Privacy Policy
Last updated: 23 April, 2026
1. Introduction and Scope
This Privacy Policy explains how WAVE MOTION SHOP LTD (“we”, “us”, “our”, or the “Company”) collects, uses, stores, shares, and otherwise processes personal data when you access or use the website located at https://wavemotionshop.com/ (the “Website”), create an account, place an order, contact us, or otherwise interact with us.
We are committed to protecting your privacy and handling your personal data transparently and in accordance with applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (“EU GDPR”).
By using the Website, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.
2. Data Controller Information
For the purposes of applicable data protection law, the data controller responsible for your personal data is:
WAVE MOTION SHOP LTD
Company registration number: 17129506
Registered address: 25 Effie Road, London, United Kingdom, SW6 1EL
Email: [email protected]
Website: https://wavemotionshop.com/
If you have any questions about this Privacy Policy or the way in which we process your personal data, you may contact us using the details above.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identity and Contact Data
This may include your name, billing address, delivery address, email address, telephone number, and any other contact details you provide when creating an account, placing an order, or contacting us.
3.2 Account Data
This may include your login credentials, account preferences, purchase history, saved addresses, and records of your interactions with your account.
3.3 Order and Transaction Data
This may include information relating to the products you order, delivery selections, order values, refund requests, return requests, dispatch information, and communication relating to your order.
3.4 Communication Data
This may include messages you send to us by email, through contact forms, customer support requests, complaints, reviews, or other correspondence.
3.5 Technical and Usage Data
This may include your IP address, browser type and version, device type, operating system, time zone, referral source, pages viewed, session duration, clickstream data, and other information about how you use the Website.
3.6 Marketing and Preferences Data
This may include your preferences in receiving marketing communications from us, your communication preferences, and any consent choices you have made in relation to cookies or promotions.
4. Payment Information
We do not collect, store, or process your payment card details or other financial payment credentials on our Website systems.
All payments are made through secure, independent third-party payment service providers. When you make a purchase, your payment information is submitted directly to the relevant payment processor and is handled by that provider under its own privacy policy, terms, and security procedures.
We may receive limited transaction-related information from the payment processor, such as confirmation that payment was successful, partial payment method details where necessary for order administration, transaction identifiers, and fraud-prevention status updates. We use this information only for order management, accounting, customer support, compliance, and fraud prevention purposes.
5. How We Collect Personal Data
We collect personal data in several ways, including:
- directly from you when you create an account, place an order, subscribe to communications, submit a return request, or contact us;
- automatically when you browse or interact with the Website through cookies, server logs, and similar technologies;
- from third-party service providers, such as payment processors, delivery partners, analytics providers, and fraud-prevention providers;
- from publicly available or lawful third-party sources where relevant for fraud prevention, legal compliance, or dispute resolution.
6. Purposes of Processing Your Personal Data
We may process your personal data for the following purposes:
6.1 To Provide the Website and Our Services
We use personal data to operate the Website, create and manage user accounts, process orders, arrange dispatch and delivery, manage returns and refunds, and provide customer support.
6.2 To Perform Our Contract with You
We process personal data where necessary to fulfil our contractual obligations to you, including taking and managing orders, sending confirmations, handling delivery issues, and processing lawful refunds or cancellations.
6.3 To Communicate with You
We use your contact details to send essential service communications, including account-related notices, order confirmations, dispatch notifications, return-related communication, and responses to enquiries or complaints.
6.4 To Improve the Website and User Experience
We analyse technical and usage data to understand how the Website is used, improve navigation and functionality, fix technical issues, and optimise performance.
6.5 To Prevent Fraud and Protect the Website
We may process personal data to detect suspicious activity, prevent fraud, secure our systems, enforce our legal rights, and protect the Website, our customers, and our business.
6.6 To Comply with Legal and Regulatory Obligations
We may process personal data to comply with obligations relating to accounting, tax, consumer protection, law enforcement requests, dispute management, and other applicable legal or regulatory requirements.
6.7 To Send Marketing Communications
Where permitted by law or where you have given consent, we may use your personal data to send you marketing emails or promotional communications about our products, offers, or updates. You may unsubscribe at any time.
7. Legal Bases for Processing
We process your personal data only where we have a lawful basis to do so. Depending on the circumstances, these lawful bases may include:
7.1 Contract
Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract, such as processing your order and arranging delivery.
7.2 Legal Obligation
Processing is necessary for compliance with our legal obligations, including obligations relating to taxation, accounting, consumer law, and data protection law.
7.3 Legitimate Interests
Processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes interests such as operating and improving the Website, fraud prevention, customer service, internal administration, record-keeping, and defending legal claims.
7.4 Consent
Where required, we rely on your consent, for example in relation to certain cookies or certain direct marketing communications. You may withdraw consent at any time, although this will not affect the lawfulness of processing carried out before withdrawal.
8. Data Security
We implement appropriate technical and organisational safeguards designed to protect your personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.
These measures include, where appropriate, encryption technologies, restricted access controls, authentication procedures, secure hosting environments, and ongoing review of our security practices. Access to personal data is limited to those employees, contractors, and service providers who need it for legitimate business purposes and who are subject to confidentiality obligations.
We also maintain internal processes aimed at monitoring, evaluating, and strengthening the security of our systems and data handling practices on an ongoing basis. However, no method of transmission over the internet or method of electronic storage can be guaranteed to be completely secure, and we cannot guarantee absolute security.
9. GDPR Compliance and Data Protection Principles
We are committed to complying with applicable data protection legislation, including the UK GDPR and, where relevant, the EU GDPR.
In doing so, we apply appropriate technical and organisational measures intended to preserve the confidentiality, integrity, and availability of personal data. These measures may include staff awareness and training, internal controls, periodic review of our procedures, and operational safeguards designed to support compliance.
We process personal data in accordance with core data protection principles, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.
10. Disclosure of Personal Data
We may share your personal data with third parties where necessary for the purposes described in this Privacy Policy.
10.1 Service Providers
We may share personal data with trusted third-party service providers that help us operate our business and Website, including hosting providers, order management providers, delivery partners, IT support providers, analytics services, email service providers, customer support tools, and fraud-prevention providers.
10.2 Payment Processors
As noted above, payment information is handled directly by third-party payment service providers. We may share order-related information with those providers only to the extent required to process transactions, verify payments, prevent fraud, or manage refunds and disputes.
10.3 Professional Advisers and Compliance
We may disclose personal data to accountants, auditors, insurers, legal advisers, regulators, courts, law enforcement authorities, or other official bodies where necessary to comply with legal obligations or protect our rights.
10.4 Business Transfers
If we sell, merge, reorganise, or otherwise transfer all or part of our business or assets, personal data may be disclosed to prospective or actual purchasers and their advisers, subject to appropriate confidentiality and legal safeguards.
11. International Transfers of Personal Data
Your personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom or outside the European Economic Area (“EEA”), including countries that may not provide the same level of data protection as your home jurisdiction.
Where such transfers occur, we take steps to ensure that they are carried out lawfully and that appropriate safeguards are in place. These safeguards may include the use of adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised under applicable data protection law.
Where required, we also assess whether supplementary measures are necessary to ensure that your personal data remains appropriately protected when transferred internationally.
12. Cookies and Similar Technologies
We use cookies and similar technologies on the Website to support core functionality, remember preferences, analyse Website traffic, improve performance, and, where applicable, support advertising or marketing activity.
Some cookies are strictly necessary for the operation of the Website, while others are optional and used only where permitted by law or with your consent.
For more detailed information about the cookies we use, how long they remain on your device, and how you can control them, please refer to our Cookies Policy.
13. Strong Customer Authentication (SCA) and PSD2
Where applicable, online payments made through the Website are subject to security controls operated by our third-party payment service providers in accordance with relevant legal and regulatory standards, including Strong Customer Authentication (“SCA”) requirements under the Payment Services Directive 2 (“PSD2”).
SCA is designed to improve transaction security by requiring verification based on two or more independent elements, such as something the customer knows, possesses, or is. The specific authentication process is managed by the payment provider or the customer’s bank, not by us.
Although we do not process payment card data ourselves, we use payment partners that are expected to operate in line with applicable PSD2 and related payment security requirements.
14. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to fulfil contractual obligations, maintain business records, resolve disputes, enforce agreements, and comply with legal, tax, accounting, and regulatory requirements.
The retention period may vary depending on the type of data and the reason for processing. For example:
- account data may be retained while your account remains active and for a reasonable period thereafter;
- order and transaction records may be retained for longer periods where required for tax, accounting, or legal compliance;
- correspondence and complaint records may be retained for as long as necessary to deal with the relevant issue and any related legal obligations.
When personal data is no longer required, we will delete it or anonymise it where appropriate.
15. Your Data Protection Rights
Subject to applicable law, you may have the following rights in relation to your personal data:
- the right to request access to the personal data we hold about you;
- the right to request correction of inaccurate or incomplete data;
- the right to request erasure of your personal data in certain circumstances;
- the right to request restriction of processing in certain circumstances;
- the right to object to certain types of processing, including processing based on legitimate interests and certain direct marketing;
- the right to data portability where applicable;
- the right to withdraw consent at any time where processing is based on consent;
- the right to lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before responding to your request.
16. Third-Party Websites and Services
The Website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices, content, or security of those third-party services. If you follow a link to a third-party site, your personal data will be subject to that third party’s own privacy policy and terms.
We recommend that you review the privacy notices of any third-party services you use.
17. Complaints
If you have concerns about how we handle your personal data, we ask that you contact us first so that we have an opportunity to address the issue.
If you are not satisfied with our response, you may have the right to lodge a complaint with the UK Information Commissioner’s Office (“ICO”) or, where applicable, another competent supervisory authority in your jurisdiction.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the law, our services, our data practices, or operational requirements. Any revised version will be published on this page with an updated “Last updated” date.
Your continued use of the Website after any such update will be subject to the revised Privacy Policy.
19. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales, without prejudice to any mandatory data protection rights or consumer protections that may apply under the laws of your country of residence.
20. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please contact us:
Email: [email protected]
Company: WAVE MOTION SHOP LTD
Registered address: 25 Effie Road, London, United Kingdom, SW6 1EL
