BACK

Last Updated 14 May 2025

At MFI, we aim to take an honest, secure, and careful approach to your data. We understand the importance of your personal details and we know and care that your data is used in a secure, sensitive and fair manner.

This policy, alongside our Terms and Conditions, is designed to give you information about why we collect and process your personal details, how we use it, and what rights you have in relation to our use of your data.

This policy applies to all customers of MFI. It does not form part of our Terms and Conditions.

We may change our privacy policy from time to time. 

This website does not currently use cookies and does not generate any persistent identifiers.

A. Who We Are

VIPSO Trading Limited is the data controller of the personal data we process about you. VIPSO Trading Limited is a company registered in England and Wales with registered number 12491614.

Our registered address is:

1 Sustainability Way
Farington Moss
Leyland
PR26 6TB


B. Types Of Data Collected

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Your Identity and Contact Details. You must provide your first name, surname, and email address. We will use this data to provide you with updates and for direct marketing.

We do not provide services directly to children or proactively collect their personal information.

C. Who We Share Your Data With

MFI sometimes shares your personal data with trusted third parties. This is to allow us, for example, to deliver your order, to deliver you email notifications, or process card payments. When we do share your data with these trusted third parties, we only provide the information that they need to perform their services and they may only use your data for the purposes we have agreed with them.

These trusted third parties include:

  • Internal third parties, being other companies in the same group of companies and acting as joint controllers or processors, who are based in England and provide IT, shared services, logistics and warehousing services, system administration services and to undertake leadership reporting.

  • Email Service Providers to send you emails, promotional offers, competitions, and other information if you choose to receive direct marketing emails from us.

  • Law Enforcement, Fraud Prevention, and Other Authorised Regulatory Agencies and Bodies to help prevent and detect fraud and other unlawful acts.

D. Transfers of Data Outside of The UK

We may transfer some of your personal data to countries that are not part of the UK. These are known as third countries and may not have data protection laws that are as strong as those in the UK. As such, we take additional steps to safeguard your personal data to ensure it is treated just as safely and securely as it would be within the UK.

These transfers occur when we share your data with international organisations who are based around the world. We have in place standard contractual clauses with these organisations to ensure that your personal information is treated by those organisations in a way which is consistent with and which respects the domestic UK laws on data protection. 

In addition to these clauses, we also rely on Adequacy Decisions from the Information Commissioner’s Office, where they recognise a country outside of the UK as ensuring an adequate level of protection equivalent to the UK.

E. Our Lawful Basis For Processing

The law on data protection allows us to process your data for certain reasons only. We will only use your personal information when the law allows us to.

Most commonly, we will use your personal information under the following legal bases:

  • Where it is necessary for the contract we have, or will enter into, with you.

  • Where it is necessary to comply with the law.

  • Where it is necessary for our legitimate interests (or a third party’s) that your interests and fundamental rights do not override.

  • Where you have consented to the processing for a specific purpose.

We may also use your personal data in the following, rare situations:

  • To protect your (or someone else’s) vital interests.

  • Where it is in the public interest or official purposes.

We process personal data where you have consented to the processing for a specific purpose. We will deliver updates, email promotions, competitions, offers and other opportunities to you and will use your identity and contact details where you have given us your consent.

F. Informing Us of Changes

It is important that the personal information we hold about you is accurate and correct. Please keep us informed if your personal information changes during your relationship with us.

This can be done by contacting data.protection@mfi.co.uk.

H. Your Rights

Under data protection law, you have the following rights, which we will work to uphold:

  • The right to be informed about the data we hold about you and what we do with it.

  • The right of access to the data we hold about you, including receiving a copy of the data.

  • The right to correct inaccuracies in the data we hold about you, this is also known as ‘rectification’.

  • The right to be forgotten in certain circumstances, allowing you to ask us to delete or remove data where there is no good reason for us to continue processing it, this is also known as ‘erasure’.

  • The right to restrict (i.e., prevent) the processing of the data if you want us to establish its accuracy or the reason for processing it.

  • The right to transfer the data we hold about you to another party where we use it with consent or for the performance of a contract. This is also known as ‘portability’.

  • The right to object to the processing of data where we rely on a legitimate interest and there is something in your particular situation which makes you want to object to the processing. You also have this right if we process data for direct marketing purposes.

  • Rights relating to any automated decision-making and profiling of your personal data.

I. Withdrawing Consent

You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us. In addition to the rights listed above, you also have the right to withdraw consent at any time should you change your mind. 

Should you do this, we will stop processing data under this basis and, where there is no other basis for continuing to process the data, we will delete any data reliant on that consent.

You can withdraw consent by clicking the “unsubscribe” link at the bottom of any of our emails, by contacting our Customer Service team, or by sending an email to data.protection@mfi.co.uk.

J. Retention Periods

We only keep your data for as long as we need it for, which, when you purchase goods from us, will be at least for the duration of your order with us. In most cases we will keep your data for a period after your order has completed. Some data retention periods are set by the law, for example the need to retain tax details for seven years.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of it, the potential risk of harm from unauthorised use or disclosure, the purposes for which we collected it for, and the applicable legal requirements.

When your data reaches the end of its defined retention period or criteria, we will delete any electronic data from our IT systems, and any physical copies will be securely destroyed.

K. Automated Decision Making

Automated decision-making means making decisions about you using no human involvement e.g. using computerised equipment. No decision about you, which has a significant impact on you, will be made solely based on automated decision-making unless we have your explicit consent.

Your use of our website, and interaction with our marketing emails, may involve profiling of your behaviour, again subject to your consent.

L.    Data Protection Officer's Contact Details

Our Data Protection Officer (“DPO”) can be contacted via data.protection@mfi.co.uk.

Alternatively, you can contact them by post at the above registered address, marking the envelope FAO: Data Protection Officer. 

If you have any questions about this privacy policy, how we handle our personal data, or to request a copy of the safeguards we rely upon for transfer of data outside of the UK, please contact the DPO.

M. Making a Complaint

We strive to achieve a high standard in all our data processing. However, if you think your data rights have not been complied with, you are able to raise a complaint with the Information Commissioner’s Office (ICO), who are the UK supervisory authority for data protection.

You can contact the ICO at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; by telephone on 0303 123 1113 (local rate) or 01625 545 745; or submit a complaint online here:  https://ico.org.uk/make-a-complaint/.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Privacy Policy