Privacy Policy

1. Who we are

This Privacy Policy explains how BacWaterDirect UK (“we”, “us”, “our”) collects, uses, stores and shares your personal data when you visit https://bacwaterdirect.co.uk/, create an account, place an order, contact us, subscribe to marketing, or otherwise interact with our website and services. The website publicly describes BacWaterDirect as a UK online store specialising in bacteriostatic water, sterile water supplies, and related research handling accessories.

Trading name: BacWaterDirect UK / BacWaterDirect
Customer support email: help@bacwaterdirect.co.uk

The site currently publishes help@bacwaterdirect.co.uk on its contact, shipping, and terms pages.

2. The personal data we collect

We may collect and process the following categories of personal data:

Identity and contact data

  • name
  • billing address
  • delivery address
  • email address
  • telephone number

Account data

  • username
  • password hash
  • saved account preferences
  • order history
  • login and account activity
  • wishlist, compare, and similar saved shopping preferences where enabled

Transaction and payment data

  • products ordered
  • order value
  • order date
  • delivery and fulfilment details
  • payment method
  • payment confirmation and status
  • transaction identifiers
  • wallet address or payment reference, where cryptocurrency payments are used

Technical and usage data

  • IP address
  • browser type and version
  • device type
  • operating system
  • referring website
  • pages viewed
  • time spent on pages
  • cart activity
  • cookie and consent preferences

Marketing and communications data

  • newsletter subscription status
  • marketing preferences
  • records of consent or unsubscribe
  • communications you send to us by email, contact form, or otherwise

Customer service data

  • the contents of support queries
  • order issue correspondence
  • delivery, returns, and refund communications

This list reflects the features and services currently visible or confirmed for the site, including WooCommerce storefront functionality, customer account features, newsletter signup, Google Analytics, MailPoet, ShipStation, Royal Mail, Microsoft 365 Exchange Online, CryptoWoo Payment, and NOWPayments.

3. How we collect your personal data

We collect personal data:

  • directly from you when you place an order
  • when you create an account or use account features on the site
  • when you add items to your basket, wishlist, or comparison tools
  • when you contact us for product questions, order updates, delivery enquiries, returns, refunds, or general support
  • when you subscribe to newsletters or marketing communications
  • automatically through cookies and similar technologies, including analytics tools
  • from payment providers, delivery partners, and technical service providers where relevant to your order or website use

The site’s contact page specifically invites enquiries about product questions, order updates, delivery enquiries, returns and refund queries, general support, and wholesale or bulk order enquiries.

4. How we use your personal data

We use your personal data for the following purposes:

To provide and operate the website

  • to display products and content
  • to operate customer account functions
  • to maintain shopping basket, checkout, wishlist, and comparison functionality
  • to keep the website secure and working properly

Lawful basis: legitimate interests; performance of a contract

To process and fulfil orders

  • to receive and manage orders
  • to process payments
  • to dispatch goods
  • to arrange delivery
  • to manage failed deliveries, lost parcel investigations, returns, refunds, exchanges, and cancellations

Lawful basis: performance of a contract; legal obligation; legitimate interests

To communicate with you

  • to send order confirmations and service updates
  • to respond to support requests
  • to answer pre-sale and post-sale enquiries
  • to handle complaints and product issues

Lawful basis: performance of a contract; legitimate interests

To send marketing communications

  • to send newsletters, offers, and promotional communications where permitted
  • to maintain email subscription and unsubscribe records

Lawful basis: consent; legitimate interests where lawful soft opt-in applies

To improve our website and services

  • to analyse website usage
  • to improve performance, navigation, product information, and user experience
  • to monitor site effectiveness and troubleshoot issues

Lawful basis: consent for non-essential analytics where required; legitimate interests

To protect our business and comply with law

  • to prevent fraud, misuse, unlawful activity, or suspicious transactions
  • to keep accounting and business records
  • to enforce our policies and terms
  • to respond to legal or regulatory requests

Lawful basis: legal obligation; legitimate interests

These uses are consistent with the site’s published order, delivery, cancellation, and customer support processes.

5. Lawful bases we rely on

Under UK data protection law, we rely on one or more of the following lawful bases:

  • performance of a contract – where we need your data to process your order, manage your account, or provide requested services
  • legal obligation – where we must keep records or disclose information to comply with legal duties
  • legitimate interests – where we use data to run, secure, improve, and administer our business, provided your rights do not override those interests
  • consent – where you have actively agreed, such as for non-essential cookies or some marketing activity

6. Cookies and similar technologies

Our website uses cookies and similar technologies to support website functionality, remember preferences, analyse website traffic, and support marketing activity where enabled.

These may include:

  • strictly necessary cookies for login, account access, basket, checkout, security, and cookie preferences
  • preference cookies to remember settings
  • analytics cookies, including Google Analytics
  • marketing or signup-related cookies used in connection with MailPoet, where applicable

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage your preferences through the site’s cookie controls and your browser settings.

This wording reflects the services you confirmed are in use: Google Analytics and MailPoet, as well as visible ecommerce/account functionality on the site.

7. Payments

When you make a purchase, your payment may be processed by third-party payment providers. Depending on the payment method you choose, relevant personal data may be shared with the payment provider to validate, process, and administer the transaction.

This may include:

  • your name
  • billing details
  • order amount
  • transaction identifiers
  • wallet address or payment reference, where applicable
  • fraud prevention and verification data

We only share the personal data necessary to complete and administer the payment.

BacWaterDirect UK currently uses third-party payment options including:

  • CryptoWoo Payment
  • NOWPayments

These providers may process cryptocurrency payments and related transaction data in accordance with their own privacy policies and terms. Where a payment is made using cryptocurrency, blockchain transaction details may also be recorded on the relevant blockchain network, which is outside our control.

We do not store full card details on our own servers where card payments are handled by third-party providers.

This section reflects the payment plugins shown in your WordPress setup.

8. Delivery, fulfilment and service providers

We may share relevant personal data with trusted third parties where necessary to run our business and fulfil your order, including:

  • payment processors, including CryptoWoo Payment and NOWPayments
  • shipping and fulfilment providers, including ShipStation and Royal Mail
  • website hosting and ecommerce service providers
  • email and marketing service providers, including MailPoet
  • analytics providers, including Google Analytics
  • business communications providers, including Microsoft 365 Exchange Online
  • fraud prevention and security providers
  • professional advisers such as accountants, legal advisers, insurers, and auditors where necessary
  • regulators, courts, law enforcement, or public authorities where required by law

We require service providers to process personal data only as needed for the relevant service and to apply appropriate security measures.

The site’s shipping page states that orders are delivered using Royal Mail, and you confirmed ShipStation, MailPoet, Google Analytics, and Microsoft 365 Exchange Online are used.

9. Marketing communications

If you subscribe to our newsletter or otherwise agree to receive marketing, we may send you emails about products, offers, promotions, updates, or related content.

We use MailPoet to manage email subscriptions and marketing communications.

You can unsubscribe at any time by:

We may still send essential service communications relating to orders, delivery, account issues, security, or legal notices where necessary.

The site currently promotes newsletter signup on public pages.

10. International transfers

Some of our service providers may process personal data outside the United Kingdom. This may include payment providers, analytics providers, email service providers, communication platforms, and technical service providers involved in website operations.

This may include:

  • Google Analytics
  • MailPoet
  • Microsoft 365 Exchange Online
  • cryptocurrency payment providers
  • other hosting, support, or fulfilment providers where relevant

Where personal data is transferred outside the United Kingdom, we will ensure appropriate safeguards are in place, such as:

  • an adequacy decision
  • the UK International Data Transfer Agreement
  • the UK Addendum to Standard Contractual Clauses
  • other lawful transfer mechanisms recognised under UK data protection law

11. How long we keep your personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, tax, accounting, fraud prevention, dispute resolution, and customer support requirements.

Typical retention periods may include:

  • account data: while your account remains active and for a reasonable period afterwards
  • order and transaction records: typically 6 years after the end of the relevant financial year, or longer where legally required
  • customer service enquiries: up to 24 months after resolution, unless a longer period is needed
  • marketing records and consent logs: until you withdraw consent or object, plus a reasonable period to maintain suppression records
  • technical logs and security records: for as long as reasonably required for security and troubleshooting

You should align these retention periods with your real accounting, compliance, and operational practice before publishing.

12. Cryptocurrency payments

If you choose to pay using cryptocurrency, additional information relating to that transaction may be processed by third-party payment providers and recorded on the relevant blockchain network. Blockchain networks are decentralised and may permanently record transaction data, including wallet addresses and transaction hashes.

We do not control the blockchain and cannot erase or amend information recorded on it.

You are responsible for ensuring that any wallet address or payment details you provide are correct. We are not responsible for payments sent to the wrong wallet address where the error did not arise from our fault.

This section is included because the site uses crypto payment plugins and related checkout functionality.

13. Your rights

Under UK data protection law, you may have the right to:

  • access your personal data
  • request correction of inaccurate or incomplete data
  • request erasure of your data in certain circumstances
  • request restriction of processing in certain circumstances
  • object to processing based on legitimate interests
  • withdraw consent at any time where consent is the lawful basis
  • request transfer of your data where applicable
  • complain to the Information Commissioner’s Office

To exercise your rights, contact us at help@bacwaterdirect.co.uk.

We may ask for proof of identity before responding to your request.

14. Children’s privacy

Our website and services are not intended for children under the age of 18, and we do not knowingly collect personal data from children.

15. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure hosting, software updates, role-based permissions, and security monitoring where appropriate.

No internet-based system is completely secure, but we work to protect the information we hold.

16. Third-party links

Our website may contain links to third-party websites, services, or platforms. If you follow those links, their privacy policies and terms will apply. We are not responsible for the privacy practices of third-party sites.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, guidance, our services, or the way we process personal data. Any updates will be posted on this page with a revised “Last updated” date.

18. Contact us

If you have questions about this Privacy Policy or want to exercise your rights, contact:

BacWaterDirect UK / BacWaterDirect

Subscribe to our newsletter

Get Exclusive Discounts and Deals Delivered Straight to Your Inbox!

    Let us help

    Our Policies

    Copyright © 2026 BacWaterDirect UK.

    Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
    • Image
    • Price
    • Additional information
    • Add to cart
    Click outside to hide the comparison bar
    Compare
    Home
    Shopping
    Account