Privacy Policy
Last updated: April 2026
Your privacy matters to us. This Privacy Policy explains how Swapix collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Data Controller: Swapix, operating from Leicester and Birmingham, UK.
If you have any questions about how we handle your data, please contact us at:
Email: hello@swapix.co.uk
Phone: +44 7770 099349
2. Information We Collect
We collect the following types of personal data:
Identity & Contact Data
Name, email address, phone number, postal address, date of birth (where required for trade-in ID verification), and photo ID details.
Transaction Data
Purchase history, trade-in records, repair bookings, payment references (we do not store full card numbers), and device IMEI numbers.
Account Data
Username, encrypted password, saved delivery addresses, and wishlist/cart items.
Technical & Usage Data
IP address, browser type and version, pages visited, time spent on pages, referral source, and device type. This data is collected via cookies and server logs.
Communications Data
Records of emails, chat messages, or other correspondence you send to us.
We do not knowingly collect data from children under 16. If you believe a child has provided us with their data, please contact us so we can delete it.
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Processing orders, trade-ins, and repairs | Performance of a contract (Art. 6(1)(b)) |
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Sending order confirmations and service updates | Performance of a contract (Art. 6(1)(b)) |
| Complying with legal obligations (e.g. IMEI checks, fraud prevention) | Legal obligation (Art. 6(1)(c)) |
| Sending marketing emails and promotions | Consent (Art. 6(1)(a)) — you may opt out at any time |
| Improving our website and services through analytics | Legitimate interests (Art. 6(1)(f)) |
| Preventing fraud and ensuring platform security | Legitimate interests (Art. 6(1)(f)) |
4. Sharing Your Information
We do not sell your personal data. We may share it with:
- Payment processors (e.g. Stripe) — to securely process payments. They act as independent data controllers under their own privacy policies.
- Delivery couriers — name and address shared for order fulfilment.
- IMEI check services — to verify that traded-in devices are not reported lost or stolen.
- Analytics providers — aggregated, anonymised usage data to improve our services.
- Law enforcement / regulatory authorities — where we are legally required to do so.
All third parties are required to handle your data in accordance with applicable data protection law.
5. Data Retention
We retain personal data only for as long as necessary for the purpose it was collected:
- Account data: Retained for the life of the account, plus 2 years after closure.
- Transaction records: Retained for 7 years to comply with HMRC requirements.
- Trade-in ID records: Retained for 6 years (in line with Proceeds of Crime Act obligations).
- Marketing consent: Until you withdraw consent or unsubscribe.
- Technical/usage data: Typically 13 months from collection.
6. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your data where there is no compelling reason for continued processing.
Right to Restrict Processing
Ask us to pause processing your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing at any time.
To exercise any of these rights, email us at hello@swapix.co.uk. We will respond within 30 days. You also have the right to complain to the Information Commissioner's Office (ICO) at any time.
7. Cookies
We use cookies and similar technologies on our website. These include:
- Essential cookies: Required for the website to function (e.g. session management, shopping cart).
- Analytics cookies: Help us understand how visitors use our site so we can improve the experience.
- Preference cookies: Remember your settings and preferences.
You can control cookies through your browser settings. Disabling non-essential cookies will not prevent you from using our site. For full details, please see our Cookie Policy.
8. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encrypted data storage, secure HTTPS connections, and restricted staff access. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.
9. International Transfers
We primarily process data within the UK. If any data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements (e.g. adequacy decisions or Standard Contractual Clauses).
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or a prominent notice on our website. The "Last updated" date at the top of this page shows when the policy was last revised.
11. Contact & Complaints
For any privacy-related queries, requests, or complaints:
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) .