GDPR COMPLIANCE

GDPR PRIVACY POLICY.

Last Updated: 12 March 2026

1. INTRODUCTION AND SCOPE

EVDOPES LTD ("we," "us," "our," or the "Company") is committed to protecting the privacy and personal data of all individuals who interact with our services, website, and business operations. This GDPR Privacy Policy and Data Protection Notice ("Policy") sets forth our practices regarding the collection, processing, storage, and protection of personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR"), the UK GDPR as retained in UK law, and all applicable data protection legislation.

This Policy applies to all personal data processed by EVDOPES LTD, whether collected through our website, mobile applications, customer service interactions, marketing activities, or any other means. By accessing our services or providing your personal data, you acknowledge that you have read and understood this Policy.

2. DATA CONTROLLER INFORMATION

For the purposes of data protection law, the data controller is:

EVDOPES LTD

Company Number: 16333128

Registered Office: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

Email: contact@evdopes.group

We have not appointed a Data Protection Officer (DPO) as we do not meet the statutory thresholds requiring such appointment under Article 37 GDPR. However, all data protection queries should be directed to the contact email above.

3. LEGAL BASIS FOR PROCESSING

We process personal data only where we have a valid legal basis under Article 6 GDPR. The legal bases we rely upon include:

3.1 Contractual Necessity (Article 6(1)(b))

Processing necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. This includes processing required to provide our services, process transactions, and manage customer accounts.

3.2 Legal Obligation (Article 6(1)(c))

Processing necessary for compliance with legal obligations to which we are subject, including tax and accounting requirements, regulatory compliance, and law enforcement requests.

3.3 Legitimate Interests (Article 6(1)(f))

Processing necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your fundamental rights and freedoms. Our legitimate interests include business administration, fraud prevention, network and information security, and direct marketing (where consent is not required).

3.4 Consent (Article 6(1)(a))

Processing based on your explicit consent, particularly for marketing communications, cookies and tracking technologies (where required), and processing of special categories of personal data. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.5 Vital Interests (Article 6(1)(d))

Processing necessary to protect your vital interests or those of another natural person, applicable in emergency situations.

4. CATEGORIES OF PERSONAL DATA PROCESSED

We collect and process the following categories of personal data:

4.1 Identity Data

Full name, title, date of birth, gender, and photographic identification where required for verification purposes.

4.2 Contact Data

Postal address, email address, telephone numbers, and other contact details provided by you.

4.3 Financial Data

Payment card details, bank account information, billing address, and transaction history. Please note that full payment card details are processed by our PCI-DSS compliant payment processors; we do not store complete card numbers.

4.4 Technical Data

Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access our services.

4.5 Usage Data

Information about how you use our website, products, and services, including page response times, download errors, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

4.6 Marketing and Communications Data

Your preferences in receiving marketing from us and our third parties, your communication preferences, and records of your interactions with our marketing materials.

4.7 Professional Data

Where applicable, job title, employer name, professional qualifications, and employment history.

We do not intentionally collect special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, health data, or data concerning sex life or sexual orientation) unless explicitly provided by you with your explicit consent or where required by law.

5. PURPOSES OF PROCESSING

We process your personal data for the following specific purposes:

5.1 Service Provision

To provide our products and services, process your orders, manage your account, and fulfill our contractual obligations to you.

5.2 Customer Support

To respond to your inquiries, troubleshoot problems, and provide technical support.

5.3 Payment Processing

To process payments, prevent fraud, and manage billing and collection activities.

5.4 Legal Compliance

To comply with applicable laws, regulations, court orders, and government requests, including tax and accounting obligations.

5.5 Business Operations

To manage our business operations, maintain our IT systems, conduct internal audits, and enforce our terms and conditions.

5.6 Marketing and Communications

To send you promotional materials, newsletters, and information about products and services that may interest you, where permitted by law and in accordance with your preferences.

5.7 Analytics and Improvement

To analyze usage patterns, improve our website and services, develop new products, and conduct market research.

5.8 Security

To protect our business, website, customers, and employees from fraud, security threats, and other harmful activities.

6. DATA RETENTION PERIODS

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our retention periods are determined as follows:

Category	Duration
6.1 Customer Data	Retained for the duration of our business relationship with you and for six (6) years thereafter to comply with contractual limitation periods and tax obligations.
6.2 Transaction Data	Retained for six (6) years from the date of transaction to comply with UK tax and accounting legislation (HMRC requirements).
6.3 Marketing Data	Retained until you withdraw consent or opt out, or for three (3) years from your last interaction with us, whichever occurs first.
6.4 Technical and Usage Data	Retained for twenty-four (24) months from collection, unless required for security investigations or legal proceedings.
6.5 Legal Claims Data	Retained for the duration of any legal proceedings and for six (6) years following resolution to defend against potential future claims.

Upon expiry of the applicable retention period, personal data will be securely deleted, anonymized, or destroyed in accordance with our data destruction procedures.

7. DATA SUBJECT RIGHTS

Under the GDPR, you have the following rights regarding your personal data:

7.1 Right to Access (Article 15)

You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, access to the personal data and supplementary information. We will provide a copy of your personal data free of charge, with additional copies available upon payment of a reasonable fee based on administrative costs.

7.2 Right to Rectification (Article 16)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.

7.3 Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to obtain the erasure of personal data concerning you where: (a) the data is no longer necessary for the purposes for which it was collected; (b) you withdraw consent and there is no other legal basis for processing; (c) you object to processing and there are no overriding legitimate grounds; (d) the data has been unlawfully processed; (e) the data must be erased for compliance with a legal obligation; or (f) the data was collected in relation to information society services offered to a child.

7.4 Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing where: (a) you contest the accuracy of the data (for a period enabling verification); (b) processing is unlawful and you oppose erasure; (c) we no longer need the data but you require it for legal claims; or (d) you have objected to processing pending verification of overriding grounds.

7.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, where processing is based on consent or contractual necessity and processing is carried out by automated means.

7.6 Right to Object (Article 21)

You have the right to object at any time to processing of personal data concerning you which is based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we shall cease such processing immediately.

7.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. In the UK, the supervisory authority is the Information Commissioner's Office (ICO), contactable at www.ico.org.uk.

7.9 Right to Object to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where necessary for contract performance, authorized by law, or based on your explicit consent.

To exercise any of these rights, please contact us at contact@evdopes.group. We will respond to your request within one (1) month of receipt, which may be extended by two (2) further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one (1) month of receipt of the request, together with the reasons for the delay.

Exercise Your Rights

Response within 30 days guaranteed.

Contact Compliance

We may request specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9. INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

Specifically, our website servers are located in the United Kingdom and European Economic Area (EEA), and our group companies and third-party service providers and partners operate around the world. This means that when we collect your personal data, we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Policy. These safeguards include implementing the European Commission's Standard Contractual Clauses (SCCs) for transfers of personal data between our group companies and third-party service providers and partners, which require all recipients to protect personal data they process from the EEA in accordance with European Union data protection law.

We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

10. DATA SECURITY

We have implemented appropriate technical and organizational measures to protect the security of your personal data, including:

10.1 Technical Measures

Encryption of data in transit using TLS/SSL protocols, encryption of data at rest where appropriate, firewalls, intrusion detection systems, regular security assessments and penetration testing, and secure development practices.

10.2 Organizational Measures

Access controls and authentication procedures, staff training on data protection and security, confidentiality agreements with employees and contractors, incident response procedures, and regular audits of our security practices.

10.3 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

Liability Disclaimer

While we implement safeguards designed to protect your personal data, no security system is impenetrable and, due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

11. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar tracking technologies to distinguish you from other users, understand how you use our services, improve your browsing experience, and for marketing purposes.

11.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the operation of our website, enabling core functionality such as security, network management, and accessibility. You cannot opt out of these cookies. Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website. Functionality Cookies: Enable the website to provide enhanced functionality and personalization. Targeting/Marketing Cookies: Record your visit to our website, the pages you have visited, and the links you have followed.

11.2 Consent Management

When you first visit our website, you will be presented with a cookie banner requesting your consent for non-essential cookies. You can change your preferences at any time through our Cookie Settings.

11.3 Third-Party Cookies

Some cookies are placed by third parties, including analytics providers and advertising networks. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website.

This document provides comprehensive GDPR compliance coverage for EVDOPES LTD. It addresses all required elements under Articles 12-14 GDPR (transparency requirements).

GDPR PRIVACY POLICY.

1. INTRODUCTION AND SCOPE

2. DATA CONTROLLER INFORMATION

3. LEGAL BASIS FOR PROCESSING

4. CATEGORIES OF PERSONAL DATA PROCESSED

4.1 Identity Data

4.2 Contact Data

4.3 Financial Data

4.4 Technical Data

4.5 Usage Data

4.6 Marketing and Communications Data

4.7 Professional Data

5. PURPOSES OF PROCESSING

5.1 Service Provision

5.2 Customer Support

5.3 Payment Processing

5.4 Legal Compliance

5.5 Business Operations

5.6 Marketing and Communications

5.7 Analytics and Improvement

5.8 Security

6. DATA RETENTION PERIODS

7. DATA SUBJECT RIGHTS

7.1 Right to Access (Article 15)

7.2 Right to Rectification (Article 16)

7.3 Right to Erasure ("Right to be Forgotten") (Article 17)

7.4 Right to Restriction of Processing (Article 18)

7.5 Right to Data Portability (Article 20)

7.6 Right to Object (Article 21)

7.7 Right to Withdraw Consent (Article 7(3))

7.8 Right to Lodge a Complaint (Article 77)

7.9 Right to Object to Automated Decision-Making (Article 22)

Exercise Your Rights

8. DATA SHARING AND RECIPIENTS

8.1 Service Providers and Processors

8.2 Professional Advisers

8.3 Regulatory and Governmental Authorities

8.4 Business Transfers

8.5 Affiliates and Group Companies

9. INTERNATIONAL DATA TRANSFERS

10. DATA SECURITY

10.1 Technical Measures

10.2 Organizational Measures

10.3 Breach Notification

Liability Disclaimer

11. COOKIES AND TRACKING TECHNOLOGIES

GDPR PRIVACY POLICY.

1. INTRODUCTION AND SCOPE

2. DATA CONTROLLER INFORMATION

3. LEGAL BASIS FOR PROCESSING

4. CATEGORIES OF PERSONAL DATA PROCESSED

4.1 Identity Data

4.2 Contact Data

4.3 Financial Data

4.4 Technical Data

4.5 Usage Data

4.6 Marketing and Communications Data

4.7 Professional Data

5. PURPOSES OF PROCESSING

5.1 Service Provision

5.2 Customer Support

5.3 Payment Processing

5.4 Legal Compliance

5.5 Business Operations

5.6 Marketing and Communications

5.7 Analytics and Improvement

5.8 Security

6. DATA RETENTION PERIODS

7. DATA SUBJECT RIGHTS

7.1 Right to Access (Article 15)

7.2 Right to Rectification (Article 16)

7.3 Right to Erasure ("Right to be Forgotten") (Article 17)

7.4 Right to Restriction of Processing (Article 18)

7.5 Right to Data Portability (Article 20)

7.6 Right to Object (Article 21)

7.7 Right to Withdraw Consent (Article 7(3))

7.8 Right to Lodge a Complaint (Article 77)

7.9 Right to Object to Automated Decision-Making (Article 22)

Exercise Your Rights

8. DATA SHARING AND RECIPIENTS