General Data Protection Regulation (GDPR)

Yanelex Limited ("We") are committed to protecting and respecting your privacy.

On May 25th 2018, a new European privacy regulation called the General Data Protection Regulation (GDPR) came into effect. GDPR applies to companies that are based in the EU and global companies that process personal data about individuals in the EU. It provides citizens of the EU with greater control over their personal data and assurances that their information is being securely protected across Europe.

For the purpose of the Data Protection Act 1998 (the Act), the data controller is Yanelex Limited of 18 Norfolk Square, Paddington, London W2 1RS with company number 07104239.

Our promise and preparation

As a company, we comply with all previous EU Data Protection Law (1998 Act) and will continue to comply with new GDPR Law (2018 Act), by doing the following:

  • Providing customers’ the right to access - this means that individuals have the right to request access to their personal data and to ask how their data is used by Yanelex Limited after it has been gathered. Yanelex Limited will at all times provide a copy of the personal data, free of charge and in electronic format when requested.
  • Providing customers’ the right to be forgotten - if consumers are no longer customers, or if they withdraw their consent from Yanelex Limited to use their personal data, then they have the right to have their data deleted.
  • Providing customers’ the right to data portability - individuals have a right to transfer their data from one service provider to another and it must happen in a commonly used and machine readable format.
  • Providing customers’ the right to be informed - this covers any gathering of data by Yanelex Limited and all individuals must be informed before data is gathered. Consumers have to double ‘opt-in’ for their data to be gathered and consent must be freely given rather than implied.
  • Providing customers’ the right to have information corrected - this ensures that individuals can have their data updated if it is out-of-date, incomplete or incorrect.
  • Providing customers’ the right to restrict processing - individuals can request that their data is not used for processing and that their records can remain in place, but not be used.
  • Providing customers’ the right to object - this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.
  • Providing customers’ the right to be notified - if there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.

Map our company’s data

We mapped and continue to map where all of the personal data in our entire business comes from and document what we do with the data. We identify where all this data resides, who can access it and if there are any risks to the data.

Data we process

As a mail order online retailer, for us to be able to process customer orders and deliveries, we require certain information. At the time of purchase, you will be required to provide us with personal information:

  • Contact details (full name, email address and telephone number), to fulfil orders correctly.
  • Address details (billing and shipping address), for fraud protection and card processing requirements.

Additional information such as your Date of Birth may also be asked for. This is because some of our products/services are age restricted and this is to ensure that one purchasing is over the legal age relevant to our website.

In addition to holding your personal details on file (so as to process orders), there are other forms and submit requests such as ‘Contact Us’ and ‘Newsletter’ forms/fields. This information will be kept on file, so please be aware that by providing us with your details you have consented that you are happy for us to store this information. However, please note that under new GDPR legislation, you are able to remove your details from our system at any time.

Where we store your personal data

The data we collect from you may be transferred to, and/or stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us, other members of our group, or for one of our suppliers. By submitting your personal data, you agree to this transfer. We will take all steps reasonably necessary and within our reasonable control to ensure that where we act as data controller your data is treated securely and in accordance with this privacy policy. Information you provide to us is stored on our servers or those of our subcontractors.

Where our Website is an ecommerce site, all information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Put security measures in place

We have developed and implemented safeguards throughout our infrastructure to help contain any data breaches. We have put security measures in place to guard against data breaches and taking quick action to notify individuals and authorities in the event a breach does occur.

Review our documentation

All our privacy statements and disclosures comply where necessary.

Changes to GDPR

We will notify all accordingly should there be any changes in GDPR and also by changing it on our Website.


Questions, comments and requests regarding this GDPR policy are welcomed and should be addressed to our GDPR Data Controller responsible -