Order samples
Legal

Privacy Policy.

What data we collect, why we collect it, how we look after it, and what rights you have. Written to be read — not just filed.

Last updated: January 2026 · Abis Consulting Limited (trading as Chirpi Walls) is the data controller for the purposes of UK GDPR and the Data Protection Act 2018

1. What we collect

We only collect what we need to take your order, dispatch it, help you if something goes wrong, and improve what we do next time. Specifically:

  • Contact details — name, email, delivery address, billing address, phone number
  • Order history — products purchased, dates, delivery records
  • Payment data — handled by our PCI-DSS compliant payment processor (Stripe); we never see or store full card numbers
  • Sample requests — address and product selections for free sample dispatch
  • Correspondence — emails, phone logs, live chat transcripts, to help us resolve queries
  • Website analytics — anonymised data on how visitors use the Website, collected via cookies (see below)

2. Why we use it

  • To fulfil orders and deliver products
  • To respond to enquiries and provide customer support
  • To send transactional emails (order confirmation, dispatch notifications)
  • To send marketing emails — only if you’ve opted in, and only until you opt out
  • To comply with our legal obligations (invoicing, tax records, warranty claims)
  • To improve the Website and our product range based on aggregated usage patterns

3. Legal basis

We rely on the following lawful bases under UK GDPR:

  • Contract — to fulfil your order and provide customer service
  • Legal obligation — to keep accounting records, issue invoices and comply with consumer law
  • Consent — for marketing emails and non-essential cookies; you can withdraw this at any time
  • Legitimate interest — to improve our services and prevent fraud

4. Who we share data with

We do not sell your data. We share only with trusted suppliers who help us deliver our service:

  • Couriers — your name and delivery address, to get your pallet to the right door
  • Stripe — payment processing
  • Email service provider — for transactional and (with consent) marketing emails
  • Cloud hosting — where the Website and databases live
  • Accountants & auditors — for statutory financial reporting
  • Law enforcement — where legally required

5. How long we keep it

Order records and invoices are retained for 7 years, as required by HMRC. Marketing consent records are retained for 2 years after your last interaction. Sample request data is deleted after 12 months. You can request earlier deletion at any time (see Rights below).

6. International transfers

Some of our suppliers (notably Stripe and email services) process data outside the UK. Where they do, we rely on Standard Contractual Clauses and adequacy decisions to ensure your data is protected to the same standard as under UK GDPR.

7. Cookies

We use the following types of cookies:

  • Essential — required for the Website to work (basket, checkout, login). Always on.
  • Analytics — Google Analytics, anonymised. Off by default, switched on if you consent.
  • Marketing — for measuring the performance of our advertising. Off by default.

You can change your preferences any time from the cookie banner or your browser settings.

8. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectify — correct inaccurate data
  • Erase — ask us to delete your data ("right to be forgotten"), subject to legal retention
  • Restrict — limit how we process your data
  • Port — receive your data in a portable format
  • Object — to processing based on legitimate interest or for marketing
  • Withdraw consent — for anything we do on a consent basis

To exercise any of these rights, write to the Data Protection Lead at our registered office. We respond within 30 days.

9. Complaints

We’d rather you came to us first, but you have the right to complain directly to the Information Commissioner’s Office at ico.org.uk or on 0303 123 1113.

10. Security

We protect your data with industry-standard encryption in transit (TLS 1.3) and at rest. Access is restricted to staff who need it for their role. We have a documented incident response plan and will notify you and the ICO within 72 hours of any breach affecting your data.

11. Children

Our services are not directed at children under 16 and we do not knowingly collect their personal data.

12. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email if we hold your address, or flagged on the Website. The version in force is always the one at this URL.

13. Contact

Privacy questions? Write to the Data Protection Lead, Abis Consulting Limited (trading as Chirpi Walls), 20–22 Wenlock Road, London, N1 7GU, United Kingdom.