Privacy policy

Last updated: 9 January 2026

This Privacy Policy describes how SUSTOW LTD (“SUSTOW”, “we”, “us”, or “our”) collects, uses, and discloses personal information when you visit or make a purchase from https://sustow.co.uk or https://sustow.com (the “Site”), use our services, or otherwise communicate with us (collectively, the “Services”).
Both domains are operated by SUSTOW LTD and governed by this Privacy Policy.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), SUSTOW LTD is the data controller of your personal information.

By accessing or using the Services, you acknowledge that your personal information will be processed as described in this Privacy Policy. If you do not agree, please do not use the Services.

1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal obligations, or regulatory guidance. We will post the updated version on the Site and revise the “Last updated” date accordingly.

2. How We Collect Personal Information

We collect personal information from the following sources:

a) Information You Provide Directly

Contact details (name, email address, phone number, postal address)
Order and transaction details (billing and shipping address, payment confirmation)
Account information (username, password stored in encrypted/hashed form)
Customer support communications

Providing certain information is necessary to use specific features of the Services.

b) Information Collected Automatically

We collect usage and technical data through cookies and similar technologies, including IP address, device and browser type, and interactions with the Site.
For Shopify cookie details, see: https://www.shopify.com/legal/cookies

c) Information from Third Parties

We may receive information from:

Shopify (website hosting and e-commerce functionality)
Payment service providers
Logistics and fulfilment partners
Analytics, security, and fraud-prevention providers

All third-party data is processed in accordance with this Privacy Policy.

3. Legal Bases for Processing

We process personal information under the following lawful bases:

Contractual necessity (Article 6(1)(b)) – to process orders, deliver products, manage accounts, and provide Services
Legal obligation (Article 6(1)(c)) – to comply with tax, accounting, and regulatory requirements
Legitimate interests (Article 6(1)(f)) – to prevent fraud, secure our platform, improve Services, and provide customer support
Consent (Article 6(1)(a)) – where required, including for SMS messaging and marketing communications

You may withdraw consent at any time where consent is the lawful basis.

4. How We Use Personal Information

Providing Products and Services

To process payments, fulfil orders, arrange delivery, manage accounts, handle returns, and provide customer support.

Communications (Transactional & Service)

To send order confirmations, shipping updates, delivery notifications, account notices, and customer support responses.

SMS & Messaging Communications

If you voluntarily provide your phone number and consent, we may send transactional, service, and account-security SMS messages, including:

Order and delivery updates
Customer support communications
One-time passcodes (OTP/2FA) for login, password resets, and phone number verification

SMS disclosures:

Message frequency may vary
Message and data rates may apply
You may opt out at any time by replying STOP
For assistance, reply HELP

SMS opt-in data (including phone numbers and consent records) is never sold, rented, or shared for third-party marketing purposes. It is shared only with authorised messaging providers strictly to deliver messages and meet compliance requirements.

Marketing Communications

Where permitted by law (including PECR), we may send marketing communications. You may opt out at any time. Transactional messages are not affected by marketing opt-outs.

Security and Fraud Prevention

To protect accounts, prevent unauthorised access, detect fraud, and maintain platform security.

5. Cookies

We use cookies to operate and improve the Site, analyse usage, and remember preferences. You can manage cookies through your browser settings. Blocking cookies may affect functionality.

6. How We Disclose Personal Information

We may disclose personal information to:

Service providers (payment processing, fulfilment, IT, customer support)
Shopify and essential business partners
Professional advisers (legal, accounting)
Authorities where required by law

We do not sell personal information under UK or EU law. Any references to “sale” or “sharing” in non-UK jurisdictions relate solely to advertising identifiers and never include SMS opt-in data or messaging consent.

7. Data Retention

We retain personal information only for as long as necessary, including:

Order and transaction records: up to 6 years (tax and accounting)
Account data: while the account remains active
Customer support communications: up to 24 months
SMS consent and messaging logs: retained for compliance and audit purposes

8. Automated Decision-Making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.

9. Children’s Data

The Services are not intended for children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided data, please contact us to request deletion.

10. International Data Transfers

Where personal information is transferred outside the UK or EEA, we rely on recognised safeguards such as UK International Data Transfer Agreements (IDTA) or Standard Contractual Clauses, unless the destination country is deemed adequate.

11. Your Rights

Depending on your location, you may have the right to:

Access your personal information
Correct inaccurate data
Request deletion
Restrict or object to processing (including direct marketing)
Withdraw consent
Data portability

Requests can be made using the contact details below. We may verify your identity before responding.

12. Complaints

If you have concerns, contact us first. You may also lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

https://www.ico.org.uk
Helpline: 0303 123 1113

13. Contact Us

SUSTOW LTD
71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Email: support@sustow.com
Phone: +44 2045966222

Item added to your cart

Privacy policy

1. Changes to This Privacy Policy

2. How We Collect Personal Information

a) Information You Provide Directly

b) Information Collected Automatically

c) Information from Third Parties

3. Legal Bases for Processing

4. How We Use Personal Information

Providing Products and Services

Communications (Transactional & Service)

SMS & Messaging Communications

Marketing Communications

Security and Fraud Prevention

5. Cookies

6. How We Disclose Personal Information

7. Data Retention

8. Automated Decision-Making

9. Children’s Data

10. International Data Transfers

11. Your Rights

12. Complaints

13. Contact Us

Country/region

Country/region

Privacy policy

1. Changes to This Privacy Policy

2. How We Collect Personal Information

a) Information You Provide Directly

b) Information Collected Automatically

c) Information from Third Parties

3. Legal Bases for Processing

4. How We Use Personal Information

Providing Products and Services

Communications (Transactional & Service)

SMS & Messaging Communications

Marketing Communications

Security and Fraud Prevention

5. Cookies

6. How We Disclose Personal Information

7. Data Retention

8. Automated Decision-Making

9. Children’s Data

10. International Data Transfers

11. Your Rights

12. Complaints

13. Contact Us

Join the Low-Impact Living Movement