Our Privacy Notice describes the categories of personal data that we process and for what purposes. We understand that your privacy is important to you and that you care about how your personal data is used.

We respect and value the privacy of our customers and suppliers and will only collect and use such data fairly and in accordance with the requirements of the General Data Protection Regulations (UK GDPR).

This Privacy Notice will become effective from 25th May 2018.

  1. What does this notice cover?

We take your privacy seriously, this Privacy Notice provides up to date information about how we use your personal data, how it is collected, how it is held and how it is processed and disposed. It also explains your rights under the law relating to your personal data.

We will update this Privacy Notice if we make any significant changes affecting how we use your personal information.

  1. About us

We are what is known as the ‘data controller’ of personal information we gather and use.

We require information about you in order to provide our products to you and make payment for the goods and services you provide to our businesses.

When we say ‘we’ or ‘us’ in this Privacy Notice, we mean Jenlu Limited.

For the purpose of the UK GDPR, the data controller is Jenlu Limited, Company number 9227218. ICO reference ZB019545 of:

Jenlu Limited, Glyn Villa, 24 Bryn Marl Road, Mochdre, LL28 5EA

  1. What is Personal Data?

Personal data is any information that relates to an individual who can be identified from that information either directly or indirectly, for example, a person’s name, identification number, location, online identifier or one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person. It can also include pseudonymised data. Personal data is, in simpler terms, any information about you that enables you to be identified.

Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in Part 5.

  1. Your privacy rights

Under the UK GDPR you have the following rights, which we will always work to uphold:

  1. a) You have the right to be informed about our collection and use of your personal data.
  2. b) The right to access the personal data we hold about you as outlined in part 11.
  3. c) The right to have your personal data rectified if any of your personal data held by us is

inaccurate or incomplete. Please contact us using the details in Part 12 to find out more.

  1. d) The right to erasure, i.e. the right to ask us to delete or otherwise dispose of any of your

personal data that we have; provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed or the data needs to be erased to comply with a legal obligation.

  1. e) The right to restrict (i.e. prevent) the processing of your personal data if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing).
  2. f) The right to object to us using your personal data for a particular purpose or purposes where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing. You also have the right to object to processing of your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
  3. g) The right to data portability. You may request that we provide the personal data that we hold about you to another data controller in a structured, commonly used and machine-readable format.
  4. h) Rights relating to automated decision-making and profiling. We do not use your personal data in this way. For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 12.
  1. What kinds of personal information do we collect about you?

Personal data is information that you give to us when communicating with us by phone, email, post, social media or in person when visiting one of our sites, entering a request for a call back from the company via our website or requesting a sample or making a purchase through our company websites or through the sharing of business cards.

We may collect some or all of the following personal data about you, the data we do collect about you may vary depending on our relationship with you.

  1. How do we gather your personal information?

We obtain personal information:

Directly from you, for example when you complete an online purchase/order from us.

We may also collect information about you indirectly, and combine such information with information we hold about you – including where:

You provide information to us through other publicly available personal data, including any which you have shared via a public platform (such as a Twitter, Facebook and LinkedIn).

We may collect information when visiting our website(s):

Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, the country and telephone area code where your computer is located, browser plug-in types and versions, operating system and platform;

Information about your visit, including password(s), the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse our page, and any phone number used to call our customer service number.

Under the UK GDPR, the lawful bases we rely on for processing this information are:

Your consent. You are able to remove your consent at any time. You can do this by contacting the details contained at Part 12 of this notice.

We have a contractual obligation.

  1. How do we use your personal information?

Under the UK GDPR, we must always have a lawful basis for using personal data. The information that we collect and store relating to you is primarily used to enable us to provide our products and services to you. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, because it is in our legitimate business interests to use it or to meet our legal obligation. Your personal data will be used for the following purposes in relation to an agreement to supply our products or services to you:

Providing and managing your account.

Entering a contractual arrangement with you.

Supplying our products to you. Your personal details are required for us to enter into a contract with you.

Communicating with you. This may include responding to emails or calls from you.

To administer payments from you for our products. In addition, we may use the information for the following purposes in our legitimate interests to improve our products and services:

To respond to any complaint that you may make.

To administer our site and telephone services, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

To improve our site and telephone services to ensure that information is provided in the most effective manner for you (and for your computer).

As part of our efforts to keep our site and telephone services safe and secure.

We may also process the information to comply with legal requirements relating to:

The provision of products and services.

Data protection.

Health and safety.

Anti-money laundering and fraud investigations.

Assisting law enforcement.

Any other legal obligations placed on us from time to time.

With your permission we may also use your personal data for marketing purposes, which may include contacting you by email or post with information, news, and offers on our products. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK GDPR. Where we have your consent, you have the right to withdraw it.

We will let you know how to do that at the time we obtain your consent.

  1. Sharing your data with third parties?

In limited circumstances we may need to share your personal data with some of our service partners. These include our third-party IT providers, payment processing companies and delivery companies.

Jenlu Limited only allows its service providers to handle your personal data when we have  confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Jenlu Limited and to you, and for no other purposes.

We will share personal information within Jenlu and with others outside Jenlu Limited, where we need to do that to make products and services available to you, market products and services to you, meet or enforce a legal obligation or where it is fair and reasonable for us to do so.

We will only share your personal information to the extent needed for those purposes.

In addition, we will disclose your personal information to the relevant third party in the event that we sell or buy any business or assets or are acquired, in which case we will disclose your personal data to the prospective seller or buyer as appropriate in order to maintain service and business continuity.

  1. How and Where Do You Store or Transfer My Personal Data?

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will only store or transfer your personal data in the UK. This means that it will be fully protected under the UK GDPR.

If in future we do need to transfer your data outside the European Economic Area, we will only do so if adequate protection measures are in place in compliance with data protection legislation.

  1. How long do we keep your personal information for?

How long we keep your personal information for depends on the products and services we deliver to you. We will never retain your personal information for any longer than is necessary for the purposes we need to use it for.

For further information regarding this please see our Retention and Disposal Schedule which sets out the types of personal data held by us, the time period for which that personal data is to be retained, the criteria for establishing and reviewing such periods, and when and how data is to be deleted or disposed of.

  1. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “Subject Access Request”.

We ask that you please make your subject access request either verbally or in writing please use the contact details which are set out in Part 12.

The request will normally be complied with free of charge. However, we may charge a reasonable fee if the request is manifestly unfounded or excessive, or if it is repetitive. In addition, we may charge a reasonable fee if you request further copies of the same information. The fee charged will be based on the administrative cost of providing the information requested. We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

  1. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, limited to make a subject access request, please use the following details:

Name: Tessa Stephens – Data Protection Officer

Email address: support@jenlu.com

Telephone number: 0800 074 2090

Postal Address: Jenlu Limited, 24 Glyn Villa, Bryn Marl Road, Mochdre, LL28 5EA

  1. Are Cookies Used?

We use cookies and similar technology as set out in our Cookie Policy.

  1. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be made available on our Company websites.

  1. How to Complain

Similarly, should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by using the contact details at Part 12 of this Notice.

If you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO’s details are below:

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk