Box Ltd Privacy Policy

For our candidate privacy policy please click here

Purpose of this privacy policy

This policy is designed to provide you with information about how we use the personal data and information that you provide to us during your use of the website (the “Site”), and any related communication between us.

It is important that you read this privacy policy so that you are aware of and understand what personal data we collect from you and how we use it.

About us

We are Box Ltd, a company incorporated in England with company number 03224094 (“we” “us” or “our”). Our registered address is Unit 4, St Modwen Park, Signet Way, Dordon, Tamworth, B78 2FG. We are the data controller.

What information do we collect from you?

We will collect and process the following data about you:

Opening an account, placing an order and managing your account

  • Information provided by you to us when opening an account and placing an order with us. This information will include your name, delivery address, billing address, e-mail address, telephone number, financial information (such as credit or debit card number, and expiry date, which is stored in a tokenised format) and unique identifiers (such as your username and password).  Passwords are hashed so they are not visible to us.
  • Information relating to orders you have placed with us and payments to and from you.

Using our website

  • Information that you provide by filling in forms on our Site. This includes information provided at the time of subscribing to join the Box Offers Club.
  • Information that we automatically receive and record from your browser or your mobile device when you visit our Site, such as your IP address or unique device identifier, the cookies you accept and data about which pages you visit.  
  • Device-specific information that we may automatically collect when you use our Site. This information may include information such as the hardware model, operating system information, browser information and device identifiers.
  • Information about how you use our Site.
  • Information that you provide us with if you enter a competition or other promotional feature on our Site, such as name, address, e-mail address, telephone number and country of residence.  

Contacting us

  • Records of any correspondence we have with you. We may monitor or record any communications we have with you, including phone calls and emails.

Business Customers

  • Information provided by you to us. This information will include contact details of a point of contact within your organisation and/or person whom we will be requi8red to provide support to, including but not limited to; address, billing address, e-mail address, telephone number, financial information (such as credit or debit card number, and expiry date, which is stored in a tokenised format) and unique identifiers (such as your username and password).  Passwords are hashed so they are not visible to us.

How do we use this information?

We use information about you in the following ways:
Opening an account, placing an order and managing your account

  • To open your account on our Site and maintain your records
  • To process your order and arrange delivery or collection of your products
  • To contact you in relation to your order
  • To process payments from you or to you
  • To respond to your requests and queries
  • To check that your payment card is not being used without your consent
  • To provide warranty support
  • Asking you to leave a review of our service.

Ensuring the Quality of our Service & Effectiveness of our Site

  • To help train our staff and improve our customer service.
  • To ensure that content from our Site is presented in the most effective manner for you and for your device.

Marketing & Competitions

  • To make suggestions and recommendations to you about products that may be of interest to you or to make you aware of special offers or promotions . This may be via the Site, or by email, SMS, telephone, social media or post.
  • To telephone you to check if you need any help with your orders.
  • To run competitions and to contact you if you are the winner.
  • If you are on a social media platform, we may use the contact details we collected from you when you set up your account and/or placed an order and combine this with information which the social media platform holds. We will do this so that we can find your social media platform account. We may then contact you or market to you via the platform.

Internal Business Purposes

  • For internal purposes, such as website and system administration.
  • To carry out data analytics, including which parts of our Site you visit in order to improve our Site, for marketing purposes and to improve our customer experience.
  • To comply with our legal and regulatory obligations, including for crime and fraud prevention purposes.

On what basis are we entitled to process your data?

We will only use your personal data when the law allows us to. Data protection law sets out a number of different legal grounds upon which data controllers can legally process personal data.

In most cases, we process your data in order to take steps at your request before entering into a contract with you, or because the processing is necessary to perform our contract with you.

If the processing is not related to your contract, we will process your information on one of the following bases:

  • You have given clear consent for us to process your personal data.
  • Our legitimate interests, which include:
    • developing our products and growing our business
    • carrying out data analytics to help us predict future market trends and customer behaviour
    • to improve our Site and your experience of using it, including customising your experience
    • to understand the types of products that you are interested in
    • to develop our business and inform our marketing strategy
    • to run our business, administer our Site and ensure its security
    • to prevent fraudulent purchases on our Site
    • to improve service quality and compliance.

In accordance with data protection law, we make sure we consider and balance any potential impact on you and your rights before we process your data for our legitimate interests. If the potential impact on you and your rights overrides our legitimate interests, we will not process your data, unless we are able to do so using a different legal basis.

Where the processing is necessary to comply with our legal obligations, a court order or to exercise or defend legal claims.

How long we will keep your data for?

If you have ordered through, once the order has been on our system for 30 days your data is anonymised. Amazon require that we keep the data in an off-line archive in case they are ever needed for legal or compliance reasons.

If you have ordered through our website, we will keep your data for a maximum of 7 years. This is to enable us to retrieve your data if there is a dispute or you bring a claim against us during the statutory 6 year limitation period and to comply with HMRC’s requirements in relation to keeping records. Our customer database is cleansed annually and all customer data that is no longer required is deleted.

Who do we disclose your information to?

Our service providers

We may need to pass on your information to service providers who provide services on our behalf. During the life of our relationship, it is likely that the identity and categories of third parties will change.  Your data will only be used by our third-party providers to provide the requested services to us and each service provider is subject to a set of terms consistent with this Privacy Policy.

At the time of writing this Privacy Policy, we use the following service providers to provide us with services:

  • our authorised repairer Mendit Computer Repairs Limited
  • our payment services providers
  • third party payment providers who are integrated into our Site. When you pay using one of these methods e.g. Paypal, you are redirected to the provider’s portal. . Your use of these services is subject the terms and conditions and the privacy policies of these payment providers. This includes where you choose to pay by finance.
  • providers of IT security services
  • third party databases, against which we will validate your details in order to verify your identity and prevent fraud.  To perform these checks your personal information may be disclosed to a registered Credit Reference Agency, which may keep a record of that information. This is done only to confirm your identity, a credit check is not performed and your credit rating will not be affected.
  • providers of delivery services, such as Royal Mail, DPD and PAACT
  • providers of email distribution services
  • providers of competitions platform and virtual agents
  • to Google Customer Reviews and Reevoo, to enable you to rate your purchase experience with us
  • manufacturers and providers of warranty services.

Other third parties

We may provide your information to the manufacturer of any device you have bought, so that they can repair it under warranty. 

On occasion, if we do not have items in stock, we may ask our supplier to send your items to you directly. In that case, we will need to provide them with your order and delivery details.

We may disclose your personal information to any member of our group, which means our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may also disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • You request or authorise the disclosure of information to a third party.
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers is likely to be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation.

Do we transfer your data outside of the UK?

Some of our third party service providers may be based outside of the UK. If the service that these service providers provide involve the processing of your personal data, this will also involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.


Our Site uses cookies to collect user information from the Site. This helps us to enhance your experience of using the Site. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. For further information visit or You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Your rights

As a data subject, you have the following rights:

  • The right to be informed of the use of your personal data. This privacy policy provides you with this information.
  • The right to request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • The right to require the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • The right to request erasure of your personal data (commonly known as “the right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where you have withdrawn your consent and there is no other legal ground for us to process the data.
  • The right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
  • The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • If you want us to establish the data's accuracy.
    • Where our use of the data is unlawful but you do not want us to erase it.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • The right to object to the processing, on grounds relating to your particular situation, where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • In limited circumstances, you may have the right to request to receive personal data in a structured, commonly used and machine-readable format. You have the right to transmit the data in this format to another data controller.

If you have a complaint in relation to the processing of your data carried out under this privacy policy, you have the right to lodge a complaint with your local supervisory authority.

The local supervisory authority in the UK is the Information Commissioner’s Office (Home | ICO). If you are located in the European Union, you can find the details of your local supervisory authority Data Protection Authorities - European Commission (

How to contact us

If you have any questions about how we use your personal data or if you’d like to exercise any of your rights, please contact us. You can get in touch by emailing us at [email protected] or by post at Data Protection, Box Ltd, Unit 4, St Modwen Park, Signet Way, Dordon, Tamworth, B78 2FG.

Experiment Active Variation
Site Skin Removal No
New Header No
Attach Screen Redesign No