Privacy Policy

Last updated: 24 April 2026

1. Who We Are

This website is owned and operated by NBITS Digital Solutions Limited, trading as RetroRide.

Company number: 17157588
Registered office: 22 St. Georges Street, Stamford, PE9 2BU, Lincolnshire, United Kingdom

NBITS Digital Solutions Limited is the Data Controller and is responsible for your personal data under the UK General Data Protection Regulation (UK GDPR).

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a) Information you provide to us

This includes information you voluntarily provide, such as:

Name
Email address
Postal address
Telephone number
Account or enquiry details
Communication history
Marketing preferences
Payment and transaction information (processed securely by third‑party payment providers)

b) Information collected automatically

When you visit or use our website, we may automatically collect:

IP address
Browser type and version
Device type, operating system, and platform
Time zone and approximate location data
Pages visited, referral source, and interaction data
Cookie and similar tracking information

This information is referred to collectively as Device Information.

3. How and Why We Use Your Personal Data

We only process personal data where we have a lawful basis under UK GDPR. The purposes and lawful bases are set out below:

Purpose: Providing products or services

Lawful Basis: Performance of a contract

Purpose: Responding to enquiries

Lawful Basis: Legitimate interests

Purpose: Processing payments and transactions

Lawful Basis: Performance of a contract / Legal obligation

Purpose: Website functionality, security, and fraud prevention

Lawful Basis: Legitimate interests

Purpose: Website analytics and performance measurement

Lawful Basis: Consent

Purpose: Marketing communications

Lawful Basis: Consent

Purpose: Legal and regulatory compliance

Lawful Basis: Legal obligation

Legitimate Interests

Where we rely on legitimate interests, these include:

Operating and improving our business and services
Responding to customer or prospective customer enquiries
Maintaining website security and preventing misuse

We have balanced these interests against your rights and freedoms.

Marketing

We will only send you marketing communications where:

You have given explicit consent, or
It is otherwise permitted by law

You can withdraw your consent or opt out at any time by using the unsubscribe link in our communications or by contacting us.

We do not sell personal data.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Enable core website functionality
Analyse website usage and performance
Improve user experience
Support marketing activities (where consent is given)

Some cookies are strictly necessary and do not require consent. All other cookies are only used after you have provided consent via our cookie banner.

For full details, please see our Cookie Policy page.

5. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this policy. Typical retention periods include:

Enquiry data: Up to 12 months after last contact
Customer and transaction data: Up to 6 years to meet legal and tax obligations
Marketing data: Until consent is withdrawn
Analytics and technical data: Up to 26 months

Where retention periods are not fixed, we determine them based on legal, contractual, and business requirements. When data is no longer required, it is securely deleted or anonymised.

6. How We Share Your Data

We may share personal data with trusted third‑party service providers, including:

Website hosting providers
Analytics and performance monitoring providers
Payment processors
Email and communication platforms

All third parties act as data processors and are contractually required to:

Process personal data only on our instructions
Keep personal data secure
Comply with data protection law

We do not allow service providers to use your personal data for their own purposes.

7. International Data Transfers

Some of our service providers may process personal data outside the UK or European Economic Area (EEA).

Where this occurs, we ensure appropriate safeguards are in place, such as:

UK‑approved Standard Contractual Clauses, and/or
UK adequacy regulations

Where Standard Contractual Clauses are used, we assess whether additional safeguards are required to ensure an equivalent level of protection.

8. Your Data Protection Rights

Under UK GDPR, you have the right to:

Be informed about how your data is used
Access your personal data
Rectify inaccurate or incomplete data
Request erasure of your data
Restrict processing
Data portability
Object to processing
Withdraw consent at any time
Rights relating to automated decision‑making and profiling

To exercise your rights, please contact us using the details below. We may request proof of identity before responding.

We will respond to valid requests within one month.

You may also lodge a complaint with the Information Commissioner’s Office (ICO):

https://www.ico.org.uk

9. Information Security

We implement appropriate administrative, technical, and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure.

However, no internet transmission is completely secure, and we cannot guarantee absolute security.

10. Children’s Information

Our website is not intended for children under the age of 16, and we do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

12. Data Protection Officer

We are not required to appoint a Data Protection Officer under UK GDPR.

13. Contact Us

If you have questions about this Privacy Policy or how we handle personal data, please contact:

Email: info@retroride.co.uk

You may also write to us at our registered office address.