1. Who We Are

This Privacy Policy applies to Jiils ("we", "us", "our"), a London-based technology buyback and resale business operating at jiils.com. We are registered with the UK Information Commissioner's Office (ICO). Jiils operates as a UK sole trader; the ICO data-protection-fee registration is currently in progress and the registration number will be published here once issued.

For privacy enquiries, contact us at jiils.admin@gmail.com.

2. Data We Collect

We collect the following categories of personal data:

Contact data: Name, phone number (WhatsApp), email address.
Device data: Category, brand, model, condition, and photos of items you submit for a buyback quote.
Location data: Postcode, for organising free collection.
Transaction data: Purchase price, payment method, and order status.
Usage data: Pages visited, browser type, and IP address, collected via Google Analytics (see Section 7).

We do not collect special-category data (health, financial history, biometrics) unless you voluntarily disclose it.

3. Legal Basis for Processing

We process your personal data under the following UK GDPR lawful bases (Article 6):

Contract (Art. 6(1)(b)): To provide a buyback quote, arrange collection, and make payment.
Consent (Art. 6(1)(a)): To contact you via WhatsApp with your requested quote. You give this consent via the checkbox in our buyback form. You may withdraw at any time by messaging us "STOP".
Legitimate interests (Art. 6(1)(f)): For fraud prevention, system security, and improving our service.
Legal obligation (Art. 6(1)(c)): To comply with HMRC and other statutory requirements.

4. How We Use Your Data

To respond to your buyback quote request via WhatsApp.
To arrange free collection of your device in London.
To process payment by bank transfer.
To issue a data-wipe certificate (NIST 800-88) for your device.
To comply with anti-money-laundering regulations for transactions above £1,000.
To improve and secure our website and services.

We will never sell your personal data to third parties or use it for unsolicited marketing.

5. Data Sharing

We share your data only where necessary:

Supabase (EU): Secure database hosting for quote and order records.
Meta (WhatsApp Business API): To deliver your quote message. Meta's privacy policy governs their handling of message metadata.
Stripe: Payment processing. Stripe is PCI DSS Level 1 certified.
Telegram: Internal operational notifications only — your name and device details are shared with our team.
Google Analytics: Anonymised usage analytics (see Section 7).

All processors are bound by data processing agreements. No data is transferred outside the UK/EEA without appropriate safeguards.

6. Data Retention

Buyback quote requests: Retained for 12 months, then deleted.
Completed transactions: Retained for 7 years to comply with HMRC requirements.
Device photos: Deleted within 30 days of transaction completion.
Marketing consent records: Retained until you withdraw consent.

7. Cookies and Analytics

Strictly necessary cookies (Supabase authentication, shopping cart) are always active — they are required for the site to function and are exempt from consent under UK PECR Regulation 6(4)(a).

Analytics cookies (Google Analytics with IP anonymisation enabled) only load after you click "Accept all" in our cookie banner. If you reject non-essential cookies, no analytics tracking takes place. Your choice is stored locally for 12 months. To change it, clear your browser's local storage for jiils.com and reload the page.

You can additionally opt out of Google Analytics globally via the Google Analytics opt-out browser add-on.

8. Your Rights Under UK GDPR

You have the following rights:

Right of access: Request a copy of personal data we hold about you.
Right to rectification: Correct inaccurate data.
Right to erasure ("right to be forgotten"): Request deletion of your data (subject to legal retention obligations).
Right to restriction: Restrict processing in certain circumstances.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Withdraw WhatsApp marketing consent at any time.

To exercise any right, email us at jiils.admin@gmail.com. We will respond within 30 days. If you are not satisfied, you may lodge a complaint with the ICO.

9. Security

We implement industry-standard security measures including TLS encryption in transit, row-level security in our database, and NIST 800-88 data wiping on every device we receive. Access to personal data is restricted to authorised personnel only.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via our website. Continued use of our services after changes constitutes acceptance.

1. Who We Are

For privacy enquiries, contact us at jiils.admin@gmail.com.

2. Data We Collect

We collect the following categories of personal data:

Contact data: Name, phone number (WhatsApp), email address.
Device data: Category, brand, model, condition, and photos of items you submit for a buyback quote.
Location data: Postcode, for organising free collection.
Transaction data: Purchase price, payment method, and order status.
Usage data: Pages visited, browser type, and IP address, collected via Google Analytics (see Section 7).

We do not collect special-category data (health, financial history, biometrics) unless you voluntarily disclose it.

3. Legal Basis for Processing

We process your personal data under the following UK GDPR lawful bases (Article 6):

Contract (Art. 6(1)(b)): To provide a buyback quote, arrange collection, and make payment.
Consent (Art. 6(1)(a)): To contact you via WhatsApp with your requested quote. You give this consent via the checkbox in our buyback form. You may withdraw at any time by messaging us "STOP".
Legitimate interests (Art. 6(1)(f)): For fraud prevention, system security, and improving our service.
Legal obligation (Art. 6(1)(c)): To comply with HMRC and other statutory requirements.

4. How We Use Your Data

To respond to your buyback quote request via WhatsApp.
To arrange free collection of your device in London.
To process payment by bank transfer.
To issue a data-wipe certificate (NIST 800-88) for your device.
To comply with anti-money-laundering regulations for transactions above £1,000.
To improve and secure our website and services.

We will never sell your personal data to third parties or use it for unsolicited marketing.

5. Data Sharing

We share your data only where necessary:

Supabase (EU): Secure database hosting for quote and order records.
Meta (WhatsApp Business API): To deliver your quote message. Meta's privacy policy governs their handling of message metadata.
Stripe: Payment processing. Stripe is PCI DSS Level 1 certified.
Telegram: Internal operational notifications only — your name and device details are shared with our team.
Google Analytics: Anonymised usage analytics (see Section 7).

All processors are bound by data processing agreements. No data is transferred outside the UK/EEA without appropriate safeguards.

6. Data Retention

Buyback quote requests: Retained for 12 months, then deleted.
Completed transactions: Retained for 7 years to comply with HMRC requirements.
Device photos: Deleted within 30 days of transaction completion.
Marketing consent records: Retained until you withdraw consent.

7. Cookies and Analytics

Strictly necessary cookies (Supabase authentication, shopping cart) are always active — they are required for the site to function and are exempt from consent under UK PECR Regulation 6(4)(a).

You can additionally opt out of Google Analytics globally via the Google Analytics opt-out browser add-on.

8. Your Rights Under UK GDPR

You have the following rights:

Right of access: Request a copy of personal data we hold about you.
Right to rectification: Correct inaccurate data.
Right to erasure ("right to be forgotten"): Request deletion of your data (subject to legal retention obligations).
Right to restriction: Restrict processing in certain circumstances.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Withdraw WhatsApp marketing consent at any time.

To exercise any right, email us at jiils.admin@gmail.com. We will respond within 30 days. If you are not satisfied, you may lodge a complaint with the ICO.

9. Security

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via our website. Continued use of our services after changes constitutes acceptance.

Privacy Policy

1. Who We Are

2. Data We Collect

3. Legal Basis for Processing

4. How We Use Your Data

5. Data Sharing

6. Data Retention

7. Cookies and Analytics

8. Your Rights Under UK GDPR

9. Security

10. Changes to This Policy

Loading Jiils

Privacy Policy

1. Who We Are

2. Data We Collect

3. Legal Basis for Processing

4. How We Use Your Data

5. Data Sharing

6. Data Retention

7. Cookies and Analytics

8. Your Rights Under UK GDPR

9. Security

10. Changes to This Policy