Privacy Policy

Privacy & UK GDPR (How we handle your data)
Last updated: 14 January 2026

Quick summary
  • We only use personal data to run the returns portal service, support customers, prevent fraud, and meet legal obligations.
  • Where an End User creates a return for a Merchant, the Merchant is usually the Data Controller and we act as the Data Processor.
  • For Merchant account/admin data (billing, logins, support), we are usually the Data Controller.

Contents

1. Who we are 2. What this policy covers 3. Roles: Controller vs Processor 4. Personal data we collect 5. How we use personal data and our lawful bases 6. Where we get your data from 7. Who we share data with 8. International transfers 9. How long we keep data 10. Security 11. Your rights 12. Complaints 13. Children’s data 14. Automated decision-making 15. Cookies and analytics 16. Changes to this policy 17. Contact

1. Who we are

ReturnMyOrder.co.uk is operated by DA Software Solutions trading as ReturnMyOrder.co.uk (“we”, “us”, “our”).

  • Registered address: 129 Comissioners Wharf, Newcastle Upon Tyne, NE296DS
  • Support / privacy contact: help@returnmyorder.co.uk

2. What this policy covers

This policy explains how we collect, use, store, and share personal data when you:

  • visit ReturnMyOrder.co.uk (including Merchant Portal Pages such as returnmyorder.co.uk/company_name);
  • create or manage a return as an End User;
  • create or manage a Merchant account, including billing and support; and/or
  • contact us for support or service-related queries.

This policy does not replace a Merchant’s own privacy policy. If you are an End User, the Merchant you are returning to may process your data for their own purposes (e.g. refunds, fraud checks, warranty claims). You should review their policy too.

3. Roles: Controller vs Processor

End Users (return customers)

When you create a return for a specific Merchant using their portal page, the Merchant is usually the Data Controller and we act as their Data Processor, processing personal data only to provide the returns service (label creation, tracking, notifications, and reporting).

Merchants (business customers)

For Merchant account data (admin users, logins, billing, payments, support communications), we are usually the Data Controller because we decide how and why this data is processed to deliver and operate the Platform.

Where we act as a Processor, our processing is governed by our Data Processing Addendum (DPA) and the Merchant’s instructions, subject to legal requirements.

4. Personal data we collect

4.1 End Users (returns)

Depending on how the Merchant configures their portal, we may process:

  • Identity & contact: name, email address, phone number (if required), and delivery/collection address.
  • Order/return details: order number, items being returned, reason codes, notes/comments, photos (if uploaded), and return preferences (where offered).
  • Shipment details: parcel weight/dimensions (if entered), selected service, tracking number, drop-off/collection details, timestamps, and status updates.
  • Technical data: IP address, device/browser info, and event logs used for security and troubleshooting.

4.2 Merchants (account/admin)

  • Account data: business name, contact details, admin user details, login credentials (stored securely), and user permissions.
  • Billing data: billing address, invoice history, plan details, payment status, and transaction references.
  • Support data: messages, attachments, and records of actions taken to resolve issues.

4.3 Payment data

Card payments and Direct Debit setup are handled by third-party payment providers. We do not store full card numbers. We may store references/tokens and limited metadata (e.g. last 4 digits, expiry month/year, payment method type) where provided by our payment processor.

5. How we use personal data and our lawful bases

Purpose Examples Lawful basis (UK GDPR)
Provide the returns service Create return records, generate Labels, show tracking, enable drop-off/collection options Contract / steps before contract
Merchant account administration Create and manage Merchant admin users, authentication, permissions Contract
Billing and payments Weekly invoicing, payment collection, Prepay Credit top-ups, fraud/chargeback handling Contract; Legal obligation; Legitimate interests
Customer support and troubleshooting Answer queries, investigate bugs, resolve shipment/label issues Contract; Legitimate interests
Security and fraud prevention Monitoring, access logs, abuse prevention, incident response Legitimate interests; Legal obligation (where applicable)
Service improvement and analytics Usage trends, feature performance, error rates Legitimate interests (and consent where required for non-essential cookies)
Legal and compliance Respond to legal requests, enforce terms, defend claims Legal obligation; Legitimate interests

Where we rely on legitimate interests, we balance our interests against your rights and expectations and apply safeguards (data minimisation, access controls, retention limits).

6. Where we get your data from

  • From you directly: when you fill in the returns portal, create an account, or contact support.
  • From the Merchant: order references, customer details, return rules, or status updates (depending on the Merchant’s integration).
  • From Carriers: tracking events, delivery/collection status, and any carrier-provided shipment metadata.
  • From service providers: payment confirmation/status, fraud signals, and limited technical diagnostics.

7. Who we share data with

We may share personal data with:

  • Carriers to generate Labels, arrange collections/drop-offs, and provide tracking.
  • Merchants (the seller you are returning to) so they can process returns, refunds, exchanges, and customer support.
  • Payment providers to process payments, verify transactions, and manage disputes/chargebacks.
  • Hosting and infrastructure providers to run the Platform (servers, storage, monitoring).
  • Support and communications providers used to handle service messages and incident response.
  • Professional advisers (legal/accounting) where necessary.
  • Authorities where required by law or to prevent fraud/crime.

We do not sell personal data. We only share it where needed to provide the service, keep it secure, or meet legal obligations.

8. International transfers

We aim to keep data stored and processed in the UK and/or EEA where possible. Some service providers may process data outside the UK/EEA.

Where we transfer personal data internationally, we use appropriate safeguards (such as contractual protections and equivalent security measures) in line with applicable data protection law.

9. How long we keep data (retention)

We keep personal data only for as long as needed for the purposes set out in this policy, including legal, accounting, and operational requirements. Typical retention includes:

  • Merchant account data: kept while the account is active, then retained for a reasonable period after closure for compliance, dispute handling, and audit requirements.
  • Return records and shipment data: retained to support tracking, disputes, fraud prevention, and Merchant reporting.
  • Billing records: retained as required for financial record keeping.
  • Support communications: retained for troubleshooting history and service quality, then deleted/archived in line with retention practices.

10. Security

We use reasonable technical and organisational measures to protect personal data, including:

  • access controls and authentication;
  • encryption in transit (where supported by the client and our services);
  • monitoring, logging, and alerting;
  • least-privilege access for staff and service accounts;
  • regular maintenance and patching practices.

No system is perfectly secure. If you suspect unauthorised access, contact us immediately at help@returnmyorder.co.uk.

11. Your rights

Depending on your circumstances, you may have rights including:

  • Access to your personal data
  • Rectification of inaccurate data
  • Erasure (where applicable)
  • Restriction of processing (where applicable)
  • Data portability (where applicable)
  • Objection to processing (especially where we rely on legitimate interests)
  • Withdraw consent (where we rely on consent)
Important: End Users returning to a Merchant

If you created a return for a specific Merchant, they are usually the Data Controller. For requests relating to your return outcome (refunds/exchanges) or broader use of your data by the Merchant, you should contact the Merchant directly. If you contact us, we may redirect your request to the Merchant where appropriate.

12. Complaints

If you have concerns about how we handle personal data, contact us first and we’ll try to resolve it.

You also have the right to complain to the UK supervisory authority, the Information Commissioner’s Office (ICO).

13. Children’s data

Our service is intended for use by Merchants and their customers for returns management. It is not directed at children. If you believe a child has provided personal data through the Platform, contact us and we will take appropriate steps.

14. Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects solely by automated means for End Users as a default Platform feature. Merchants may apply their own rules to accept/reject returns; those decisions are controlled by the Merchant.

15. Cookies and analytics

We may use cookies or similar technologies to operate the site (e.g. session management, security) and to understand usage (analytics).

  • Essential cookies are required for the site to function.
  • Non-essential cookies (e.g. analytics) may be optional depending on your cookie settings and local law requirements.

For more details, see our Cookie Policy (or include the cookie details here if you prefer a single combined policy).

16. Changes to this policy

We may update this policy from time to time to reflect changes in law, technology, or how the Platform operates. We will update the “Last updated” date at the top of the page.

17. Contact