Cookies help us deliver our services. By using our services, you agree to our use of cookies.
Privacy notice
Last Updated: February 8, 2025
Your privacy matters to us. This notice explains how we collect, use, and protect your personal information.
Quick Summary
We collect information to process orders, improve our services, and provide customer support. We don't sell your data and use industry-standard security measures to protect it.
Your Rights at a Glance
Access
See what data we have
Correct
Update inaccurate info
Delete
Remove your data
Opt-out
Stop tracking/marketing
1. Information We Collect
We take your privacy seriously. This section outlines the types of information we collect when you use our website or services. The information is grouped into two categories: Personal Information and Non-Personal / Technical Information.
A. Personal Information
We may collect the following personal details to process your orders, provide support, and improve your overall experience:
Identity & Contact
- Identifiers: Full name, email address, phone number
- Addresses: Billing and shipping addresses
- Account Details: Username and encrypted password
Payment & Order Data
- Payment Info: Processed securely via Stripe, PayPal, and SuperPayments
- Order History: Purchase records and preferences
- Communication: Support emails and chat logs
Security Note: We never store full credit card numbers. All payment data is handled by PCI DSS compliant processors.
B. Non-Personal & Technical Information
We automatically collect technical and usage-related information to help us maintain and improve the performance and security of our services:
- IP address and geographic location (country/city level)
- Browser type, version, and language settings
- Device information (mobile, desktop, tablet)
- Operating system and screen resolution
- Pages visited, time spent, and navigation patterns
- Referral sources and search terms
| Category | Purpose | Examples | Duration |
|---|---|---|---|
| Essential | Core functionality | Shopping cart, login sessions | Session/1 year |
| Analytics | Usage insights | Google Analytics, Hotjar | 2 years |
| Marketing | Personalized ads | Facebook Pixel, Google Ads | 30-180 days |
You may manage your cookie preferences at any time via your browser settings or through our cookie consent banner.
2. How We Use Your Information
We process your information only where we have a lawful basis to do so. The data you provide is used for the following purposes:
Order Processing
We use your personal and payment information to process and deliver your purchases. Transactions are handled securely through third-party providers such as Stripe and PayPal.
Customer Support
Your contact details and any communication you send to us are used to respond to inquiries and provide assistance as needed.
Marketing and Advertising
We may use non-sensitive data to tailor marketing content and display relevant advertisements:
- Facebook Pixel: Enables targeted advertising based on user behaviour and preferences.
- Google Merchant Center: Allows us to display our products in relevant shopping ads and listings.
Website Analytics and Improvements
We analyse how users interact with our site in order to improve usability, performance, and content:
- Google Analytics: Tracks page visits, traffic sources, and user journeys.
- Hotjar: Provides insight into user behaviour through session recordings, heatmaps, and feedback tools.
Legal Compliance
We may use your data where necessary to comply with legal obligations, including fraud prevention, regulatory reporting, and tax requirements.
3. How We Share Your Information
We do not sell, rent, or trade your personal information. However, we may share limited data with trusted third parties where necessary to operate our services and fulfil our obligations. These include:
Payment Processors
- Stripe: Credit/debit card processing
- PayPal: Digital wallet payments
- SuperPayments: Alternative payment methods
We share only necessary payment details. Full card numbers are never stored on our systems.
Shipping Partners
- Royal Mail: UK and international shipping
- Local Carriers: Regional delivery services
Your name, address, and contact details are shared for successful delivery.
Analytics Services
- Google Analytics
- Hotjar (heatmaps & recordings)
- Google Search Console
Anonymous usage data only
Marketing Platforms
- Facebook Pixel
- Google Merchant Center
- Email marketing services
For targeted advertising optimization
Legal Requirements
- Law enforcement requests
- Court orders/subpoenas
- Regulatory compliance
Only when legally required
Data Processing Agreements: All third-party processors sign data processing agreements ensuring they handle your data according to our privacy standards.
5. Data Security & Retention
We implement comprehensive security measures to protect your personal information and only retain data as long as necessary.
Advanced Security Measures
- SSL/TLS Encryption: 256-bit encryption for all data transmission
- PCI DSS Compliance: Level 1 payment card security standards
- Two-Factor Authentication: Available for account protection
- Access Controls: Role-based employee access restrictions
- Regular Security Audits: Quarterly penetration testing
- Secure Data Centers: ISO 27001 certified facilities
- Data Backup: Encrypted, geographically distributed backups
Enhanced Data Retention
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Order Records | 7 years | Tax compliance |
| Marketing Data | Until opt-out | Consent |
| Support Records | 3 years | Quality assurance |
| Analytics Data | 26 months | Legitimate interest |
| Account Data | Until deletion | Contract performance |
| Payment Logs | 10 years | Financial regulations |
Security Disclaimer: While we implement robust security measures including industry best practices and regular security assessments, no system is 100% secure. We cannot guarantee absolute protection against all potential threats.
Automated Deletion: We automatically delete data when retention periods expire, ensuring compliance with privacy regulations and minimizing data exposure.
6. Your Privacy Rights
Depending on your location and applicable privacy laws (GDPR, CCPA, etc.), you may have the following rights:
Access & Portability
- Request a copy of your personal data
- Download your data in a portable format
- Know what data we collect and how we use it
Correction & Deletion
- Correct inaccurate or incomplete data
- Request deletion of your personal data
- Withdraw consent for data processing
Opt-Out Options
Analytics Tracking
Advertising
Email Marketing
- Unsubscribe links in emails
- Contact customer service
How to Exercise Your Rights: Visit our Contact Us page to submit privacy requests. We may need to verify your identity and will respond within 30 days as required by applicable law.
7. Children’s Privacy
Our website and services are not intended for use by children under the age of 16. We do not knowingly collect, use, or store personal information from anyone under this age.
If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
8. Changes to This Notice
We may update this Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.
Any updates will be posted on this page, along with a revised “Last Updated” date at the top of the notice. We encourage you to review this page periodically to stay informed about how we protect your personal data.
9. Contact Us
For privacy-related questions, concerns, or requests, please contact our privacy team:
Privacy Support Team
Contact Method: Complete our secure contact form
Submit Privacy RequestResponse Times:
- Urgent Privacy Matters: Within 24 hours
- Data Access Requests: Within 30 days
- General Privacy Questions: Within 48 hours
- Deletion Requests: Within 30 days
Languages: English
Available: Monday-Friday, 9 AM - 6 PM GMT
Complaint Process
If you're not satisfied with our response, you may file a complaint with your local data protection authority:
- UK: ICO (Information Commissioner's Office)
- EU: Your national DPA
- US: State Attorney General's Office
Third-Party Services & Privacy Policies
We work with trusted partners to provide our services. Each has their own privacy practices:
Payment Processors
Analytics & Marketing
Shipping Partners
Note: These third-party services may collect data independently of our website. Please review their privacy policies for complete information about their data practices and your rights.
Legal Basis for Processing (GDPR)
For EU residents, we process your data based on the following legal grounds:
Contract Performance
Processing orders and providing services you've requestedLegitimate Interest
Analytics, marketing, fraud prevention, and service improvementConsent
Optional marketing communications and non-essential cookiesLegal Obligation
Tax records, regulatory compliance, and fraud preventionData Processing Impact Assessments: We conduct regular privacy impact assessments to ensure our processing activities remain compliant with GDPR and other applicable privacy laws.
Privacy Commitment Statement
We are committed to protecting your privacy and handling your personal data with care, transparency, and in accordance with all applicable privacy laws.
Secure by Design
Privacy and security considerations are built into all our systems and processes from the ground up.
Transparent Processing
We provide clear information about what data we collect, how we use it, and your rights regarding your personal information.
User Control
You have meaningful choices and control over your personal data, including the ability to access, correct, or delete it.