Privacy Policy
1. Who We Are
We are the data controller for the personal data collected through [DOMAIN]. For any data protection queries, contact us via the details on our Contact page.
2. What Data We Collect
We collect the following personal data when you interact with our Website:
| Data Category | Examples | When Collected |
| Identity Data | Full name | Account registration, checkout, contact form |
| Contact Data | Email address, phone number, delivery address, billing address | Checkout, account registration, contact form |
| Transaction Data | Order history, payment amounts, products purchased | When you place an order |
| Payment Data | Card type, last 4 digits (full card details are NOT stored by us) | Checkout (processed by Stripe/PayPal) |
| Technical Data | IP address, browser type, operating system, device type | Automatically when you visit the site |
| Usage Data | Pages visited, time on site, click patterns | Automatically via analytics cookies |
| Communication Data | Contact form messages, email correspondence, support tickets | When you contact us |
| Marketing Data | Email subscription preferences | When you subscribe to our newsletter |
3. How We Use Your Data
We use your personal data for the following purposes:
- To fulfil your orders — processing payments, dispatching products, providing order updates (legal basis: contract performance)
- To manage your account — maintaining your customer account and order history (legal basis: contract performance)
- To communicate with you — responding to enquiries, providing customer support (legal basis: legitimate interest)
- To send marketing communications — newsletters, product launches, promotions (legal basis: consent; you can unsubscribe at any time)
- To improve our Website — analysing usage patterns, optimising user experience (legal basis: legitimate interest)
- To comply with legal obligations — tax records, fraud prevention, regulatory requirements (legal basis: legal obligation)
4. Who We Share Your Data With
We share your personal data only with the following categories of third parties, and only to the extent necessary:
- Payment processors — Stripe and/or PayPal for secure payment processing
- Courier services — Royal Mail, DPD, or other carriers for order delivery
- Email service providers — for transactional emails and marketing communications
- Analytics providers — Google Analytics for website usage analysis (anonymised where possible)
- Hosting providers — our web hosting company for website infrastructure
- Legal and regulatory authorities — where required by law
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
5. Data Retention
- Order data: Retained for 6 years from the date of purchase (UK tax and accounting requirements)
- Account data: Retained for as long as your account is active, plus 2 years after last activity
- Marketing data: Retained until you unsubscribe or request deletion
- Contact form data: Retained for 12 months from the date of enquiry
- Analytics data: Anonymised and retained for 26 months
6. Your Rights (UK GDPR)
Under UK data protection law, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data (subject to legal retention requirements)
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest, including direct marketing
- Right to withdraw consent — where processing is based on consent, you can withdraw at any time
To exercise any of these rights, contact us via our Contact page. We will respond within 30 days.
7. Cookies
We use cookies on this Website. For full details on the cookies we use and how to manage them, please see our cookie policy
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including SSL encryption for all data transmission, secure payment processing via PCI-DSS compliant providers, restricted access to personal data on a need-to-know basis, and regular security reviews of our systems.
While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
9. International Transfers
Your personal data is primarily processed within the UK. Where data is transferred outside the UK (for example, to US-based service providers), we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
10. Children’s Privacy
Our Website and products are not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from someone under 18, we will delete it immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.
12. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
13. Contact
For any queries regarding this Privacy Policy or your personal data, please visit our Contact page.