Privacy Policy

As a small business, our reputation is extremely important to us, maintaining the trust and confidence of visitors to our website is key. Any personal data shared with us will not under any circumstance be sold or leased to other organisations and as a business, we will only work with companies that are compliant with the new GDPR that comes into effect from the 25th of May 2018.  If you would like to find out further information on the General Data Protection Regulation please visit the ICO’s website… 

The following privacy notice will provide you with the detailed information on how we collect and process personal data through your use of this website

It is important that you read this notice prior to providing your data and by providing us with your data, you represent and warrant to us that you are over 13 years of age. 

1. Who is collecting your data?

The data controller of your data will be Stephen Russell trading under the name EK OK Bikes.


Address: 5 Westwood Square, East Kilbride, G75 8JQ

Telephone: 01355 228 225 It is important that the personal information we hold is as accurate. Please get in touch if your personal data changes by emailing or logging into your account via the login button on our website

2. How is your personal data collected?

Information is collected about you through your direct input into a number of available web forms and through email communication. These web forms include but are not exclusive to

  • Contact Me
  • Account Management
  • Order Processing/Shopping Cart

Additionally, the website automatically stores personal data via cookies and other web technologies. To find out more information regarding our cookie policy please visit section 11 below or please visit our cookie policy  Our website also utilises Google Analytics to collect standard usage information and details of behaviour patterns only when authorised to do so. We use this service to find out about the number of visitors to pages of our site. We have configured our site communication with Google Analytic to prevent the identity of individuals visiting our site being disclosed to us or Google.

3. What data is being collected and what is the legal basis for processing that data?

We may process the personal data your provide us in a number of ways, how we use that and our lawful grounds for doing so is listed in the tables below:


What this IncludesHow we use it
Any electronic correspondence via web forms, email, social networking, text, instant messaging and any other available communication that you may send to usWe process this information to allow us to communicate with you, for record keeping and for the establishment of evidence should there be a need to pursue or defend a legal claim.
Lawful grounds for processing: Legitimate Interest

Customer Details and Purchasing Information

What this IncludesHow we use it
Any information related to purchasing of products and/or services this may include the following
  • Name
  • Billing address
  • Delivery address
  • Email address
  • Phone number
  • Purchase history
  • Bank transaction references
We process this information to allow us to fulfil our contract with you and for record keeping of the transactions.
Lawful grounds for processing: Contract

Browser Information and how you use our website

What this IncludesHow we use it
Through visiting our website, we automatically store information about your 

  • Device
  • Operating system
  • Browser 
  • IP address
We process this information to ensure the security or our site by monitoring normal and malicious use, we also process this information to allow us to analyse the usage of our site in order to support the browser, operating systems and devices using it.
Lawful grounds for processing: Legitimate Interest

Marketing Information

What this IncludesHow we use it
Any information related to marketing

  • Name
  • Email Address
  • Marketing Preferences
We process this information in accordance with the Privacy and Electronic Communication Regulations in conjunction with the General Data Protection Regulations see section 4 of this privacy notice, we may process this data for promotions, competitions, prize give-aways.
Lawful grounds for processing:Consent or Legitimate Interest

Sensitive Data

We do not collect sensitive data. If you would like to find out more about what the GDPR defines as sensitive data please visit the ICO’s key definitions page

Automated Decision Making

We do not have any systems in place that would make automated decisions.

Legal Obligations

Where legally obligated or permitted by law to do so we may process your data without your knowledge or consent.

4. Will I receive any marketing?

We are not in the habit of spamming or pestering people but from time to time in the name of growing our business we may use your personal data to send you marketing communications when you have given consent to do so (Opted in to receive marketing) or under the lawful grounds of legitimate interest (You have requested information on a service/product or made a purchase).  These lawful grounds for processing are covered by the Privacy and Electronic Communications Regulations (PECR) and the GDPR. If at any point you wish to opt-out of our marketing communications you have that right, this can be achieved by emailing or by clicking the available opt out button on the marketing communication you received. Opting out of marketing communications will not apply to personal data held in relation to other business transactions such as purchasing.

5. Who will your data be shared with?

To function as a business it is necessary for us to share your data with other organisations. We will only transfer data to other organisations when necessary for a specific purpose. Those organisation themselves must be compliant with the data protection laws and only process this data in accordance with our instructions.

Set out below are the types of organisations that we may have to share your personal data with:

  • Web Hosting Service Provider (UK)
  • Email Service Provider (UK)
  • Email Marketing Service Provider (US)
  • Website Analytics Service Provider (US)
  • Payment Collection Service Provider (EU)
  • Customer Data Transfer Service Provider (EU)
  • Data Storage Provider (EU)
  • Government bodies (UK)

6. Will your data be transferred outside of Europe?

To ensure the protection of your personal data the GDPR places restrictions on the transfer of that data outside of the European Economic Area (EEA). Those restrictions have been implemented to ensure the same level of protection for your data outside of the EEA. 

We will only share your personal data with companies, organisation and service providers outside of the EEA where

  • they reside in a country that has been approved by the European Commission (EC).
  • they offer a contractual agreement or certification that has been approved by the EC to offer a similar level of data security
  • they are based in the US and are part of the EU-US Privacy shield.

Our business does utilise a small number of service providers that are based outwith the EEA, These companies are US based providers who have the approved level of protection with adequate safeguards in place and are a part of the EU-US Privacy Shield thus meeting GDPR requirements that allow data to be transferred.

7. What security precautions are in place?

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.  All processing partners must keep your personal data confidential. In the event of a suspected personal data breach, processes have been developed to ensure that you and the relevant authorities (Information Commissioners Office) will be notified as we are legally required to do so.

8. How long will your data be retained?

We will only retain your information for as long as necessary to fulfil the purposes set out in this section 2 of this privacy notice. This will include any reporting needs, accounting and legal obligations (For example, tax and revenue laws require me to keep basic customer information for a period of six years)

9. What are your legal rights?

Under the GDPR (General Data Protection Regulation) you as an individual have rights in relation to the personal data we process. These include the right to request access, rectification, erasure, restrict processing, data portability and object (where the lawful basis for processing is consent).

You can find out further information regarding these rights at…

If you wish to exercise any of the rights set out above, please email your request to

In most case we will not charge for a data subject request however If your request is repetitive, manifestly unfounded or excessive, we may request an administrative fee to process your request or refuse to deal with that request.

If a data subject request is submitted it will be necessary to request proof of identification from the individual before considering that request, this ensures the security of data we control to prevent disclosure of information to unauthorised individuals.

When a data subject request is made we will respond within one month of that request. In situations where there are multiple requests from the same individual or complex request, we may extend the time for response by a further two months as per the ICO’s guidance. If we extend the response duration we will notify the individual requesting the reasons for this extension. If you are unhappy with the way that we have collected or processed your personal data you reserve the right to make a complaint with the ICO (Information Commissioners Office). The ICO is the UK’s independent authority set up to uphold information rights in the public interest and data privacy for individuals. Before contacting the ICO we would be grateful if you could contact me in the first instance to allow me to resolve the issue for you. If you still wish to proceed please visit the ICO’s website at

10. Does this website have links to other websites?

Our website may contain links to our social accounts and/or other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. We recommend that you read the privacy notice of each website you visit.

11. What cookies does this website have?

For information about the cookies we use please visit If you would like to block cookies, you can do so via the settings of your browser. If you choose to disable or refuse cookies some areas of this website may not function or be inaccessible.

We will review our privacy notice from time to time as we may be required by law. If we do we will keep a record below

  • Version: 1.0 Effective From: 01 Feb 2020