Privacy Policy

Last updated: 21 June 2025

1. Introduction
   This Privacy Policy explains how JMTI LTD (“we”, “us”, “our”) collects, uses and safeguards your personal data when you visit or make a purchase from wolfairy.com (the “Site”). It has been drafted in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using the Site you acknowledge this Policy. We may update it from time to time; any material changes will be flagged on the Site or by e-mail.

2. Who we are
   Company name: JMTI LTD
   Registered address: 47 Hyholmes, Peterborough PE3 8LJ, United Kingdom
   Company number: [insert company number if applicable]
   Data Protection Officer (DPO): Mr M. E. Dziakola
   E-mail: [email protected]

3. What personal data we collect
   Category | Examples | Source
   Identity data | Full name, username, title | Directly from you
   Contact data | Billing and delivery address, e-mail address, telephone number | Directly from you
   Transaction data | Products purchased, order number, payment method (last four digits only), delivery details | Generated during purchase
   Technical data | IP address, browser type, time-zone setting, operating system | Automated technologies (cookies, server logs)
   Usage data | Pages viewed, search terms, referring URLs | Automated technologies
   Marketing preferences | Your consent to receive marketing e-mails | Directly from you
   We do not collect any special-category data (e.g. health, religion) or information about criminal convictions.

4. Why we use your data & legal bases
   Purpose | Legal basis under UK GDPR
   Processing and delivering your orders, taking payment, providing invoices | Contract – Article 6(1)(b)
   Sending service e-mails about your order (e.g. confirmation, dispatch, returns) | Contract – Article 6(1)(b)
   Providing customer support | Legitimate interests – Article 6(1)(f) (to run our business effectively)
   Complying with tax, accounting and other legal obligations (e.g. HMRC requirements) | Legal obligation – Article 6(1)(c)
   Sending marketing communications where you have opted-in | Consent – Article 6(1)(a)
   Fraud detection and site security | Legitimate interests – Article 6(1)(f)
   You may withdraw your marketing consent at any time (see section 6).

5. Marketing communications
   We only send marketing e-mails if you have actively subscribed. Every marketing message contains an Unsubscribe link, and you can also manage preferences in the My Account section of the Site. Opting-out of marketing does not affect service e-mails relating to an order.

6. Data retention
   Transactional data: retained for six (6) years after the end of the financial year in which the transaction took place, to meet statutory tax and accounting obligations.
   Marketing data: kept until you withdraw consent or after two years of inactivity, whichever is sooner.
   Technical and usage data: retained for up to 14 months for analytics before being anonymised or deleted.
   After the relevant period expires, data are securely deleted or irreversibly anonymised.

7. Sharing your personal data
   We do not sell, rent or trade your personal data. We disclose it only to:
   Payment processors – to take secure card payments
   Warehousing & fulfilment partners – to pick, pack and deliver your order
   IT hosting and maintenance providers – to operate the Site and databases
   Professional advisers (e.g. accountants) – to comply with legal/financial duties
   Government authorities (e.g. HMRC) – where required by law
   If JMTI LTD changes legal form or a new company becomes its direct successor, your data may be transferred to that entity to ensure continued protection and service. Your rights will remain unaffected.

8. International transfers
   Data are stored on secure servers located in:
   United Kingdom – primary hosting
   European Union (e.g. OVH in France/Poland)
   United States (Amazon Web Services)
   When data are processed outside the UK, we rely on adequacy regulations (where in force) or implement Standard Contractual Clauses and supplementary safeguards to ensure an equivalent level of protection.

9. Data security
   We take appropriate technical and organisational measures, including but not limited to:
   Encryption in transit (TLS 1.2+) and at rest
   Strict access controls and role-based permissions
   Regular penetration testing and vulnerability scanning
   Continuous monitoring and backup routines
   Selection of third-party processors that meet recognised security standards (e.g. ISO 27001, PCI-DSS)

10. Your rights
    Under the UK GDPR you have:
    Right of access – obtain a copy of your data
    Right to rectification – correct inaccurate data
    Right to erasure – request deletion where lawful
    Right to restrict processing – in certain circumstances
    Right to data portability – receive data in a usable format
    Right to object – to processing based on legitimate interests or direct marketing
    Right to withdraw consent – at any time, for marketing
    Right to lodge a complaint – with the Information Commissioner’s Office (ICO) (www.ico.org.uk)
    To exercise any of these rights, please contact our DPO (section 11).

11. Contact
    Data Protection Officer
    
    JMTI LTD
    47 Hyholmes
    Peterborough PE3 8LJ
    United Kingdom
    E-mail: [email protected]
    We aim to respond to all requests within one month.
    

12. Cookies & similar technologies
    The Site uses cookies for essential operations (e.g. keeping items in your basket) and analytics. You can manage non-essential cookies via the banner or your browser settings. For full details see our separate Cookie Policy.

13. Changes to this Policy
    We may amend this Policy to reflect changes in law or business practice. The latest version will always be posted on this page; significant changes will be notified by e-mail where appropriate.

Thank you for shopping with wolfairy.com. We remain committed to protecting your privacy.