4️⃣ Privacy Policy

Privacy Policy

Last updated: 24 June 2026

Page title: Privacy Policy · Shopify slug: privacy-policy

At VEXON ("we", "us", "our"), the responsible handling of your personal data is a core priority. This Privacy Policy sets out clearly and transparently which personal data we collect, the purposes for which we do so, and how it is managed. The applicable legal frameworks are the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller within the meaning of the UK GDPR is the operator of vexon.com. For any queries about this policy or the handling of your personal data, please contact us at contact@vexon.com. Full provider particulars are on our Legal Notice page.

2. Types of Data We Process

When you place an order or submit an enquiry, we handle the following categories of data:

  • First and last name, along with email address
  • Delivery and billing address
  • Telephone number (optional — used solely for delivery status updates)
  • Payment details (securely processed by our payment partners — card data is never held by us)
  • Order and purchase history
  • Technical data about your device and browsing activity (IP address, browser type, pages visited)

3. Purposes of Processing and Legal Bases

  • Order fulfilment — name, address, email and payment details are required to carry out the purchase contract with you (Art. 6(1)(b) UK GDPR).
  • Client communications — order confirmations, shipping updates and responses to service enquiries (Art. 6(1)(b) UK GDPR).
  • Website improvement — usage data allows us to refine and develop our site on an ongoing basis (Art. 6(1)(f) UK GDPR — legitimate interest).
  • Compliance with legal obligations — business records are retained in accordance with applicable tax and commercial legislation (Art. 6(1)(c) UK GDPR).

4. Payment Processing

All transactions are handled by our payment partners (including Stripe, PayPal, Klarna and Viva Wallet), all of whom hold PCI DSS Level 1 certification. Card details are entered directly within their secure environments — the full card number, CVV and expiry date are at no point accessible to or stored by VEXON.

5. Data Retention Period

Order-related data is kept for between 6 and 10 years in line with UK tax and accounting legislation (in particular HMRC requirements and the Companies Act 2006). Marketing preferences are retained until you withdraw consent. Data no longer needed for its original purpose is deleted or anonymised without delay.

6. Recipients of the Data

Personal data is disclosed to third parties only to the extent required to fulfil your order:

  • Delivery partners (e.g. Royal Mail, DHL, DPD, Evri, UPS) for the shipment of goods
  • Payment providers for secure transaction handling
  • Email service providers for transactional correspondence
  • Hosting companies for the technical operation of the website
  • Accountants and legal advisers, where required to meet legal obligations

Data processing agreements in accordance with Art. 28 UK GDPR have been concluded with all our processors.

7. Data Transfers to Third Countries

Transfers of personal data to countries outside the United Kingdom or the European Economic Area (EEA) take place only where an adequacy decision is in force, or where appropriate safeguards — such as Standard Contractual Clauses approved by the UK or EU Commission — are in place under Art. 45 ff. UK GDPR.

8. Cookies and Tracking

Our website uses cookies and similar technologies. Further details are set out in our Cookie Policy. Non-essential cookies may be declined or configured at any time via the cookie banner or your browser settings.

9. Your Rights as a Data Subject

You hold the following rights in relation to your personal data:

  • Right of access (Art. 15 UK GDPR) — you may ask what data we hold about you
  • Right to rectification (Art. 16 UK GDPR) — inaccurate data may be corrected
  • Right to erasure (Art. 17 UK GDPR) — subject to applicable legal retention requirements
  • Right to restriction of processing (Art. 18 UK GDPR)
  • Right to data portability (Art. 20 UK GDPR)
  • Right to object (Art. 21 UK GDPR) — to processing grounded in legitimate interest
  • Right to withdraw consent at any time (Art. 7(3) UK GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 UK GDPR)

To exercise any of these rights, send a brief message to contact@vexon.com.

10. Security of Your Data

We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, loss and misuse. These encompass SSL/TLS encryption, secured server infrastructure, restricted access controls and periodic security reviews.

11. Automated Decision-Making

We do not employ automated decision-making or profiling within the meaning of Art. 22 UK GDPR.

12. Right to Complain

If you consider that the processing of your personal data infringes the UK GDPR, you have the right to lodge a complaint with a supervisory authority — in particular the Information Commissioner's Office (ICO) in the United Kingdom (www.ico.org.uk), or any competent authority in the EU member state of your habitual residence, place of work or the alleged infringement.

13. Updates to This Policy

We may revise this Privacy Policy periodically to reflect legislative changes or developments in our business. The version currently in force is always accessible on this page.