| Legal entity | UNIVERSALHOMEANDTECH LTD |
|---|---|
| Company number | 16534780 |
| Place of registration | England and Wales |
| Registered office | 15a Shrubbery Road, London, SW16 2AS, United Kingdom |
| ICO registration reference | ZC044007 |
| VAT position | Not VAT registered |
| Brand | TorScript |
| Website | https://torscript.com/ |
This Privacy Notice explains how UNIVERSALHOMEANDTECH LTD collects and uses personal data when a person visits https://torscript.com/, contacts the Company, creates an account, places an order, receives support, subscribes to marketing, interacts with marketplace order handling, or enters into a business relationship with the Company through the TorScript trading identity.
The Company uses personal data to operate the website, process orders, provide products or services, answer enquiries, keep legally required records, protect the business from fraud and misuse, improve customer support, manage marketing choices, and comply with law. The Company does not sell personal data.
TorScript is the Company's technology brand for self-hosted software catalogue products, support, website and digital audit services, custom software, implementation, migration and commissioned releases. Business customers may buy licences, request support, engage audits, or contract for custom work.
The Company may process names, business names, email addresses, billing details, order records, licence keys, download records, support tickets, technical environment information, IP addresses, security logs, project communications, statement-of-work records and payment references. Full payment card details are handled by payment providers and are not stored by the Company.
The Company does not deliberately collect special-category data, criminal-offence data, or children's data for this website. Customers should not send unnecessary sensitive information through ordinary support, order, review, or contact forms.
| Purpose | Lawful basis |
|---|---|
| Operating the website and account features | Legitimate interests in running a secure commercial website |
| Taking orders, supplying goods, software, or services | Contract or steps before entering a contract |
| Payment handling and fraud prevention | Contract and legitimate interests; payment providers act under their own notice |
| Delivery, fulfilment, downloads, licences, support and communication | Contract and legitimate interests |
| Tax, accounting, company and compliance records | Legal obligation |
| Security logging, abuse prevention and incident investigation | Legitimate interests and legal obligation where relevant |
| Direct marketing to subscribers | Consent |
| Marketing to existing customers for similar products where permitted | Legitimate interests and the UK PECR soft opt-in rule |
| Analytics or advertising tags where used | Consent |
Recipients may include PayPal, Revolut, hosting and infrastructure providers, communication systems used by the Company, professional advisers, security providers, and customer-approved providers needed for a project. Customer production data is processed only where the applicable service contract and data processing agreement authorise it.
The Company shares the minimum information reasonably needed for the relevant purpose. For example, a courier needs delivery details, a payment provider needs payment information, an accountant may need invoice records, and a marketplace may need order and dispatch updates.
Where personal data is transferred outside the United Kingdom, the Company uses an appropriate safeguard or route recognised by UK data protection law where required. This may include adequacy regulations, the International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or a recognised data privacy framework certification for a recipient that is eligible and certified.
| Record type | Retention approach |
|---|---|
| Order, invoice and tax records | Normally six years after the relevant tax or accounting period |
| Customer account records | Kept while the account is active and for a reasonable period for claims, support and fraud prevention |
| Support correspondence | Kept long enough to resolve the issue, evidence the outcome and handle repeat queries |
| Marketing consent and suppression records | Kept while marketing continues and then as needed to respect opt-out choices |
| Security logs | Kept for a short operational period unless needed for security, fraud, legal or incident response |
| Licence and service records | Kept for the life of the licence or service relationship and then as needed for legal, accounting and tax |
Customers may opt out of marketing at any time. Consent for non-essential cookies may be refused or withdrawn through the website's cookie controls where such technologies are used. A customer may also use browser settings to block some technologies, although blocking strictly necessary cookies may prevent account, basket, checkout or security features from working.
Individuals have rights under UK data protection law. Depending on the circumstances, these may include the right to request access to personal data, correction of inaccurate data, erasure, restriction, objection, portability, and withdrawal of consent. The Company responds to valid requests within the statutory period and may ask for information needed to confirm identity and locate the relevant records.
Where a person is unhappy with the handling of personal data, they may contact the Company first so the issue can be investigated. They may also complain to the Information Commissioner's Office at ico.org.uk. The Company keeps an internal record of privacy requests, response dates, decisions, exemptions relied upon, and any remedial steps taken.
The Company asks customers to contact it first so the matter can be investigated. A complaint may also be made to the Information Commissioner's Office at ico.org.uk.