Privacy & Cookie Policy

Last updated: 25 May 2026

Your privacy matters to us. This Privacy and Cookie Policy explains how Aztecs Bikes Ltd collects, uses and protects your personal information when you visit our website, contact us, visit our shop in Bow, or buy products and services from us, and how we use cookies and similar technologies on aztecsbikes.com.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

Part A: Privacy Policy

1. Who we are (data controller)

Aztecs Bikes Ltd is the data controller for the personal information collected through the website, our shop and our services.

Aztecs Bikes Ltd
Registered office: 4 Corsican Square, London E3 3XS, United Kingdom
Company registration number: 13286458 (England and Wales)
VAT registration number: 380797260
Email: hello@aztecsbikes.com • Phone: +44 7488 878 612

Questions about this policy or about how we handle your personal data should be sent to hello@aztecsbikes.com. We do not currently have a statutory obligation to appoint a Data Protection Officer; the directors of Aztecs Bikes Ltd are responsible for data protection within the company.

2. What personal data we collect

We collect and process the following categories of personal data.

2.1 When you place an order or book a service

Full name;
Billing and delivery addresses;
Email address and phone number;
Order details, including products purchased, prices and order history;
Preferred collection or delivery method;
Booking details for workshop services and free check-ups.

2.2 Payment information

Online card payments are processed securely by Stripe, our online payment service provider. Klarna and PayPal are available through Stripe at checkout where offered. In-store card payments are processed by Dojo. We do not store full card numbers, security codes or other sensitive cardholder data on our systems. We may receive a tokenised reference, the last four digits of the card and the card brand for reconciliation purposes.

2.3 Cycle to Work scheme purchases

If you purchase a bike or accessories through a Cycle to Work scheme (such as Green Commute Initiative, Cyclescheme or other scheme providers), we will also collect and process:

The name of your employer;
The name of your scheme provider;
Your voucher or certificate number and value;
Any information required by the scheme provider to confirm and reconcile the order.

This information is shared with your scheme provider for the purposes of processing the voucher and completing the sale.

2.4 When you contact us

The content of emails, web form submissions and chat messages;
Phone call details if you call us;
The nature of your enquiry, complaint or warranty claim.

2.5 Website usage data

When you browse our website, we automatically collect technical data through cookies and similar technologies (see Part B below), including:

IP address and approximate location;
Device information (type, operating system, browser);
Pages visited, products viewed and time spent on pages;
Referring website or search query;
Date and time of your visit.

2.6 Marketing preferences

If you sign up to our newsletter or opt in to marketing communications, we collect:

Your email address (and first name where provided);
Your consent record (including the date and source of consent);
Information about which messages you open or click on, where our email platform provides this.

2.7 CCTV in our shop

Our shop in Bow is monitored by CCTV. See Section 12 below for details on how we use CCTV footage.

3. How we use your personal data

We use your personal data only for the purposes described in this policy. We will never sell your personal data, and we do not share your data with third parties for their own marketing.

3.1 To provide and manage your orders and services

Process payments and confirm orders;
Prepare Click and Collect items in store;
Arrange Home Delivery via our courier partners;
Communicate order updates, dispatch notifications and tracking information;
Manage workshop bookings, services and free check-ups;
Process Cycle to Work scheme purchases in coordination with your scheme provider.

3.2 Customer service

Answer your questions;
Process returns, refunds, exchanges and warranty claims;
Provide updates on the progress of repairs.

3.3 Improve our website and customer experience

Monitor website performance and identify technical issues;
Analyse aggregated visitor behaviour;
Improve site functionality, security and content.

3.4 Marketing (with your consent)

Send newsletters, promotions and product updates;
Share information about our shop, events and cycling-related content;
Measure the effectiveness of any advertising campaigns we run.

You can unsubscribe at any time using the link in any marketing email, or by contacting us.

3.5 Legal and regulatory obligations

Tax and accounting reporting (HMRC);
Fraud prevention and detection;
Compliance with UK consumer law and other applicable regulations.

4. Legal bases for processing (UK GDPR)

We rely on the following legal bases under the UK GDPR:

Performance of a contract: to fulfil orders, deliver services and respond to your requests;
Legal obligation: for accounting, tax and regulatory compliance;
Legitimate interests: to operate, secure and improve our business, prevent fraud, monitor our premises through CCTV and analyse aggregated website usage. Our legitimate interests are balanced against your rights and freedoms;
Consent: for email marketing, non-essential cookies and any optional information you provide. You can withdraw consent at any time.

5. Automated decision-making and profiling

We do not make decisions about you that have a legal or similarly significant effect using fully automated means. Some of our payment partners (such as Stripe and Dojo) may use automated tools to detect and prevent fraud at the point of payment. If a payment is declined for fraud-related reasons, you can contact us and we will help you resolve it.

6. How long we keep your personal data

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

Order and transaction records: 6 years (HMRC tax requirement);
Customer service emails and enquiries: up to 2 years from last interaction;
Marketing list data: until you unsubscribe or after 24 months of inactivity;
Website analytics data: 14 to 38 months, depending on the analytics tool;
CCTV footage: up to 30 days, except where retained for an investigation, an insurance claim or legal proceedings.

After these periods, your personal data is deleted or anonymised.

7. Who we share your personal data with

We do not sell your personal data. We share it only with carefully selected third parties who help us operate our business, and only the minimum information they need to provide their service. Our current data processors and partners include:

Saledock: e-commerce platform and website hosting;
Stripe: online card payment processing (including Klarna and PayPal where offered at checkout);
Dojo: in-store card payment processing;
Royal Mail Click and Drop, and Cycle Courier Co: delivery of online orders;
Bikebook: workshop booking platform;
Cycle to Work scheme providers (including Green Commute Initiative, Cyclescheme and other providers), where you choose to purchase through such a scheme;
Systeme.io: email marketing (we previously used Brevo for the same purpose; some historical data may still be held by them until fully purged);
Google (Gmail and Google Workspace): customer service email and internal communications;
Google Analytics and Google reCAPTCHA: website analytics and spam protection;
Google Ads, Meta (Facebook and Instagram) and TikTok: advertising and campaign measurement, where we run advertising campaigns (with your consent for non-essential cookies);
QuickBooks and Dext: accounting and invoice management;
LAKA Insurance partner programme (only where you choose to enquire about cover);
Our IT service providers and professional advisers (accountants, lawyers) where necessary.

We may also disclose personal data where required to do so by law, by a regulator, or to protect our rights, property or safety, or the rights, property or safety of others.

8. International transfers of personal data

Some of the third parties listed above are based outside the United Kingdom. In particular, certain providers (including Stripe, Google services, Meta, TikTok and any future US-based services) may process data in the United States or other countries outside the UK and the European Economic Area.

Where we transfer personal data outside the UK, we ensure that an appropriate safeguard is in place, such as:

A UK adequacy decision (for transfers to the EEA, for example);
The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
Other lawful mechanisms permitted under the UK GDPR.

If you would like more information about a specific transfer, please contact us.

9. Your rights under the UK GDPR

You have the following rights in relation to your personal data:

Right of access: you can ask for a copy of the personal data we hold about you;
Right to rectification: you can ask us to correct inaccurate or incomplete data;
Right to erasure: you can ask us to delete your data in certain circumstances;
Right to restrict processing: you can ask us to limit how we use your data;
Right to object: you can object to processing based on legitimate interests, and to direct marketing at any time;
Right to data portability: you can ask for your data in a structured, machine-readable format;
Right to withdraw consent: where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please email hello@aztecsbikes.com. We will respond within one month.

If you are unhappy with how we have handled your personal data, you can complain to the Information Commissioner's Office (ICO): ico.org.uk, helpline 0303 123 1113. We would, however, appreciate the chance to address your concerns first.

10. Children's data

Our website and services are aimed at adults. We do not knowingly collect personal data from children under the age of 13.

Where a parent or guardian buys a product on behalf of a child (for example a kids' bike), the personal data we hold relates to the parent or guardian, not the child. If you believe we have inadvertently collected data from a child under 13, please contact us and we will delete it without delay.

11. Security and data breaches

We take data protection seriously and apply organisational and technical measures appropriate to the nature of the data we hold, including:

HTTPS encryption across the website;
Secure, tokenised payment processing through Stripe, Dojo and other authorised providers;
Access controls and unique logins for staff;
Two-factor authentication on critical systems where available;
Regular review of who has access to personal data;
Data minimisation: we only collect what we need.

No method of transmission over the internet is 100 percent secure, but we work to protect your data using industry-standard practices.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with the UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

12. CCTV in our shop

Our shop at 4 Corsican Square, London E3 3XS is monitored by CCTV cameras. Notices indicating that CCTV is in operation are displayed at the shop entrance.

We use CCTV for the following purposes:

To protect the security of the shop, our staff, customers and visitors;
To prevent and detect crime, including theft and damage to property;
To investigate incidents that occur on the premises;
To support insurance claims where necessary.

The legal basis for processing CCTV footage is our legitimate interest in protecting our premises, staff and customers, balanced against your right to privacy.

CCTV footage is retained for up to 30 days and is then automatically overwritten, unless we need to retain specific footage longer for an investigation, an insurance claim or legal proceedings. Footage is stored securely and access is limited to authorised personnel.

You have the right to request access to CCTV footage of yourself under the UK GDPR. To make such a request, please email hello@aztecsbikes.com with the date, approximate time and a description of yourself, so that we can locate the relevant footage. We may need to redact other individuals appearing in the footage to protect their privacy.

Part B: Cookie Policy

13. What are cookies?

Cookies are small text files that are placed on your device (computer, tablet or smartphone) when you visit a website. They allow the website to recognise your device and remember information about your visit, for example items in your basket or your language preferences.

Cookies can be:

First-party cookies: set by us, the website you are visiting;
Third-party cookies: set by another organisation through our website (for example Google Analytics);
Session cookies: deleted when you close your browser;
Persistent cookies: stored on your device until they expire or until you delete them.

Other technologies (such as pixels, web beacons, local storage and similar tools) work in a comparable way and are covered by this policy.

14. How we use cookies

We use cookies to:

Keep our website working properly (essential cookies);
Remember your basket and let you check out;
Understand how visitors use our site so that we can improve it (analytics cookies);
Measure the effectiveness of any marketing campaigns we run (marketing cookies, only with your consent).

15. Categories of cookies we use

15.1 Strictly necessary cookies

These cookies are essential for the website to function and cannot be switched off. They include cookies used to:

Maintain your session and shopping basket;
Enable secure checkout and payment;
Remember your cookie preferences;
Protect our site from spam and abuse (for example reCAPTCHA).

These cookies do not require your consent under UK PECR rules, because they are strictly necessary to provide the service you have asked for.

15.2 Analytics and performance cookies

These cookies help us understand how visitors interact with our website (for example which pages are visited and where errors occur). We use this data to improve the site. We currently use, or intend to use, Google Analytics 4 for this purpose.

Analytics cookies are only set if you give your consent through our cookie banner.

15.3 Marketing and advertising cookies

These cookies may be set when we run advertising campaigns through partners such as Google Ads, Meta (Facebook and Instagram) and TikTok. They allow us to measure the effectiveness of our adverts and, where applicable, show you relevant content on those platforms.

Marketing cookies are only set if you give your consent through our cookie banner. You can withdraw your consent at any time through the cookie settings on our website.

16. Cookies we use on the website

The table below summarises the main cookies in use on aztecsbikes.com. The exact list may change as we add or remove tools; we update this page when significant changes occur.

Cookie name	Provider	Purpose	Duration
Session cookies	Saledock	Maintain your session, basket and checkout	Session
Cookie consent	Saledock	Remember your cookie preferences	12 months
_ga	Google Analytics	Distinguish unique users (analytics)	2 years
_ga_*	Google Analytics	Persist session state for analytics	2 years
_gcl_*	Google Ads	Conversion tracking for advertising campaigns	Up to 90 days
_fbp	Meta (Facebook)	Advertising and campaign measurement (when running Meta ads)	Up to 90 days
_ttp	TikTok	Advertising and campaign measurement (when running TikTok ads)	Up to 13 months
Stripe cookies	Stripe	Secure payment processing and fraud prevention	Session to 1 year
reCAPTCHA	Google	Spam protection on forms	6 months

Some third-party providers may also set cookies that we cannot fully control. For more detail, please review their own cookie or privacy policies.

17. Your choices and how to manage cookies

When you first visit our website, a cookie banner is displayed. You can:

Accept all cookies;
Customise your preferences and accept only the categories you choose;
Continue browsing using only strictly necessary cookies.

You can change your cookie preferences at any time by clicking the cookie settings link on our website (where available) or by clearing the cookies in your browser, which will cause the banner to appear again on your next visit.

17.1 Browser controls

Most browsers also allow you to view, manage or delete cookies and to block cookies from being set. Instructions are typically available in your browser's help section. You can find guidance for the main browsers here:

If you disable strictly necessary cookies, parts of the website (including checkout) may not work properly.

17.2 Do Not Track signals

There is currently no industry consensus on how websites should respond to Do Not Track (DNT) signals. We do not currently respond to DNT signals; you can use the cookie banner and your browser settings instead.

18. Changes to this policy

We may update this Privacy and Cookie Policy from time to time, for example when we add new tools or services, or to reflect changes in the law. The most recent version is always available on this page, with an updated revision date at the top. Where changes are significant, we will notify registered customers by email.

19. Contact us

For any question about this Privacy and Cookie Policy, to exercise your rights or to ask how we use cookies: