Shiplo

Legal

Privacy Policy

How Nice Peak LTD, trading as Shiplo, handles personal data in line with UK GDPR and the Data Protection Act 2018.

Last updated: 1 June 2026. This policy explains how we look after your personal data and your customers' data when you use the Shiplo Services. If you have any questions, email us at hello@shiplo.co.uk.

1. Who we are

Nice Peak LTD, trading as Shiplo ("we", "us", "our"), is the data controller responsible for the personal data described in this policy. We are a UK order-fulfilment and warehousing provider serving online marketplace sellers.

This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have under UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. The data we collect

Client and enquiry data: when you request a quote or become a client, we collect details such as your name, business name, email address, phone number, billing details and information about the products you sell.

Order and recipient data: to fulfil orders on your behalf, we process the personal data of your customers — typically names, delivery addresses, contact details and order contents — which you or your connected marketplaces provide to us. For this data, you are the controller and we act as your processor.

Website and technical data: when you use our website, we may collect limited technical information such as IP address, browser type and pages visited, primarily to keep the site secure and working. See our Cookie Policy for detail.

3. How we use your data

To provide the Services: receiving, storing, picking, packing, shipping and processing returns, and generating the tracking and records needed to do so.

To manage our relationship with you: responding to enquiries, providing quotes, invoicing, account management and customer support.

To meet legal and tax obligations, to keep our systems and premises secure, and to improve our Services. We do not sell your personal data, and we do not use your customers' data for our own marketing.

4. Lawful bases

We rely on the following lawful bases under UK GDPR: performance of a contract (to deliver the Services and manage your account); legitimate interests (to run, secure and improve our business in a way that does not override your rights); legal obligation (for tax, accounting and regulatory requirements); and, where required, consent (for example, certain cookies or optional communications).

5. Sharing your data

We share personal data only as needed to deliver the Services. This includes couriers and delivery partners (to ship orders), the marketplaces and sales channels you connect, and trusted service providers such as IT, hosting and payment processors who act under our instructions.

We may disclose data where required by law, to enforce our agreements, or to protect our rights, property or safety. We do not sell personal data to third parties.

6. When we act as your processor

For the personal data of your customers, you are the controller and we are your processor. We process that data only on your documented instructions and as needed to fulfil orders, apply appropriate security measures, assist you with data subject requests where reasonable, and delete or return the data on termination, subject to any legal retention requirements.

7. International transfers

We primarily store and process data in the United Kingdom. Where any data is transferred outside the UK, we ensure an appropriate safeguard is in place, such as adequacy regulations or standard contractual clauses with the UK addendum.

8. How long we keep data

We keep personal data only as long as necessary for the purposes set out in this policy. Client and order records are generally retained for the duration of our relationship and for a period afterwards to meet legal, tax and accounting obligations (typically up to six years), after which it is securely deleted or anonymised.

9. Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse. These include access controls, secure systems, and physical security at our premises including CCTV and controlled access. No system is perfectly secure, but we work hard to protect the data entrusted to us.

10. Your rights

Under UK GDPR you have the right to access your personal data, to have it corrected or erased, to restrict or object to processing, to data portability, and to withdraw consent where we rely on it. To exercise these rights, contact us using the details below.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk. We would, however, appreciate the chance to address your concerns first.

How to contact us

For any data protection query or to exercise your rights, contact hello@shiplo.co.uk. Nice Peak LTD (trading as Shiplo), company number 15433177, registered in England and Wales, is the data controller.