Direct Oil
Your Account
Direct Oil
About Us
News and Blog
Picture of the authorWhere WeDeliver
Picture of the authorFAQs
Picture of the authorHow To PlaceAn Order
Contact Us
Your Account

Privacy Policy

Direct Oil Privacy Notice

Effective Date: 1 June 2026

Introduction

WFL (UK) Limited trading as Direct Oil (“we”, “us”, “our”), is committed to protecting your privacy and handling personal data in a lawful, fair, and transparent manner.

This Privacy Policy explains:

  • what personal data we collect,
  • how and why we use it,
  • how we protect it,
  • how long we keep it, and
  • the rights you have under data protection law.

Scope

This Privacy Policy applies to personal data collected when you:

  • visit our websites,
  • register for or use our Services,
  • purchase or enquire about our products or services,
  • contact us by phone, email, webchat, or other means

This Privacy Policy does not apply to third-party websites or services that we do not own or control, even if our Services link to them.

Who we are and how to contact us

Data Controller
Direct Oil trading as WFL (UK) Limited.

Registered address
Direct Oil
Callow Park
Callow Hill
Brinkworth
Chippenham
SN15 5FD

Email: privacy@directoil.co.uk

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.

Supervisory authority (UK)
Information Commissioner’s Office (ICO) – www.ico.org.uk

Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Identity & contact data

  • Name, address, email address, telephone number

Account and service data

  • Account identifiers, login credentials (where applicable)
  • Customer service communications

Transaction and billing data

  • Products and services purchased or requested
  • Delivery and service history
  • Payment status and transaction records
    (Payment card data is processed securely via approved payment providers.)

Marketing and communications

  • Marketing preferences and consent records
  • Subscription and communication history

Technical and usage data

  • IP address, browser type, device information
  • Website and portal usage analytics
  • Cookie identifiers and similar technologies

Visitor and site security data

  • Visitor sign-in records
  • CCTV recordings where deployed lawfully

Business contact data

  • Contact details of individuals at organisations we do business with

We do not intentionally collect special category data unless necessary (for example, to meet health and safety requirements or provide reasonable adjustments).

How we collect personal data

We collect personal data:

  • Directly from you (forms, calls, emails),
  • Automatically via cookies and usage analytics when you use our website,
  • From third parties where necessary (e.g. payment providers, fraud prevention services, business partners, publicly available sources).

How we use personal data

We use personal data for the following purposes:

Providing our services

  • To supply products and services you request
  • To manage customer accounts and enquiries
  • To process transactions and deliveries

Operating and improving our business

  • To maintain, protect, and improve our Services
  • To analyse usage and performance
  • To support service continuity and resilience

Marketing and communications

  • To send service-related communications
  • To send marketing communications where permitted by law and in line with your preferences

Legal, security and regulatory purposes

  • To comply with legal and regulatory obligations
  • To prevent fraud and misuse
  • To investigate and respond to incidents

Lawful bases for processing

Under the UK GDPR, we process personal data using one or more of the following lawful bases:

  • Contract – where processing is necessary to provide products or services
  • Legal obligation – where required to comply with the law
  • Legitimate interests – to operate and protect our business, systems, and customers
  • Consent – where required (e.g. certain marketing or cookie activities)
  • Vital interests – rarely, where necessary to protect life or safety

Where we rely on consent, you may withdraw it at any time.

Cookies and similar technologies

We use cookies and similar technologies to:

  • operate and secure our websites and portals,
  • remember preferences,
  • analyse usage and performance,
  • support marketing activities where consent has been given.

You can manage cookies through:

  • our cookie preference tools (where available),
  • your browser settings.

Further details are provided in our Cookies Policy.

Sharing personal data

We may share personal data with:

Service providers

Third-party suppliers who support our business (e.g. IT systems, payment processing, customer support, analytics, security monitoring). All such suppliers are required to process personal data securely and in accordance with contractual and legal obligations.

Business transactions

If WFL (UK) Limited trading as Direct Oil undergoes a business reorganisation, merger, or asset transfer, personal data may be shared where necessary and subject to safeguards.

Legal or regulatory disclosures

Where required by law or to protect rights, safety, or security. We do not sell personal data for monetary value.

International Transfers

Personal data is primarily processed in the UK. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations,
  • contractual safeguards recognised under UK GDPR.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including:

  • providing our Services,
  • meeting legal and regulatory obligations,
  • resolving disputes and enforcing rights.

When data is no longer required, it is securely deleted or anonymised.

Security

We use technical and organisational measures designed to protect personal data, including:

  • access controls and least privilege,
  • strong authentication and monitoring,
  • encryption and secure configurations where appropriate,
  • supplier security requirements.

While no system is completely secure, we take proportionate steps to reduce risk and respond effectively to incidents.

Personal Data Incidents

If a personal data incident occurs, we follow documented incident and breach procedures to:

  • assess risk,
  • contain and remediate issues,
  • meet regulatory notification obligations where required.

Children

Our Services are not directed at children, and we do not knowingly collect personal data from them.

Your rights

Under UK data protection law, you may have the right to:

  • access your personal data,
  • correct inaccurate data,
  • request deletion where applicable,
  • restrict or object to processing,
  • data portability (where applicable),
  • withdraw consent,
  • lodge a complaint with the ICO.

To exercise your rights, contact privacy@directoil.co.uk.

Automated decision-making

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on individuals.

Links to other websites

Our Services may link to third-party websites. We are not responsible for their privacy practices, and you should review their privacy policies before providing personal data.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Updates will be reflected by revising the “Last updated” date.