Privacy Policy:


Privacy Policy

Last updated: 27 June 2025

1. Who we are

www.bandurai.com (“we”, “us”, “our”) is operated by bandurai.com, a sole trader. A business operated in the United Kingdom. You can contact us at johann@bandurai.com.

2. What personal data we collect

Category

Examples

Legal basis (UK GDPR)

Account details

Name, email, password

Contract – to create and manage your account

Usage data

Pages visited, time on site, clicks

Legitimate interest – to improve our site

Cookies & similar tech

Session cookies, analytics cookies

Consent – except strictly-necessary cookies

Contact data

Messages you send us, support queries

Legitimate interest / Consent when you opt in

Marketing preferences

Newsletter opt-in status

Consent

We do not knowingly collect special category (“sensitive”) data.

3. How we use your data

  • To provide and personalise our services

  • To understand how our website is used and improve performance

  • To respond to enquiries and provide customer support

  • To send marketing emails only if you have opted in (you can unsubscribe at any time)

  • To meet legal, regulatory, or security obligations

4. Cookies

We use cookies and similar technologies to:

  1. Keep you signed in (strictly necessary)

  2. Measure website traffic via Google Analytics/Matomo (non-essential; consent required)

You can manage cookies through your browser settings or our on-site cookie banner.

5. Sharing your data

We never sell your data. We share it only with:

  • Service providers who help us run the site (e.g., hosting, email, analytics)

  • Regulators, law-enforcement, or courts where we must comply with the law
    All suppliers are vetted, bound by confidentiality, and (where outside the UK) covered by an adequacy decision or Standard Contractual Clauses.

6. Data retention

We keep your personal data only as long as necessary:

  • Account data: while your account is active + 6 years (for tax/audit)

  • Analytics data: 14 months

  • Marketing data: until you unsubscribe or after 2 years of inactivity

7. Your rights

Under the UK GDPR you can:

  1. Access the personal data we hold on you

  2. Correct inaccurate or incomplete data

  3. Erase your data (“right to be forgotten”)

  4. Restrict or object to our processing

  5. Port your data to another service

  6. Withdraw consent at any time (this won’t affect prior processing)

To exercise any right, email johann@bandurai.com. We’ll respond within one month.

8. Security

We use industry-standard HTTPS encryption, regular security audits, and role-based access controls to protect your data. No method is 100 % secure, but we take reasonable steps to minimise risk.

9. Children

Our website is not intended for children under 13. If you believe a child has provided us data, please contact us and we will delete it.

10. Third-party links

Our site may link to external websites. We have no control over their privacy practices; please read their privacy policies.

11. Changes to this policy

We may update this policy from time to time. Significant changes will be announced on our website or via email. The latest version is always available here.

12. Contact us

Questions? Write to us at johann@bandurai.com