Privacy & Data Security Standard

Document Compliance: UK GDPR & Data Protection Act 2018 | Updated: April 16, 2026

At ASPECT HEATING LIMITED (trading as Aspect Pro-Travel), we maintain a rigid commitment to the protection of our clients’ personal data. This policy outlines our protocols regarding the collection, use, and safeguarding of information acquired through aspectheatingg.com.

1. Information We Collect

In the course of fulfilling our commercial duties, we collect three primary categories of data:

Transaction Identity: Full name, billing and shipping addresses, and electronic mail coordinates provided during the procurement of our bags and lifestyle gear.
Technical Telemetry: IP addresses, browser specifications, and session durations, utilized solely for fraud prevention and website optimization.
Communication History: Records of any correspondence with our Sauchie-based support hub for warranty or technical inquiries.

2. Financial Data & Stripe Security

ASPECT HEATING LIMITED adheres to the highest global standards for financial data integrity. We utilize Stripe as our exclusive payment architecture.

Payment Vaulting: We do not store, view, or transmit raw credit card credentials on our servers. All sensitive financial data is encrypted and handled by Stripe’s bank-grade infrastructure. Stripe is certified as a PCI Service Provider Level 1, ensuring that your transaction is protected by the most stringent security protocols available in the modern financial industry.

3. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we process your data based on:

Contractual Obligation: Necessary to dispatch your order and provide customer service.
Legal Compliance: We are mandated by UK tax laws to retain transaction records for a period of seven (7) years.
Legitimate Interest: Protecting our Site against fraudulent transactions and improving our product designs.

4. Retention & International Transfers

Your information is retained only as long as necessary for the purposes outlined. In certain instances, data may be transferred to servers located outside the UK or EEA (such as for secure cloud storage or payment processing). In these cases, we ensure that the transfer complies with UK GDPR through the use of Standard Contractual Clauses (SCCs).

5. Your Statutory Rights

As a data subject under UK law, you possess the following rights:

Access: The right to request a copy of your personal data.

Rectification: The right to correct inaccurate records.

Erasure: The “Right to be Forgotten” in specific contexts.

Objection: The right to stop processing for marketing purposes.

6. Contacting the Compliance Officer

For any inquiries regarding this policy or to exercise your data rights, please contact our Data Protection Officer at support@aspectheatingg.com. We aim to respond to all formal data requests within 30 days as per UK regulations.