Privacy Policy
Effective 3 February 2026 • Compliant with the UK GDPR
This Privacy Policy explains how Radu Crew Ltd collects, uses, stores, and protects your personal data when you visit our website, create an account, or make a purchase through our marketplace. It applies to all visitors and customers, no matter where in the world you are based.
We are committed to being transparent about what we do with your information. We will never sell your personal data, and we will only use it in ways that are fair, lawful, and necessary. Please read this policy carefully — if you have any questions at all, do not hesitate to get in touch.
1. Who We Are
The data controller responsible for your personal information is Radu Crew Ltd, a company registered and based at 40 Nickelby Close, London, SE28 8LY, United Kingdom. When this policy refers to “we”, “us”, or “our”, it means Radu Crew Ltd.
As a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we have a legal responsibility to handle your personal data with care and in accordance with your rights. The regulator that oversees how we do this is the Information Commissioner’s Office (ICO).
2. What Personal Data We Collect
We only collect personal data that is necessary for the services we provide. The types of information we gather depend on how you interact with our platform. Below is an honest account of what we collect and where it comes from.
Data you give us directly. When you create an account, place an order, or contact our support team, we collect information such as your full name, email address, postal or delivery address, phone number, payment details (processed securely and not stored in full by us), and any messages or feedback you send us.
Data we collect automatically. When you browse our website or app, we automatically gather certain technical information. This includes your IP address, the type of device and browser you are using, the pages you visit, the time you spend on our site, and how you found us. This data helps us keep the platform running smoothly and understand how people use it.
Data from cookies and similar technologies. We use cookies and comparable tools to improve your experience on our site. For example, cookies help us remember what is in your basket, keep you logged in, and show you relevant content. Our separate Cookie Policy explains exactly which cookies we use and why — you can find it at the bottom of every page on our site.
Data from third parties. In some cases we may receive information about you from other sources, such as a payment processor confirming a transaction, or a delivery partner updating us on the status of your order. We only accept data from third parties where it is relevant to providing our service.
3. Why We Process Your Data
Every time we use your personal information, there is a specific reason behind it. We do not process data out of habit or curiosity. Here is what we use your information for and the legal basis on which we do so under the UK GDPR.
To fulfil your orders. When you buy something through our marketplace, we need your name, delivery address, and payment information to process the transaction and get your purchase to you. This is a contractual necessity — without it, we simply cannot provide the service you have asked for.
To manage your account. We use your email and login details to let you access your account, track your orders, and communicate with you about your purchases. Again, this falls under contractual necessity.
To keep our platform secure. We use technical data — such as IP addresses and login activity — to protect our systems from fraud, abuse, and unauthorised access. This is a legitimate interest that we pursue to keep both our business and our customers safe.
To improve our service. We analyse how people use our website so we can fix problems, add features, and make the experience better for everyone. The data we use for this purpose is anonymised wherever possible. This is also a legitimate interest.
To send you marketing communications. If you have opted in, we may send you emails or notifications about new products, offers, or updates from WTH Direct. You can withdraw your consent at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. This processing is based on your consent.
To comply with the law. There are situations in which we are legally required to process or retain certain data — for example, keeping financial records for tax purposes, or cooperating with law enforcement when required. This falls under legal obligation.
4. Our Legal Bases for Processing
Under the UK GDPR, we must have a lawful reason — known as a “legal basis” — for every type of personal data processing we carry out. We rely on the following:
Performance of a contract is the legal basis we rely on when processing your data is necessary to deliver a service you have requested. This covers everything from processing your payment and shipping your order to managing your account and communicating with you about a purchase. You do not need to give separate consent for this — by placing an order or creating an account, you are entering into a contract with us, and processing your data is a condition of that contract.
Legitimate interests allows us to process personal data when we have a genuine need to do so and that need is not outweighed by your rights and freedoms. We use this basis for things like protecting our platform from fraud, improving the performance of our website, and conducting basic analytics. Before relying on this basis, we always carry out a balance test to make sure our interests do not unfairly override yours. If you ever feel they do, you have the right to object — see Section 7 below.
Consent is the basis we use when we want to do something with your data that goes beyond what is strictly necessary — for example, sending you marketing emails or using non-essential cookies to personalise your experience. Your consent must be freely given, informed, and specific. You can withdraw it at any time without penalty, and withdrawing consent does not affect anything we have already done on the basis of that consent. We will never make consent a condition of using our service.
Legal obligation covers situations in which we are required by law to process or retain certain data. For instance, we must keep records of financial transactions for HMRC, and we may need to share information with authorities if required by a court order or legal investigation. We have no choice in these situations — the law requires us to act.
5. Who We Share Your Data With
We do not sell your personal data to anyone. However, in order to run our marketplace, we do need to share certain information with trusted third parties. We only share what is necessary, and we make sure these partners handle your data responsibly.
Payment processors. When you make a purchase, your payment details are passed securely to our payment provider to complete the transaction. They do not receive more information than they need, and they are bound by their own strict data protection policies.
Delivery and logistics partners. To get your order to you, we share your name and delivery address with the courier or shipping company handling the parcel. They use this information solely to deliver your goods.
Technology and hosting providers. Our website and systems are hosted and maintained by third-party providers. They may have access to technical data as part of their service, but they are contractually bound not to use it for any purpose other than supporting our platform.
Legal and regulatory bodies. If we are required by law, court order, or a regulatory authority to disclose your data, we will do so. We will tell you about this wherever we are legally permitted to.
6. International Data Transfers
Because we are an online marketplace, some of the services we use — such as cloud hosting or payment processing — may be operated by companies based outside the United Kingdom. This means your personal data could, in some cases, be transferred to or accessed from countries outside the UK.
We take this responsibility seriously. Before we allow any international transfer to happen, we make sure there is an appropriate safeguard in place. This might be an adequacy decision from the UK government confirming the destination country has strong enough data protection laws, or it might be Standard Contractual Clauses — a set of legally binding terms that require the receiving party to protect your data to the same standard as we do here in the UK.
If you would like to know more about any specific international transfer, or if you have concerns, please contact us and we will be happy to explain.
7. Your Data Protection Rights
Under the UK GDPR, you have a number of important rights regarding your personal data. These rights exist to give you control over your own information. You can exercise any of them by emailing us at privacy@wthdirect.co.uk. We will always respond within one calendar month, and there is no charge for making a request.
👁️ Right of Access
You can ask us to give you a copy of the personal data we hold about you. This lets you check what we have and make sure it is accurate.
✏️ Right to Rectification
If any of the personal data we hold is inaccurate or incomplete, you can ask us to correct or update it. You can also do this yourself through your account settings for most fields.
🗑️ Right to Erasure
You can ask us to delete your personal data in certain circumstances — for example, if we no longer need it for the purpose it was collected, or if you withdraw your consent. There are some situations where we cannot erase data, such as when we are legally required to keep it, and we will explain this if it applies.
⏸️ Right to Restriction
You can ask us to stop using your personal data in certain situations — for instance, if you think the data is inaccurate and want us to pause while we check. While restricted, we can still store the data, but we will not actively process it.
📦 Right to Data Portability
You can ask us to give you your personal data in a structured, commonly used, machine-readable format — such as a CSV file. This makes it easier for you to move your data to another service if you wish.
🚫 Right to Object
You can object to us processing your data on the basis of legitimate interests. If you object to us using your data for direct marketing, we must stop immediately — no exceptions. For other uses, we will review your objection and stop processing unless we have a compelling reason to continue.
8. How Long We Keep Your Data
We do not keep your personal data longer than we need to. Once the reason we collected it no longer applies, we will either delete it or anonymise it so it can no longer be linked back to you.
For example, if you create an account with us, we will keep your account data for as long as your account is active. If you close your account, we will delete your personal information within a reasonable time, unless we are legally required to retain certain records — such as financial transaction data, which we may need to keep for up to six or seven years for tax and legal compliance purposes.
Data we collect automatically — such as browsing logs and analytics — is typically retained for no more than twelve months before being anonymised or deleted. Cookies are managed according to their individual expiry dates, which are set out in our Cookie Policy.
9. How We Protect Your Data
The security of your personal information is something we take very seriously. We have put in place a range of technical and organisational measures to protect your data from unauthorised access, loss, or misuse.
All data transmitted between your device and our servers is encrypted using SSL (Secure Sockets Layer) technology — you will see the padlock icon in your browser when you are on our site. Your payment details are handled by a PCI DSS-compliant payment processor, and we never store full card numbers on our own systems.
We limit access to your personal data within our organisation to only those people who genuinely need it to do their jobs. We also conduct regular reviews of our security practices to make sure they remain up to date.
No method of data transmission over the internet is 100% secure, and we cannot guarantee absolute protection. But we will always do everything reasonably possible to keep your information safe.
10. Children’s Privacy
Our marketplace is not intended for children under the age of 18. We do not knowingly collect personal data from children. If we ever become aware that we have accidentally received data from a child under 18, we will delete it as quickly as possible.
If you are a parent or guardian and you believe a child has provided us with their personal information, please contact us at privacy@wthdirect.co.uk and we will take immediate action.
11. Complaints and the ICO
If you are unhappy with how we have handled your personal data, or if you believe we have breached this policy, we would like to hear from you first. Please contact us at privacy@wthdirect.co.uk and we will do our best to resolve things for you.
If you are still not satisfied after speaking with us, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the UK’s independent data protection regulator. You can do this at ico.org.uk or by calling the ICO helpline on 0303 123 1113.
12. Changes to This Policy
From time to time, we may need to update this Privacy Policy — for example, if we start using your data in a new way, or if the law changes. When we do, we will update the effective date at the top of this page and, if the changes are significant, we will let you know by email.
We encourage you to check this policy now and then. By continuing to use our website after a change, you are accepting the updated policy.