, payment processors, marketing platforms) to perform essential functions. They have access to data only as necessary for these purposes and are bound by confidentiality agreements.
  • Legal Requirements: We may disclose your data if required by law, to protect our rights, or in cases of suspected fraud or security issues.
  • Business Transfers: In the event of a merger, acquisition, or sale, your information may be transferred.

Data Security

We implement technical and organizational measures to safeguard your data, including encryption, firewalls, and access controls. However, no data transmission method is entirely secure.

Your Rights under GDPR

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can request correction of inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): Under certain conditions, you can request deletion of your personal data.
  • Restriction of Processing: You may request that we limit how we process your data.
  • Data Portability: You have the right to receive your data in a structured, machine-readable format.
  • Objection: You may object to certain data processing activities, including direct marketing if consent-based.

International Transfers

If service providers process your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your information.

Data Retention

We retain your data for as long as necessary to fulfil the purposes outlined in this policy, or as required by law.

Children’s Privacy

Our website is not intended for children under the relevant age of consent. We do not knowingly collect data from minors.

Changes to this Policy

We may update this policy periodically. The updated version will be posted on our website with the effective date indicated.

Contact Us

For questions or to exercise your rights, please contact us at one of the following:

11 Montpellier Arcade, Cheltenham GL50 1SU

+44 (0)1242 245985