PRIVACY POLICY

Last updated: 6 September 2025

1) Who we are

Shisha2Go is a trading name of ATWI HOLDINGS LIMITED (Company No. 15687724), registered office: Stanmore Business & Innovation Centre, Howard Road, Stanmore, England, HA7 1BT.
Data controller: ATWI HOLDINGS LIMITED.
Contact for privacy matters: contact@shisha2go.co.uk

2) Scope

This policy explains how we handle personal data when you browse our website (www.shisha2go.co.uk). It does not cover third-party sites or apps. If you place an order or use age-verification, see the relevant notices presented at checkout (we keep our website data collection minimal).

3) What we collect (minimal data)
Outside of communications you initiate with us, we only store and exchange Internet Protocol (IP) addresses collected automatically when you visit the site. IP addresses are personal data under UK GDPR.

We also use the Meta Pixel (see section 5). When you consent to marketing cookies, Meta may receive event data from your browser (which can include your IP address, device and browsing context). We do not store that event data on our servers.

4) Why we use your data (lawful bases)

  • Legitimate interests (UK GDPR Art. 6(1)(f)): to keep our site secure (fraud/abuse prevention, rate limiting), operate our server logs, and produce basic, non-identifying metrics.

  • Consent (Art. 6(1)(a)): for the Meta Pixel and any non-essential cookies. We only run these after you click “Accept” on our cookie banner. You can withdraw consent at any time (see section 8).

  • Legal obligations (Art. 6(1)(c)) where applicable: for example, to assist law-enforcement in preventing crime.

5) Meta Pixel (marketing cookies)

With your consent, we use the Meta Pixel to understand website performance and (where permitted) measure conversions or create aggregated audiences for our own ads on Meta technologies. The Pixel lets Meta receive certain event data from your browser (e.g., page views, button clicks) which may be associated with your Meta account in line with Meta’s terms.

  • We do not store Meta Pixel event data on our servers.

  • You can manage/withdraw consent at any time (see section 8).

  • You can also control how Meta uses data for ads in your Facebook/Instagram Ad Preferences and Off-Facebook Activity settings.

6) Who we share data with

We share or disclose IP addresses only with:

  • Our hosting/CDN and security providers (for delivery of the site, DDoS protection, logging and abuse prevention).

  • Meta Platforms when you have consented to Meta Pixel cookies (Meta receives event data directly from your browser).

  • Authorities or legal advisers if required by law or to establish, exercise, or defend legal claims.

We do not sell personal data.

7) International transfers

Where services involve processing outside the UK/EEA (for example, Meta’s infrastructure), transfers are protected by standard contractual clauses or other appropriate safeguards adopted by the provider.

8) Your choices & cookie controls

  • You can Accept / Reject / Manage cookies on our banner. Non-essential cookies (including the Meta Pixel) are off by default until you consent.

  • Change your choice anytime via Cookie Settings in our footer.

  • You can also use your browser’s controls to block or delete cookies.

9) Retention

  • Server logs (IP addresses): kept for up to 30 days for security and troubleshooting, then deleted or anonymised.

  • Aggregated, non-identifying metrics: may be kept longer.
    We do not store Meta Pixel event data ourselves.

10) Your rights

You have rights to access, rectify, erase, restrict or object to processing of your personal data, and (where applicable) data portability. Where processing is based on consent (e.g., Meta Pixel), you can withdraw consent at any time in Cookie Settings—this won’t affect processing before withdrawal.

To exercise your rights, email privacy@shisha2go.co.uk. You also have the right to complain to the Information Commissioner’s Office (ICO) if you’re unhappy with how we handle your data.

11) Security

We use industry-standard technical and organisational measures (HTTPS, access controls, least-privilege accounts, log retention limits) to protect server logs and prevent misuse.

12) Children

Our services are for adults 18+. We do not knowingly collect personal data from children via the website.

13) Changes to this policy

We may update this notice from time to time. The latest version will always appear on this page with an updated “Last updated” date.

Cookie summary (for your banner / cookie page)

  • Strictly necessary: site operation, security (always on; no consent needed).

  • Analytics/Marketing (off by default): Meta Pixel – only runs with your consent.

Contact

Questions about this policy? Email contact@shisha2go.co.uk.

Go to homepage

Go to homepage

Order Now