Privacy Policy

Who we are

Classic Mini Parts
Website: www.classicminiparts.co.uk

Effective Date: 24 December 2025
Last Updated: 24 December 2025

1. Purpose, Scope, and Policy Integration

Classic Mini Parts (“we,” “us,” or “our”) is committed to protecting personal data and respecting individual privacy rights.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in connection with our website, products, services, and communications.

Policy Integration and Legal Hierarchy

This Privacy Policy is intended to be read and enforced together with:

  1. Mandatory applicable law
  2. The Anti-Spam Policy (governing all electronic marketing and Commercial Electronic Messages)
  3. This Privacy Policy
  4. The Terms of Use

In the event of inconsistency, the document higher in this hierarchy prevails.

2. Applicable Law and Regulatory Framework

This Privacy Policy is designed to comply with:

  • UK General Data Protection Regulation (UK GDPR)
  • EU General Data Protection Regulation (EU GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • Canada’s Anti-Spam Legislation (CASL), where applicable
  • Other applicable data protection and privacy laws

Where laws impose different or overlapping obligations, the most protective standard for the data subject applies.

3. Definitions

For consistency across all policies, the following definitions apply:

  • Personal Data” – Any information relating to an identified or identifiable natural person.
  • Consent” – A freely given, specific, informed, and unambiguous indication of wishes by clear affirmative action, as defined in Article 4(11) GDPR.
  • Commercial Electronic Message (CEM)” – Any electronic message encouraging participation in a commercial activity, as defined in the Anti-Spam Policy.
  • Unsubscribe Request” – Any clear indication that a recipient no longer wishes to receive CEMs.
  • Suppression List” – A restricted compliance record identifying contacts who must not receive marketing communications.

4. Personal Data We Collect

We may collect the following categories of personal data:

  • Contact details (e.g., name, email address)
  • Account or transaction-related information
  • Communication preferences and consent records
  • IP address, device, and technical usage data
  • Correspondence and customer service communications

We do not knowingly collect special category data unless legally required and explicitly disclosed.

5. How We Collect Personal Data

Personal data is collected through:

  • Website forms and checkout processes
  • Newsletter or marketing sign-up forms
  • Customer communications (email or direct contact)
  • Technical interactions with our website
  • Lawful third-party service providers acting on our instructions

We do not purchase marketing lists or harvest contact information.

6. Lawful Bases for Processing

6.1 Electronic Marketing

For electronic marketing and CEMs, the lawful basis for processing is Consent under Article 6(1)(a) GDPR.

  • Consent standards and withdrawal mechanisms are governed by the Anti-Spam Policy
  • Objections to direct marketing under Article 21(2) GDPR are treated as absolute
  • Withdrawal of consent results in permanent suppression

We do not rely on legitimate interests for electronic marketing.

6.2 Other Processing Activities

Where applicable, we may process personal data on the following lawful bases:

  • Performance of a contract (Article 6(1)(b))
  • Compliance with a legal obligation (Article 6(1)(c))
  • Legitimate interests (Article 6(1)(f)), excluding direct marketing

Legitimate interests are never used to override marketing consent requirements.

7. Use of Personal Data

Personal data may be used to:

  • Provide products and services
  • Process transactions and customer requests
  • Send communications expressly consented to
  • Maintain suppression lists for compliance
  • Improve website performance and security
  • Comply with legal and regulatory obligations

Data is not repurposed in a manner incompatible with the original collection purpose.

8. Electronic Marketing and Consent Management

Electronic marketing activities are governed by the Anti-Spam Policy, which is incorporated by reference.

Specifically:

  • Express opt-in consent is required before sending CEMs
  • Every CEM includes an unsubscribe mechanism
  • Unsubscribe Requests are honoured within five (5) business days
  • Suppression lists are permanent and compliance-only

This structure satisfies GDPR Articles 6, 7, and 21 and CASL Sections 6 and 11.

9. Data Retention and Suppression Lists

Personal data is retained only as long as necessary for its intended purpose.

Suppression Lists

  • Suppression list data is retained indefinitely
  • Retention is strictly limited to legal compliance, audit defence, and prevention of unlawful re-contact
  • Suppression data is not used for marketing or profiling

This retention is lawful under GDPR Articles 5(1)(b), 5(1)(c), and 6(1)(c).

10. Data Subject Rights

Data subjects have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Data portability (where applicable)
  • Object to processing

Absolute Right to Object to Marketing

Under Article 21(2) GDPR, objections to direct marketing are absolute and immediately enforced.

11. Data Sharing and Third Parties

Personal data may be shared with:

  • Service providers acting under written data processing agreements
  • Regulatory authorities where legally required

We do not sell personal data.

Third parties authorized to send communications on our behalf must comply with the Anti-Spam Policy and this Privacy Policy.

12. International Transfers

Where personal data is transferred outside the UK or EEA, appropriate safeguards are implemented, including:

  • Adequacy decisions
  • Standard contractual clauses
  • Equivalent lawful mechanisms

13. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Access controls
  • Secure storage
  • Confidentiality obligations
  • Incident response procedures

No system is completely secure; however, reasonable safeguards are maintained.

14. Children’s Data

Our website and services are not directed to children, and we do not knowingly collect personal data from individuals under 16.

15. Contact Information

Privacy, data protection, and consent inquiries may be directed to:

Email: info@classicminiparts.co.uk
Address:

Higher Childers Green Farm, Mill Hill LAne, Hapon, Burnley, Lancashire, UK BB11 5QX

16. Severability

If any provision of this Privacy Policy is held unenforceable, the remaining provisions shall remain in full force and effect.

17. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of England and Wales, except where mandatory local law provides otherwise.

18. Policy Updates and Change Log

We may update this Privacy Policy to reflect legal or operational changes. Updates will be posted with a revised effective date.

Revision Log:

  • 24 December 2025 – Initial harmonized version published