Privacy Policy

1. About this policy

Fourex Group is committed to protecting the privacy of its data subjects by handling data it collects in a safe and responsible way. For the purposes of the UK General Data Protection Regulation (‘UK GDPR’), Fourex Group is the data controller for any personal data it holds.

This policy sets out how Fourex Group will do this.

2. Types of data Fourex Group collects

Fourex Group will collect and process personal data.
Personal data only includes information relating to living individuals where they can be either:

• directly identified from a piece of information
• indirectly identified from a combination of information

The personal data it collects for customers includes:

• name, address and contact details including email address and telephone number
• technical information including IP addresses, browser type, device information and cookies (for website functionality, order tracking, analytics, fraud prevention)
• details about product purchases and payments
• any correspondence to and from you including feedback and complaints
• marketing and communications data including your preferences in receiving marketing and communications from us and third parties.

The personal data it collects for employees includes:

• name, address, date of birth, gender and contact details including email address and telephone number
• qualification details including skills, experience and employment history
• recruitment information including right to work documents, CVs and covering letters
• bank account details, national insurance number and tax status
• information about next of kin and emergency contacts

For employees, it also collects sensitive personal data. Sensitive personal data is a type of data that reveals or concerns an individual’s:

• race or ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data
• biometric data (when used for identification purposes)
• health
• sex life
• sexual orientation

The sensitive personal data it collects includes:

• trade union membership information
• information on criminal convictions and/or offences
• health and sickness records
• information relating to equal opportunities monitoring including ethnic origin, sexual orientation, disability and religion

3. Why Fourex Group collects this data 

Fourex Group collects this information so it can comply with its legal obligations as well as the following:

• registering you as a customer of its online store
• receiving and fulfilling customer orders
• contacting you in relation to queries, orders, feedback, or complaints
• if you have opted in to receive marketing communications, Fourex Group will use your contact information to communicate with you about its services and provide you with marketing materials
• performance of a contract to which you are a party
• internal administration and record keeping purposes
• notifying you of any changes to our privacy policy

For employees, Fourex Group collects information so it can comply with its legal and health and safety obligations and for the following reasons:

• allowing Fourex Group to build a comprehensive picture of its workforce including its diversity
• shaping the development and retention of its employees
• shaping the development of its policies
• allowing employees to be properly paid
• allowing employees to have the appropriate employee benefits provided

4. Legal basis for processing data

There are 6 grounds for lawfully processing personal data. These are:

• consent
• contract
• legal obligation
• vital interests
• public task
• legitimate interests

Fourex Group processes the data it collects on the following bases:

• contract performance: to process orders, deliver products, manage returns, send order confirmations and invoices.
• legal compliance: accounting, sales records, VAT reporting.
• legitimate interests: for website security, analytics, fraud prevention, customer service.
• consent: for marketing communications such as newsletters, promotions via email and SMS

With regards to processing special category data Fourex Group processes the information on the grounds of explicit consent from the data subject or where the processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment.

5. Data retention

 Fourex Group follows the UK GDPR rules on data retention. This means it:

• only keeps data for as long as it is needed – all data is retained for the shortest length of time necessary e.g. 7 years for order records, 2 years after last activity for inactive accounts
• will securely delete or anonymise documents no longer needed
• complies with requests for data to be changed or deleted as long as there are no other legal grounds or overriding legitimate grounds to not do so
• complies with an individual’s request to see data held on them unless there are exemptions under the UK GDPR that apply
• carries out data audits to make sure it doesn’t keep data for longer than necessary and to help responses to subject access requests

6. Sharing data

Internal data sharing

Fourex Group may share data internally with relevant departments such as managers or supporting staff. However, this will only be done if it is required.

Business Partners

Fourex Group regularly shares data with third parties outside of the organisation. It may share your personal data with third parties whose products it offers on its platforms and who have a licensed brand relationship with it (“Business Partners”), including its appointed service providers. Where appropriate and based on mutual legitimate interests, it may share information such as your:

• name
• contact details
• voluntarily provided data
• browsing behaviour
• purchase history when you buy merchandise associated with a Business Partner
• marketing and communication preferences

These Business Partners may use that data for their own business purposes and are responsible for how they use the personal data received in accordance with their own privacy policy.

Please note, however, that once data has been shared, Fourex Group does not control how those partners handle it. You should contact the Business Partners directly to learn about their privacy practices or to exercise any rights you may have, such as opting out of future communications.

Third-Party Services

Fourex Group uses third-party platforms and software providers to help deliver and manage aspects of its business. This includes Brevo, which it uses to support its email marketing efforts and its eCommerce Stores are powered by WooCommerce and Shopify.

These providers may access your data only as needed to perform its functions on Fourex Group’s behalf and are required to keep your data secure and confidential.

Other Use Cases

Fourex Group may disclose your personal data in connection with the potential or actual sale of its business or assets, including mergers, acquisitions, or restructuring, when necessary for evaluation and continuity purposes.

It may also publish or share data with your consent in connection with competitions, events, community initiatives, or promotional activities in which you participate.

Where necessary, Fourex Group may transfer personal information outside of the UK. When doing so, it and any third parties it partners with, comply with the UK GDPR, making sure appropriate safeguards are in place.

7. Cookies

Fourex Group’s website uses cookies, including Google Analytics, to obtain an overall view of user habits and visitor volumes. Cookies are small pieces of information sent to your computer and stored on its hard drive which allows this website to recognise you when you visit.

It is possible to switch off cookies via your browser settings. For more information on cookies, please visit Fourex Group’s cookie policy.

8. Data subjects’ rights

Fourex Group is obligated to inform data subjects of their data protection rights. Data subjects have the right to:

• access – data subjects can request Fourex Group provide them with the personal data it holds on them
• rectification – data subjects can request Fourex Group correct information on them that they believe to be incorrect
• erasure – personal data can be deleted under certain conditions
• restrict processing and is where Fourex Group restrict processing of personal data under certain conditions
• object to processing – this is where data subjects can object to their personal data being processed under certain conditions
• data portability – data subjects can request Fourex Group transfer data it collects on them to a third party or to them under certain conditions
• rights related to automated decision-making and profiling – data subjects have the right to not be subject to decisions based solely on automated processing (including profiling) that have legal or significant effects, and can request human intervention or challenge such decisions

9. Withdrawing consent

For personal data held purely by consent, data subjects have the right to withdraw consent if they change their mind about Fourex Group having access to their personal data.

If you have previously subscribed to receive marketing material, but no longer wish to receive all or certain types of marketing material, or for Fourex Group to provide your data to third parties for marketing purposes, you may unsubscribe to this service. To do so, you can click on the ‘unsubscribe’ link in the marketing email foot or contact Fourex Group by email at online@fourexgroup.com.

If you do not wish to receive marketing material from us, we will retain a small amount of personal contact information, so that we can record your marketing preferences.

You also have the right to refuse Fourex Group’s request to process your personal data for marketing purposes, by electing to not provide your consent. Fourex Group will ask for your consent, before or at the point of collecting your personal data, if it intends to use your personal data for marketing and business development purposes, or if it intends to disclose your information to any third party for such purposes.

10. Making a complaint

If a data subject wishes to complain about how Fourex Group have handled their personal data they should contact Fourex Group by email at online@fourexgroup.com.

If data subjects remain unhappy with how Fourex Group used their data after raising a complaint with Fourex Group, they can complain to the Information Commissioner’s Office.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

The ICO’s helpline number is 0303 123 1113 or you can make a complaint online.

11. Last updated

This policy was last updated on 08 August 2025.

Fourex Group may change this policy from time to time. When it does, it will inform you via email and banner notice on this website.

Resources & Further Information

• Data Protection Act 1998
• Privacy and Electronic Communications Regulations 2003
• Privacy and Electronic Communications Regulations 2003 – The Guide
• Twitter Privacy Policy
• Facebook Privacy Policy
• Google Privacy Policy
• Linkedin Privacy Policy
• Mailchimp Privacy Policy