Privacy Policy
About This Policy
Fourex Group is committed to protecting the privacy of its data subjects by handling data it collects in a safe and responsible way. For the purposes of the UK General Data Protection Regulation (UK GDPR), Fourex Group is the data controller for any personal data it holds.
This policy sets out how Fourex Group will do this.
Types of Data Fourex Group Collects
Fourex Group will collect and process personal data.
Personal data includes information relating to living individuals where they can be either:
- directly identified from a piece of information; or
- indirectly identified from a combination of information.
Customer Data
The personal data collected for customers includes:
- name, address and contact details including email address and telephone number;
- technical information including IP addresses, browser type, device information and cookies (for website functionality, order tracking, analytics and fraud prevention);
- details about product purchases and payments;
- correspondence to and from you including feedback and complaints; and
- marketing and communications data including your preferences in receiving marketing and communications from us and third parties.
Employee Data
The personal data collected for employees includes:
- name, address, date of birth, gender and contact details including email address and telephone number;
- qualification details including skills, experience and employment history;
- recruitment information including right to work documents, CVs and covering letters;
- bank account details, national insurance number and tax status; and
- information about next of kin and emergency contacts.
Sensitive Personal Data
For employees, Fourex Group also collects sensitive personal data (special category data), including data concerning:
- race or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade union membership;
- genetic data;
- biometric data (where used for identification);
- health;
- sex life; and
- sexual orientation.
The sensitive personal data collected includes:
- trade union membership information;
- information on criminal convictions and/or offences;
- health and sickness records; and
- equal opportunities monitoring information (including ethnic origin, sexual orientation, disability and religion).
Why Fourex Group Collects This Data
Fourex Group collects this information to comply with legal obligations and for the following purposes:
- registering you as a customer of its online store;
- receiving and fulfilling customer orders;
- contacting you in relation to queries, orders, feedback, or complaints;
- if you have opted in to receive marketing communications, contacting you about services and providing marketing materials;
- performance of a contract to which you are a party;
- internal administration and record keeping; and
- notifying you of changes to this privacy policy.
For employees, data is collected to comply with legal and health and safety obligations and for workforce management purposes, including development, retention, policy development, payroll and employee benefits.
Legal Basis for Processing Data
The lawful bases for processing relied upon include:
- Contract performance: to process orders, deliver products, manage returns, send order confirmations and invoices.
- Legal compliance: accounting, sales records and VAT reporting.
- Legitimate interests: website security, analytics, fraud prevention and customer service.
- Consent: marketing communications such as newsletters and promotions via email and SMS.
Special category data is processed on the basis of explicit consent or where necessary for carrying out obligations and exercising rights in employment law.
Data Retention
Fourex Group follows UK GDPR rules on data retention. This means it:
- only keeps data for as long as needed (for example, 7 years for order records and 2 years after last activity for inactive accounts);
- securely deletes or anonymises documents no longer needed;
- complies with requests for data to be changed or deleted where no overriding legal or legitimate grounds apply;
- complies with subject access requests unless UK GDPR exemptions apply; and
- conducts data audits to avoid keeping data longer than necessary.
Sharing Data
Internal Data Sharing
Fourex Group may share data internally with relevant departments where required.
Business Partners
Fourex Group may share personal data with third parties whose products it offers and who have a licensed brand relationship with it (Business Partners), including appointed service providers.
Where appropriate and based on legitimate interests, shared information may include:
- name;
- contact details;
- voluntarily provided data;
- browsing behaviour;
- purchase history when buying partner-associated merchandise; and
- marketing and communication preferences.
Business Partners, including the INEOS Grenadiers Cycling Team (Tour Racing Limited), may act as independent data controllers and use that data under their own privacy policies.
Once data is shared, Fourex Group does not control partner handling practices. Contact Business Partners directly for their privacy practices and to exercise rights.
Third-Party Services
Fourex Group uses third-party providers to support operations, including Brevo for email marketing, and WooCommerce/Shopify for eCommerce functionality. These providers may access data only as needed and must keep data secure and confidential.
Other Use Cases
Fourex Group may disclose personal data in connection with potential or actual sale/restructuring of the business, and may publish/share data with consent for competitions, events, community initiatives, or promotions.
Where personal data is transferred outside the UK, Fourex Group and partners comply with UK GDPR and use appropriate safeguards.
Cookies
Fourex Group’s website uses cookies, including Google Analytics, to understand visitor habits and volumes. Cookies are small files stored on your device that allow the website to recognise you.
You can disable cookies in your browser settings. For more information, please see Fourex Group’s cookie policy.
Data Subjects’ Rights
Data subjects have the right to:
- Access personal data held about them;
- Rectification of inaccurate data;
- Erasure in certain circumstances;
- Restriction of processing in certain circumstances;
- Object to processing in certain circumstances;
- Data portability in certain circumstances; and
- Rights related to automated decision-making and profiling, including requesting human intervention or challenging decisions.
Withdrawing Consent
Where processing is based purely on consent, you may withdraw consent at any time.
If you previously subscribed to marketing and no longer wish to receive it, you may unsubscribe via the link in marketing emails or contact [email protected].
SMS Marketing
If you opt in, you consent to receive marketing text messages from Fourex Group/EV2 about products, services, promotions and updates at the mobile number provided. Messages may be sent using automated technology and frequency may vary.
Consent to SMS marketing is optional and not a condition of purchasing goods or services.
You may withdraw consent at any time by replying STOP to a marketing text message or by contacting us directly.
Fourex Group uses Klaviyo and Brevo as third-party providers for SMS delivery. Your mobile number and related personal data may be shared with these providers for this purpose.
Personal data is processed in line with this Privacy Policy and applicable UK law, including UK GDPR and PECR.
If you opt out of marketing, we retain limited contact information to maintain your marketing preferences.
You also have the right to refuse requests to process your personal data for marketing purposes.
Making a Complaint
If you wish to complain about how Fourex Group handled your personal data, contact [email protected].
If you remain dissatisfied, you can complain to the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
ICO helpline: 0303 123 1113, or submit a complaint online via the ICO website.
Last Updated
This policy was last updated on 30 June 2025.
Fourex Group may change this policy from time to time and will inform you via email and banner notice on this website.