Privacy Policy

Privacy Policy

Last updated: 12/08/2025

Contents

1. Controller & contact

RANDM BELGIUM LTD, Companies House No. 16632784, registered office: 71–75 Shelton Street, London, WC2H 9JQ, United Kingdom. Operations and logistics primarily from Belgium.

  • Website: randmbelgium.com
  • Privacy contact: [email protected]
  • For any data request (rights, info, complaint), please e-mail us.

2. Data we collect

We only collect the data needed to run the site and deliver our services:

  • Identity & contact: name, email, phone (optional).
  • Addresses: shipping, billing.
  • Order & service: products, amounts, history, customer support communications.
  • Payment: processed securely by our payment providers (we do not store full card numbers).
  • Age verification (if applicable): date of birth/verification result, verification token (no full ID retained unless required by law).
  • Technical data: IP address, cookie IDs, logs, device/browser, pages viewed.
  • Marketing preferences: email/SMS subscriptions, cookie consents.

3. Purposes & legal bases

  • Order processing, delivery, customer servicecontract performance.
  • Invoicing, accounting, legal obligationslegal obligation.
  • Fraud prevention, site security, service improvementlegitimate interests.
  • Marketing (newsletters, offers)consent (you can withdraw at any time).
  • Analytics & non-essential cookiesconsent.
  • Age verificationlegal obligation / legitimate interests.

4. Recipients & international transfers

We do not sell or rent your data. We may share it with strictly necessary processors:

  • Payments: gateways & anti-fraud tools.
  • Logistics: warehouses/partners, carriers, tracking tools.
  • Technical tools: hosting, email/SMS delivery, analytics, support.
  • Authorities: only where legally required.

Some providers may be located outside the EEA (e.g., the United Kingdom/United States). We safeguard transfers with appropriate protections (adequacy decisions, Standard Contractual Clauses, and additional measures where needed). More details available on request.

5. Retention periods

  • Account & customer history: while the account is active, then up to 3 years after last activity (prospecting) or as required by local rules.
  • Orders & invoicing: up to 10 years per accounting/tax obligations.
  • Support: 3 years after case closure.
  • Age verification: minimum period necessary to evidence compliance.
  • Marketing opt-out: kept in a suppression list (to honour your choice).

6. Your rights (GDPR/UK GDPR)

  • Access, rectification, erasure, restriction, portability.
  • Object to processing based on legitimate interests, including to direct marketing (at any time).
  • Withdraw consent (cookies/marketing) at any time.

To exercise your rights: [email protected]. We may verify your identity before responding.

7. Cookies & trackers

We use cookies for site operation, audience measurement, and (where applicable) personalisation/marketing. A consent banner lets you accept/refuse non-essential categories.

  • Necessary (essential for the site and cart).
  • Analytics (subject to consent if not strictly anonymised).
  • Marketing (remarketing, preferences — consent only).

You can change your choices at any time via the banner/CMP or your browser settings. See also our Cookie Policy (if available).

8. Security

We implement reasonable technical and organisational measures (in-transit encryption, access controls, logging, least-privilege). No system is entirely secure, but we continually improve our protections.

9. Minors & age verification

Our products are not intended for minors. We may perform age checks at checkout and/or on delivery and decline the order if in doubt.

10. Fraud detection & automated decisions

Certain checks (e.g., anti-fraud scoring) may be automated. You can challenge a decision and request human review by contacting us.

11. Complaints & supervisory authorities

If you believe your rights are not respected, write to us first. You may then contact your supervisory authority:

  • Belgium: Data Protection Authority (APD/GBA).
  • United Kingdom: Information Commissioner’s Office (ICO).

12. Changes to this notice

We may update this notice at any time. Material changes will be signposted on the site. The update date appears at the top of this page.

13. Disclaimer

This document is an information template and does not constitute legal advice. For specific situations (B2B, particular transfers, DPO requirements, identified third-party tools), please seek professional advice.