Xiza Commerce Engine
Get in touch

Privacy Policy

Last updated: March 2026

1. Who We Are

Xiza Commerce Engine is operated by Xiza Ltd. This policy explains how we collect, use, and protect personal data when you browse this site, create an account, place an order, or contact us.

2. Information We Collect

We collect information that is needed to run this website, process orders, and support customers. This can include:

  • Account and contact details: Your name, email address, telephone number, company details, and delivery or billing addresses.
  • Transaction data: Order contents, order history, fulfilment updates, refunds, and payment status.
  • Technical data: IP address, browser details, device information, and site usage events.
  • Support communications: Messages, attachments, and service requests you send to us.

3. How We Use Your Information

We use personal data only where there is a valid business or legal reason to do so. Typical uses include:

  • Service delivery: To run the website, create accounts, manage carts, process checkouts, and deliver operational emails.
  • Payments and fulfilment: To take payment, prevent fraud, and coordinate dispatch and delivery.
  • Support and service improvement: To respond to enquiries, fix issues, and improve the customer experience.
  • Analytics and performance: To understand site usage and measure operational or marketing performance.
  • Legal compliance: To meet tax, accounting, security, and regulatory obligations.

4. Legal Basis for Processing

Under UK GDPR and related data protection law, we rely on one or more of the following lawful bases:

  • Contract: Where processing is needed to provide the service or complete an order.
  • Legitimate interests: Where processing helps us secure, support, and improve the website and customer service.
  • Legal obligation: Where we must keep records, respond to regulators, or prevent unlawful activity.
  • Consent: Where consent is needed, for example for optional analytics or marketing preferences.

5. Sharing Information with Service Providers

We use a limited number of trusted service providers to help us run the website and fulfil orders. Depending on the workflow, data may be shared with:

  • Payment providers: to process payments securely and prevent fraud.
  • Delivery and fulfilment partners: where shipment or collection details need to be passed on.
  • Website, analytics, or communications providers: where they help us host the site, monitor performance, or reply to customers.
  • Professional advisers or regulators: where disclosure is required for legal, accounting, or compliance reasons.

We do not sell personal data. We share it only where needed to run the website, fulfil orders, comply with the law, or protect customers and the business.

6. Cookies and Analytics

The site uses cookies and similar technologies for essential functionality and, where enabled, for analytics and marketing measurement.

  • Essential cookies: Required for sessions, cart handling, authentication, and checkout.
  • Analytics cookies: Used to understand visits, journeys, and performance where configured.
  • Marketing cookies: Used only where applicable tracking has been enabled for the storefront.

You can manage cookies through your browser settings. Blocking essential cookies may affect site functionality.

7. International Transfers, Retention, and Security

Some providers we use may process data outside the UK. Where this happens, we use appropriate safeguards. We keep personal data only for as long as needed for service delivery, support, fraud prevention, and legal or accounting requirements. Commercial records may be retained for up to 7 years where required.

8. Your Rights

Under UK data protection law, you may have the right to:

  • Access: Ask for a copy of the personal data we hold about you.
  • Correction: Ask us to correct inaccurate or incomplete data.
  • Deletion: Ask us to erase data where there is no valid reason to keep it.
  • Restriction or objection: Ask us to limit or stop certain processing.
  • Portability: Ask for data you provided to be supplied in a portable format where applicable.

To exercise any of these rights, please contact us at misha@xiza.co.uk.

9. Complaints

We use appropriate technical and organisational controls to protect personal data. If you are unhappy with how we have handled your information, you can contact us first or raise a complaint with the Information Commissioner's Office at ico.org.uk.

10. Changes to This Policy

We may update this policy from time to time. The latest version will always be published on this page.

11. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Xiza Ltd. This policy applies to ecommerce.xiza.co.uk.