WHO ARE WE AND WHAT IS OUR APPROACH TO YOUR PRIVACY?

We are committed to protecting your personal data and respecting your privacy.  This Privacy Policy explains how we collect, use, disclose, and protect your personal information, your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and how you can manage your data.

DATA CONTROLLER

WHAT INFORMATION WE COLLECT
We may collect the following types of personal data:

  • Identity Data: Name, date of birth, and gender.
  • Contact Data: Billing address, delivery address, email address, and phone numbers.
  • Account Data: Username, password, and purchase history.
  • Transaction Data: Payment details (processed securely via third parties), order details, and returns.
  • Marketing Data: Preferences regarding receiving marketing communications.
  • Technical Data: IP address, browser type, device information, cookies, and online identifiers.
  • Usage Data: Information about how you use our website, products, and services.
  • Third-Party Data: Information from partners, data brokers, or public sources.

HOW WE USE YOUR PERSONAL DATA
We process your data under the following lawful bases:

  • Performance of a Contract: To process and deliver your orders, manage payments, and provide customer support.
  • Consent: For marketing communications (you can withdraw consent at any time).
  • Legal Obligation: To comply with legal or regulatory obligations.
  • Legitimate Interests: To improve our services, prevent fraud, and conduct marketing (balancing our interests with your rights).

MARKETING COMMUNICATIONS
You can opt out of marketing at any time by:

  • Clicking the ‘unsubscribe’ link in emails
  • Updating preferences in your online account

SHARING YOUR INFORMATION
We may share your data with:

  • Trusted service providers (e.g., payment processors, delivery companies)
  • Marketing partners and data analytics providers
  • Legal authorities, if required by law
  • Third parties if part of a business transfer or merger

INTERNATIONAL DATA TRANSFERS
Some of our service providers operate outside the UK. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses
  • Transfers to countries with UK data adequacy decisions

DATA RETENTION
We retain your personal data only for as long as necessary:

  • Active customers: Data retained while you use our services
  • Inactive accounts: Data deleted after 6 years of inactivity unless required for legal reasons

YOUR RIGHTS UNDER UK GDPR
You have the following rights:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Restriction: Limit processing of your data
  • Data Portability: Receive your data in a structured, commonly used format
  • Objection: Object to processing based on legitimate interests or direct marketing
  • Withdraw Consent: At any time, where processing is based on consent

COOKIES AND TRACKING TECHNOLOGIES
Our website uses cookies to enhance user experience. For detailed information, please see our Cookie Policy. You can manage cookie preferences through your browser settings.

SECURITY MEASURES
We implement technical and organisational measures to protect your personal data, including encryption, secure servers, and regular security reviews.

THIRD-PARTY LINKS
Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies separately.

KLARNA PAYMENTS
If you choose Klarna for payment, your personal data will be processed in accordance with Klarna’s privacy policy.

CHANGES TO THIS PRIVACY POLICY
We may update this policy from time to time. Any changes will be posted on this page, and significant changes will be communicated to you directly.