R-Zone Enterprises — Legal & Compliance
Privacy
Policy.
We believe privacy is a right, not a checkbox. This policy explains exactly what personal data R-Zone Enterprises collects, how we use it, and the rights you hold over it — in plain language.
Last Updated
15 January 2025
Version
v3.0 — 2025
Jurisdiction
England & Wales
Framework
UK GDPR · DPA 2018
Who We Are
R-Zone Enterprises ("we", "us", "our") is a UK-based freight and logistics company. We operate as R-Zone Enterprises Ltd, registered in England and Wales, with our registered office at:
Unit 9 Moorhen Yard, Elms Lane
Upminster, Essex RM14 3TS
United Kingdom
We are the data controller for personal data collected through our website at r-zoneenterprises.com, our mobile applications, and through our cargo and logistics services.
This Privacy Policy explains how we handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.
Data We Collect
We collect personal data in three ways: directly from you, automatically, and from third parties.
2.1 — Data You Provide Directly
- Identity data: full name, date of birth, passport or ID number (where required for customs)
- Contact data: email address, phone number, UK and Nigeria addresses
- Shipment data: cargo description, weight, dimensions, declared value, origin, destination
- Payment data: billing address and payment method — we do not store full card details, which are handled by PCI-DSS compliant processors
- Communication data: records of your correspondence with us by phone, email, or contact forms
- Account data: username, hashed password, booking history, preferences
2.2 — Data Collected Automatically
- Technical data: IP address, browser type and version, device identifiers, time zone
- Usage data: pages visited, time on page, links clicked, referral source
- Cookie data: see our Cookie Policy for full details
2.3 — Data From Third Parties
- Business partners and referral sources who confirm your data may be shared
- HMRC and Nigeria Customs Service for import/export compliance
- Credit reference and fraud prevention agencies
- Publicly available sources such as Companies House
How We Use Your Data
We use your personal data only for legitimate business purposes. The table below sets out every use alongside the legal basis we rely on.
| Purpose | Legal Basis |
|---|---|
| Processing & managing cargo shipments | Contract |
| Processing payments & issuing invoices | Contract |
| UK & Nigeria customs clearance | Legal obligation |
| Real-time shipment tracking | Contract |
| Customer service communications | Contract / Legitimate interest |
| Marketing communications | Consent |
| Fraud prevention & security | Legitimate interest |
| Website analytics | Consent |
| Legal & regulatory obligations | Legal obligation |
3.1 — Marketing Communications
We only send marketing emails or SMS if you have given us explicit consent. You can withdraw consent at any time — click "unsubscribe" in any email, text STOP to any SMS, or email privacy@r-zoneenterprises.com. We will never sell or share your contact details for others' marketing purposes.
Legal Basis for Processing
Under UK GDPR, every act of data processing must have a lawful basis. Here are the bases we rely on:
Contract Performance
Art. 6(1)(b)Processing necessary to fulfil your shipping contract — booking, dispatch, delivery, invoicing.
Legal Obligation
Art. 6(1)(c)Where we are legally required to process data — customs declarations, HMRC reporting, AML checks.
Legitimate Interests
Art. 6(1)(f)Fraud detection, network security, and business communications where our interests don't override yours.
Consent
Art. 6(1)(a)Marketing communications and non-essential cookies — you may withdraw consent at any time.
Data Sharing
We share your personal data only where necessary. We never sell it.
5.1 — Service Providers (Processors)
- Airlines & carriers: British Airways, Virgin Atlantic, Emirates, Ethiopian Airlines — for booking cargo space and issuing air waybills
- Customs agents: In Nigeria and the UK, to handle port clearance and regulatory filings
- Payment processors: Stripe and PayPal — PCI-DSS Level 1 compliant
- IT service providers: Cloud hosting, email delivery, CRM — all subject to data processing agreements
- Analytics: Google Analytics — anonymised and only with your cookie consent
5.2 — Regulatory & Government Bodies
- HM Revenue & Customs (HMRC) — UK import/export compliance
- Nigeria Customs Service (NCS) — Nigerian import/export declarations
- UK Border Force — where required for customs inspections
- Law enforcement agencies — where required by law or court order
Our Three Absolute Rules
We never sell your personal data to any third party
We never share your data with advertisers or data brokers
We never allow third parties to use your data for their marketing
International Transfers
Our operations span the UK and Nigeria. As part of our service, your personal data will be transferred to Nigeria — specifically to our Lagos operations hub — to facilitate customs clearance and last-mile delivery.
Nigeria is not currently recognised by the UK as providing an adequate level of data protection under UK GDPR. Where data is transferred to Nigeria, we rely on the following safeguards:
- UK International Data Transfer Agreements (IDTAs): We use IDTAs with our Nigerian partners as required by the ICO
- Contractual necessity: Where transfers are strictly necessary for performance of your shipping contract
- Explicit consent: For any other transfers where you have been informed and agreed
To receive a copy of the safeguards we apply, contact privacy@r-zoneenterprises.com.
Data Retention
We keep personal data only for as long as necessary. Here is our retention schedule:
| Data Category | Retention Period |
|---|---|
| Customer account data | 6 years after last transaction |
| Shipment & customs records | 6 years from shipment date |
| Payment records | 6 years |
| Marketing consent records | 3 years after withdrawal |
| Customer service communications | 3 years |
| Website analytics (anonymised) | 26 months |
| CCTV at premises | 30 days |
When data is no longer required, we securely delete or irreversibly anonymise it. We periodically review all data we hold to ensure it remains accurate and necessary.
Your Rights
Under UK GDPR, you have eight rights over your personal data. Here they are — plainly.
Right of Access
Request a copy of all personal data we hold about you. We respond within one calendar month at no charge.
Right to Rectification
Request correction of inaccurate or incomplete personal data. We correct verified inaccuracies promptly.
Right to Erasure
Request deletion of your data where it is no longer necessary, you withdraw consent, or it was unlawfully processed.
Right to Restrict
Request that we restrict processing your data while a complaint is being resolved or accuracy disputed.
Right to Portability
Receive your data in a structured, machine-readable format (JSON or CSV) where processing is based on consent or contract.
Right to Object
Object to processing based on legitimate interests at any time. Absolute right to object to direct marketing.
No Automated Decisions
We do not make solely automated decisions with legal effect. All significant decisions involve human review.
Right to Complain
Lodge a complaint with the ICO at ico.org.uk or call 0303 123 1113 if you believe we've mishandled your data.
How to Exercise Your Rights
Email privacy@r-zoneenterprises.com or write to our registered address. We respond within one calendar month. Complex requests may be extended by a further two months — we will notify you.
Right to Complain — ICO
If you're not satisfied with how we've handled your data, you can complain to the Information Commissioner's Office.
Cookies
We use cookies and similar tracking technologies on our website. Non-essential cookies (analytics, marketing) are only placed on your device with your prior consent, obtained through our cookie banner.
For full details of every cookie we use, how long they last, and how to manage your preferences, read our dedicated Cookie Policy.
Security
We implement appropriate technical and organisational measures to protect your personal data. Our security programme includes:
TLS/HTTPS encryption for all data in transit
AES-256 encryption for sensitive data at rest
Multi-factor authentication for staff systems
Role-based access controls — staff see only what they need
Regular security audits and penetration testing
Annual mandatory data protection training for all staff
Incident response plan for data breaches
Physical access controls at our warehouse facilities
Children's Privacy
Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe your child has provided us with personal data without your consent, please email privacy@r-zoneenterprises.com immediately. We will delete the data promptly and without charge.
Changes to This Policy
We review this Privacy Policy regularly. We will notify you of material changes by email (where we hold your address) and by posting a notice on our website. The "Last Updated" date at the top of this policy will reflect any revision.
Continued use of our services after notification of a change constitutes your acceptance of the revised policy. If you disagree with any change, please stop using our services and contact us to close your account and request data deletion.
Contact & DPO
For any questions, requests, or concerns about this Privacy Policy or your personal data:
Data Protection
General Enquiries
Phone
Post
Unit 9 Moorhen Yard, Elms Lane, Upminster, Essex RM14 3TS
Common Questions
Still Have Questions?
We're Here to Help.
Our team responds to privacy enquiries within one business day.