Privacy Policy

Last Updated: June 16, 2025

This Privacy Policy explains how [Your Ecommerce Website Name] (“we,” “us,” or “our”), a UK-based company, collects, uses, shares, and protects your personal information when you visit or make a purchase from our website [insert website URL] (“Website”). We are committed to protecting your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

1. Information We Collect

We collect the following types of personal information:

1.1 Information You Provide to Us

Personal Details: Name, email address, phone number, billing and shipping address, and payment information (e.g., credit card details) when you create an account, place an order, or contact us.
Account Information: Login credentials, order history, and preferences if you create an account.
Communications: Information you provide when you contact customer service, participate in surveys, or engage with us via email, phone, or social media.
User-Generated Content: Reviews, comments, or other content you submit to the Website.

1.2 Information Collected Automatically

Usage Data: IP address, browser type, operating system, device information, pages visited, time spent on the Website, and referring URLs.
Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track your activity, improve your experience, and analyze Website performance. For more details, see our Cookie Policy.
Transaction Data: Details about your purchases, including products ordered, order total, and date of purchase.

1.3 Information from Third Parties

Payment Processors: We receive confirmation of payment details from third-party payment providers (e.g., PayPal, Stripe) to process transactions.
Analytics Providers: We use tools like Google Analytics to collect aggregated data about Website usage.
Marketing Partners: We may receive information from advertising or social media partners about your interactions with our ads.

2. How We Use Your Information

We use your personal information for the following purposes:

To Provide Services: Process and fulfill orders, manage accounts, deliver products, and provide customer support.
To Improve Our Website: Analyze usage data to enhance Website functionality, user experience, and product offerings.
To Communicate: Send order confirmations, shipping updates, promotional emails (with your consent), and respond to inquiries.
For Marketing: Deliver personalized advertisements, promotions, or newsletters based on your preferences and browsing behavior (you can opt out at any time).
For Legal Compliance: Comply with legal obligations, such as tax reporting, fraud prevention, and responding to law enforcement requests.
For Security: Protect against fraud, unauthorized access, and other illegal activities.

3. Legal Basis for Processing

Under the UK GDPR, we process your personal information based on the following legal grounds:

Contractual Necessity: To fulfill our contract with you (e.g., processing orders and delivering products).
Consent: For marketing communications or non-essential cookies, where you have given explicit consent.
Legitimate Interests: For activities like improving our Website, preventing fraud, or analyzing usage data, where our interests do not override your rights.
Legal Obligation: To comply with applicable laws, such as tax or consumer protection regulations.

4. How We Share Your Information

We may share your personal information with:

Service Providers: Third parties that assist with payment processing (e.g., Stripe), shipping (e.g., Royal Mail, DHL), website hosting, analytics, or marketing services. These providers are contractually obligated to protect your data and only use it for specified purposes.
Business Partners: With your consent, we may share data with partners for co-branded promotions or loyalty programs.
Legal Authorities: When required by law, such as in response to a court order, or to protect our rights, property, or safety.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties for their own marketing purposes.

5. International Data Transfers

As a UK-based company, most of our data processing occurs within the UK. However, some service providers (e.g., cloud storage or analytics providers) may be located outside the UK, including in the European Economic Area (EEA) or other countries. When transferring data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions, to comply with UK GDPR requirements.

6. Your Rights

Under the UK GDPR, you have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate or incomplete personal data.
Erasure: Request deletion of your data in certain circumstances (e.g., when it is no longer necessary).
Restriction: Restrict processing of your data in specific cases (e.g., while we verify disputed data).
Data Portability: Receive your data in a structured, commonly used format or have it transferred to another controller.
Object: Object to processing based on legitimate interests, including direct marketing.
Withdraw Consent: Withdraw consent at any time for processing based on consent (e.g., marketing emails).
Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or significant effects.

To exercise these rights, contact us at [insert contact email, e.g., privacy@yourwebsite.co.uk]. We will respond within one month, though complex requests may take longer. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

Order Data: Retained for 7 years to comply with UK tax and accounting laws.
Account Data: Kept until you delete your account or request erasure, unless required for legal purposes.
Usage Data: Retained for up to 2 years for analytics purposes, unless anonymized.
Marketing Data: Kept until you unsubscribe or withdraw consent.

When data is no longer needed, we securely delete or anonymize it.

8. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of sensitive data (e.g., payment information) during transmission and storage.
Secure servers and regular software updates to prevent unauthorized access.
Access controls to limit data access to authorized personnel only.
Regular security audits and vulnerability assessments.

However, no system is completely secure, and we cannot guarantee absolute security. Please notify us immediately at [insert contact email] if you suspect any unauthorized access to your account.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze Website performance, and deliver personalized content. Our Cookie Policy explains the types of cookies we use, their purposes, and how you can manage your preferences. You can adjust your cookie settings via the cookie banner or your browser settings.

10. Third-Party Links

Our Website may contain links to third-party websites, such as social media platforms or payment providers. We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing personal information.

11. Children’s Privacy

Our Website is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us at [insert contact email], and we will take steps to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our Website and, where required, by email. The “Last Updated” date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions, concerns, or wish to exercise your data protection rights, please contact our Data Protection Officer:

Email: [insert contact email, e.g., privacy@yourwebsite.co.uk]
Postal Address: [insert company address]
Phone: [insert phone number, if applicable]

Alternatively, you can contact the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or 0303 123 1113.

Cookie Policy

What Are Cookies?

Cookies are small text files stored on your device when you visit our Website. They help us provide a better user experience, analyze Website performance, and deliver personalized content.

Types of Cookies We Use

Essential Cookies: Necessary for the Website to function, such as maintaining your session or processing transactions.
Performance Cookies: Collect anonymized data about how you use the Website (e.g., pages visited) to improve its functionality.
Functional Cookies: Remember your preferences (e.g., language or currency) to enhance your experience.
Marketing Cookies: Track your activity to deliver personalized ads and measure campaign effectiveness.

Managing Cookies

You can manage cookie preferences through our cookie banner or your browser settings. Disabling cookies may affect Website functionality. For more information, visit www.allaboutcookies.org.

Third-Party Cookies

We use third-party services like Google Analytics and advertising platforms that may set their own cookies. These are subject to the third parties’ privacy policies.

By using our Website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your personal information as described.