No products in the cart.: $0.00
Who we are
UltraDesign (“the Service”) is operated by NEXARYON LIMITED (company number 17148886), with registered office at Studio No. 19, 138 Marylebone Road, London NW1 5PH, United Kingdom (“we”, “us”, “our”). The Service is accessible at ullltradesign.com.
What this policy covers
This policy explains how we collect, use, and protect personal data when you visit our website, create an account, browse our catalogue, or purchase digital assets from us. It has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data we collect
- Account data — name, email address, password hash, billing address.
- Transaction data — order history, invoice details, download logs. We do not store payment card numbers; card details are handled by our payment providers.
- Technical data — IP address, device type, browser, language preference, referring URL, pages visited. Collected via cookies and server logs.
- Support data — messages you send us through email or contact forms.
How we use it
- To create and manage your account.
- To fulfil purchases and deliver downloadable files.
- To send service notices (order confirmations, receipts, product updates to files you own).
- To diagnose technical issues and prevent fraudulent activity.
- With your explicit opt-in, to send marketing updates. You can withdraw consent at any time.
Legal bases
We rely on contract (to deliver what you purchase), legitimate interests (to keep the Service secure and to improve it), legal obligation (to meet tax and accounting requirements), and consent (for optional marketing).
How long we keep it
Account and transaction data are retained for seven years after your last purchase to meet HMRC record-keeping duties. Technical logs are retained for up to 90 days. Marketing data is kept until you unsubscribe.
Sharing
We share personal data only with processors that help us operate the Service — hosting, payment, email transmission, and analytics providers, each bound by written data-processing terms. We do not sell personal data.
International transfers
Where data is processed outside the UK, we rely on UK adequacy decisions or the International Data Transfer Addendum to the EU Standard Contractual Clauses.
Your rights
You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent. To exercise these rights contact us at info@ullltradesign.com. You may also lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).
Security
We use TLS for data in transit, hashed passwords, role-based access, and regular backups. No method of electronic storage is 100% secure; we do our best but cannot guarantee absolute security.
Contact
If you have any questions about this policy, please contact us:
- Email: info@ullltradesign.com
- Phone: +44 7893 926841
- Post: NEXARYON LIMITED (company number 17148886), with registered office at Studio No. 19, 138 Marylebone Road, London NW1 5PH, United Kingdom
Payment Card Data and PCI DSS Compliance
UltraDesign does not store, process or transmit full payment card numbers or card-verification data on its own servers. All card payments are handled by a regulated third-party payment service provider (PSP) that is certified as PCI‑DSS Level 1 compliant. The PSP collects card details directly from the customer’s browser through a hosted, tokenised iframe and returns to us only a transaction reference, the last four digits of the card, the card brand and the issuer country.
The PSP, the card networks (e.g. Visa, Mastercard) and the issuing bank are jointly responsible for the security of the cardholder data environment. Card transactions are protected by 3‑D Secure (Strong Customer Authentication) where supported by the issuer, and TLS encryption is enforced end-to-end.
The Company does not retain CVV / CVC, full PAN, full track data or PIN information at any point in the order flow. Limited transaction metadata (date, amount, currency, masked card number, issuer country, PSP transaction reference) is retained for accounting, fraud-monitoring and chargeback-defence purposes for the period required by applicable law.
This section should be read together with our AML Policy and the chargeback provisions of our Terms of Use.
Last updated: 29 April 2026.
Card Data and PCI DSS Compliance
NEXARYON LIMITED does not store, process, or transmit raw cardholder data on its own servers. All card payments are handled exclusively by our PCI DSS Level 1 certified payment service provider — the highest tier of compliance defined by the Payment Card Industry Security Standards Council (PCI SSC).
When you submit card details on our checkout page, the data is transmitted directly to the payment processor over an encrypted TLS 1.2+ connection, tokenized at the gateway, and never reaches our infrastructure. The only payment-related information we retain on our side is:
- the transaction reference (provided by the gateway);
- the last four digits of the card and the card brand (Visa, Mastercard, etc.) — for order-management, refunds, and chargeback evidence;
- the billing name, address, and email address you provided at checkout — for invoicing and customer-support purposes.
If you exercise your right to access, rectify, or delete your data under the UK GDPR or the EU GDPR (see Your Rights section above), the order metadata may be retained for up to seven (7) years after the transaction in compliance with anti-money-laundering, accounting, and tax-record-keeping obligations applicable to NEXARYON LIMITED.
For details on how the payment provider itself handles your data, please consult the privacy notice of the gateway disclosed at the moment of checkout.
