Privacy Policy

1. Who we are

NRG4Cycling (“we”, “us”, “our”) operates the website at https://www.nrg4cycling.co.uk. We are the data controller for personal data processed in connection with this website and our services. We are committed to protecting your privacy and handling your personal data in a fair, transparent, and secure manner.

This privacy policy explains how we collect, use, share, secure, and retain your personal data, and explains your rights. It applies to visitors and users of our website and related online interactions.

Applicable laws: United Kingdom General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Scope of this policy

This policy covers personal data processed when you browse our site, contact us, subscribe to updates, create an account (if applicable), make a purchase (if applicable), or otherwise interact with us online. It does not cover third-party websites or services that we do not control.

3. What data we collect

3.1 Data you provide to us

  • Contact details: name, email address, telephone number.
  • Account information (if you create an account): username, password, profile details.
  • Order and billing details (if you purchase): delivery details, order history. Card details are processed by our payment provider; we do not store full card numbers.
  • Communications: messages you send via forms or email, feedback, reviews, and survey responses.
  • Marketing preferences: your subscriptions and consent choices.
  • Event or service enquiries: information relevant to your request or booking.

We do not intentionally collect special category data (for example, health information) via this website. If you choose to include such information in a message to us, we will process it only where necessary and with your explicit consent, or as otherwise permitted by law.

3.2 Data we collect automatically

  • Technical data: IP address, device identifiers, browser type, operating system, pages viewed, time and date of visits, referrer URL.
  • Usage data: interactions with pages, forms, and features, error logs, and performance data.
  • Cookie data: information collected via cookies and similar technologies (see Section 5).

3.3 Data we receive from third parties

  • Analytics and advertising partners may provide aggregated or inferred statistics about site usage and campaign performance.
  • Payment providers may confirm payment status and fraud screening results.
  • Service providers (such as email or customer support platforms) may provide information necessary to deliver our services.

4. How we use your data and our legal bases

We process personal data only where we have a lawful basis under the UK GDPR:

  • To operate and secure our website, provide requested pages and content, and maintain functionality (legal basis: legitimate interests in running our business and ensuring site security and performance).
  • To respond to enquiries, provide customer support, and communicate with you (legal basis: legitimate interests in providing customer service; or to take steps at your request prior to entering a contract).
  • To set up and manage user accounts (legal basis: contract performance or steps prior to entering into a contract; legitimate interests in account administration and security).
  • To process orders and payments, deliver products or services, and provide after-sales support (legal basis: contract performance; legal obligation for tax and accounting records; legitimate interests in preventing fraud).
  • To send service communications, such as order confirmations, updates, and policy notices (legal basis: contract performance; legal obligation).
  • To send marketing communications by email or SMS where permitted (legal basis: consent; or legitimate interests under PECR “soft opt-in” for existing customers about similar products or services). You can opt out at any time.
  • To personalise content, measure the effectiveness of our site, and improve our services, including through analytics (legal basis: consent for non-essential cookies/analytics under PECR; legitimate interests for limited, privacy-friendly analytics where permitted).
  • To detect and prevent fraud, abuse, and security incidents (legal basis: legitimate interests; legal obligation where applicable).
  • To comply with laws, regulatory requirements, and enforce or defend legal claims (legal basis: legal obligation; legitimate interests in establishing, exercising, or defending legal claims).

Where we rely on consent, you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

5. Cookies and similar technologies

Cookies are small files placed on your device to help the site function, remember your choices, and understand how you use our site. We use:

  • Strictly necessary cookies: required for core functionality such as page navigation, security, and order processing. These cannot be switched off in our systems.
  • Preference cookies: remember choices like language or region to enhance your experience.
  • Analytics cookies: help us understand site usage to improve performance (for example, pages visited, time on page). We use these only with your consent where required by PECR.
  • Advertising/measurement cookies: may be used to measure campaign performance and, if enabled, to show relevant ads on third-party platforms. These are used only with your consent.

Examples of cookies we may use include analytics cookies (such as those provided by major analytics services), functional cookies to remember consent choices, and security cookies to protect accounts and forms.

Managing cookies: You can manage your cookie preferences via the cookie banner presented on your first visit and at any time by adjusting your browser settings to block or delete cookies. Blocking some cookies may affect site functionality.

6. Sharing your data

We may share personal data with:

  • Service providers acting on our behalf (for example, hosting, security, analytics, email delivery, customer support, payment processing, and couriers). They process data under written contracts and only for our specified purposes.
  • Professional advisers (such as legal, accounting, or insurance advisers) where necessary.
  • Authorities, regulators, or courts where required by law or to protect our legal rights or the rights of others.
  • Parties to a business transaction (such as a merger, acquisition, or asset sale), subject to appropriate safeguards.

We do not sell your personal data.

7. International transfers

Some of our service providers may process data outside the United Kingdom and the European Economic Area. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy regulations under UK data protection law (for destinations that the UK deems to provide an adequate level of protection), and/or
  • UK-approved standard contractual clauses, including the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses, together with supplementary measures where necessary.

You can contact us for more information about international transfer safeguards.

8. Retention periods

We keep personal data only for as long as necessary for the purposes described in this policy, including to comply with legal, accounting, or reporting requirements. Typical retention periods include:

  • Account data: retained while your account is active and for up to 24 months after closure, unless we need to keep it longer to resolve disputes or meet legal obligations.
  • Order and transaction records: retained for up to 6 years from the end of the tax year of the transaction (to meet legal obligations).
  • Customer support enquiries: retained for up to 24 months after last interaction.
  • Marketing data (including consent records): retained until you opt out, or for up to 24 months after your last interaction, after which it may be refreshed or deleted.
  • Technical logs and analytics data: retained for up to 26 months, or a shorter period where feasible.
  • Cookie data: retained according to cookie lifespan, which varies by cookie type and your settings.

We may anonymise data for statistical purposes; anonymised data is not personal data and may be retained indefinitely.

9. Your rights

Under the UK GDPR, you have the following rights (subject to conditions and exceptions):

  • Right of access: to obtain a copy of your personal data and information about how we process it.
  • Right to rectification: to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data, for example where it is no longer needed or consent is withdrawn.
  • Right to restrict processing: to limit how we use your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
  • Right to object: to processing based on our legitimate interests or for direct marketing. We will stop processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is for legal claims.
  • Rights related to consent: where processing is based on consent, you can withdraw consent at any time.

To exercise your rights, contact us using the details in Section 13. We may need to verify your identity to protect your data. We aim to respond within one month.

10. Data security

We implement technical and organisational measures appropriate to the risks, including:

  • Encryption in transit using HTTPS/TLS.
  • Access controls, authentication, and least-privilege principles for systems and data.
  • Regular software updates, monitoring, and vulnerability management.
  • Backups and continuity procedures.
  • Supplier due diligence and contractual safeguards with processors.

No method of transmission or storage is completely secure. We monitor our safeguards and improve them over time.

11. Marketing communications

We will send you email or SMS marketing only where permitted by law. Where required, we will ask for your consent. If you are an existing customer, we may send you information about similar products or services under the PECR “soft opt-in” unless you opt out. You can opt out at any time by using the unsubscribe instructions in our messages or by contacting us.

12. Children

Our website is not directed at children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

13. Automated decision-making

We do not use personal data for automated decision-making that produces legal or similarly significant effects on you.

14. How to contact us and our DPO

Controller: NRG4Cycling

Email (general privacy and rights requests): privacy@nrg4cycling.co.uk

Data Protection Officer (DPO): dpo@nrg4cycling.co.uk

If you contact us, please describe your request and the email address you used on our site so we can locate your data.

15. Complaints

If you have concerns about how we process your personal data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Telephone: 0303 123 1113

16. Changes to this policy

We may update this policy to reflect changes in our practices, technologies, or legal requirements. We will post the updated version on this page and adjust the “Last updated” date below. If changes are material, we will take appropriate steps to inform you.

Last updated: 8 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 NRG4Cycling