Limitless is now 100% GDPR compliant:
All of our customer data is held on secure servers and access to customer data is carefully controlled.
We wrote to all of our customers in May (three times) presenting our GDPR policy and asking them to actively opt in to our communications. We now only communicate with those customers who have done so.
We have defined a ‘right to be forgotten’ process, but as yet have had no need to use it – our defined period of data retention is 12 months to fully support to ordering and returns duration.
We do keep past histories of our transactions, as our Returns policies effectively allow a historic customer to return an item which has fallen short of standard, even many years into the future, albeit any customer who exercises their ‘right to be forgotten’ option will be anonymised in our database.