Privacy policy

This policy sets out how Isekai Trading Ltd handles personal data processed through isekaitrading.co.uk in connection with wholesale trade accounts and the orders placed through them. It is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The service is offered to business customers only; personal data we hold generally relates to company representatives, named buyers, and other individuals authorised to act on behalf of a trade customer.

1. Controller

The controller of personal data under this policy is Isekai Trading Ltd, a company registered in England and Wales.

  • Registered office: 128 City Road, London, United Kingdom, EC1V 2NX
  • Data-protection contact: [email protected]

2. Categories of personal data we collect

In connection with wholesale trade accounts and orders, we collect the following categories of personal data:

  • Business registration details (company name, country, business type, tax or VAT number, website) — Assessment of wholesale trade account applications; Verification of trading status for eligibility; Customs and import documentation where required.
  • Contact details (contact name, email, phone) — Account communications; Order fulfilment; Account support.
  • Shipping and billing addresses — Order fulfilment; Tax jurisdiction determination; Fraud risk scoring.
  • Order and purchase history — Account function (order history); Support and returns; Recommendations; Fraud analytics.
  • Payment reference (processor transaction identifier) — Payment reconciliation; Chargeback handling.
  • Account email and authentication credentials — Authentication; Account recovery.

3. Lawful bases for processing

We rely on the following lawful bases under the UK GDPR to process your personal data:

  • Performance of a contract with you, or steps taken at your request before entering into a contract — UK GDPR Article 6(1)(b).
  • Compliance with our legal obligations under UK company law, UK tax law, commercial law, and anti-fraud law — UK GDPR Article 6(1)(c).
  • Our legitimate interests in operating, securing, and improving the service, preventing fraud, and defending legal claims, where those interests are not overridden by your rights and freedoms — UK GDPR Article 6(1)(f).

4. Recipients of personal data

Personal data is disclosed to the following categories of recipients for the purposes set out above:

  • Companies within our group, for service delivery, quality assurance, research and product improvement, fraud prevention, and general business operations.
  • Payment processor.
  • Shipping carrier.
  • Transactional email provider.

We do not sell personal data. We do not disclose personal data to credit reference agencies or to external trade-reference services. Where a recipient acts as our processor, it processes personal data only on our documented instructions and under a written contract that requires equivalent safeguards to those set out in this policy.

5. International transfers

Some of our processors operate outside the United Kingdom. Transfers outside the UK are made under Chapter V of the UK GDPR — under an adequacy decision recognised by the UK, under the UK International Data Transfer Agreement, under the UK Addendum to the EU Standard Contractual Clauses, or under another lawful transfer mechanism. The categories of recipient and the regions to which transfers may occur are:

  • Payment processor — United States, European Economic Area, Japan.
  • Shipping carrier — multiple regions.
  • Transactional email provider — European Economic Area.

A copy of the relevant safeguards is available on written request.

6. Retention

We retain personal data only for as long as necessary for the purposes set out in this policy, in line with the following anchors:

  • Order, invoice, accounting, and tax records: six years from the end of the relevant accounting period, in accordance with the Companies Act 2006, the Finance Act 2008, and HMRC record-keeping requirements.
  • Trade account records: while the account is active and for twelve months thereafter, to handle returns, disputes, and chargebacks that may arise after a final order.
  • Authentication and access logs: approximately ninety days, for security and fraud prevention.

Where a statutory retention period applies, we cannot delete data before that period expires. On closure of a trade account, data no longer subject to a statutory minimum is deleted or anonymised.

7. Your rights

Under the UK GDPR, and subject to the conditions and exceptions set out in the law, you have the following rights in relation to your personal data:

  • Right of access (Article 15) — to obtain confirmation that we hold personal data about you, and a copy of that data.
  • Right to rectification (Article 16) — to have inaccurate or incomplete personal data corrected.
  • Right to erasure (Article 17) — to have personal data deleted where one of the grounds in Article 17 is made out.
  • Right to restriction of processing (Article 18).
  • Right to data portability (Article 20) — to receive personal data you provided to us in a structured, commonly used, machine-readable format.
  • Right to object to processing (Article 21), including to processing based on our legitimate interests and to direct marketing.
  • Rights in relation to automated decision-making, including profiling (Article 22), as set out in section 8 below.
  • Right to withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Requests should be sent to [email protected]. We may ask for information reasonably necessary to verify your identity before responding. We aim to respond within one month of receipt, in line with Article 12(3); where a request is complex or the volume is high, we may extend the period by a further two months and will tell you if we do.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority, at https://ico.org.uk/make-a-complaint/ or by post to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

8. Automated decision-making

We do not make decisions that produce legal effects concerning you, or similarly significantly affect you, solely on the basis of automated processing within the meaning of Article 22 of the UK GDPR. Wholesale trade account applications are reviewed by a person before approval or rejection; automated systems may perform preliminary checks such as form validation, but do not themselves determine whether an account is approved. If we introduce solely automated decision-making in the future, we will update this policy in advance and provide the safeguards required by Article 22, including the right to obtain human intervention, to express your point of view, and to contest the decision.

9. Cookies and similar technologies

We use strictly necessary storage in your browser — a session identifier, your authentication state, and the contents of your current order basket — so the site functions. Regulation 6(4) of the Privacy and Electronic Communications (EC Directive) Regulations 2003 does not require consent for storage of this kind. We do not use analytics, advertising, or cross-site tracking technologies. If this changes, we will obtain your consent in the manner the law requires before any non-essential technology is deployed.

10. Contact

For any question about this policy, or about how we handle your personal data, please write to us at:

11. Changes to this policy

We may update this policy from time to time to reflect changes to the service or to applicable law. Where a change is material, it will be announced on the site before it takes effect. The date of the most recent update is shown below.

Last updated: 2026-04-24