Your privacy
You may use our websites anonymously, and we only process your personal data where the processing is lawful and legitimate.
The data we collect will be adequate and relevant for the purpose intended. We will keep accurate records and take steps to correct or delete inaccurate data on request, or when we deem it necessary (for example a misspelled delivery address).
What personal data we collect and why we collect it
This site does not collect personal data, except when:
- You buy something from us using this website. In this case, we will collect necessary personal details to fulfil your purchase. When you place an order, we also capture your IP Address but this is only used to identify and combat fraud and spam, and to manage orders in our systems. You provide your information to us at your free will in order for us to complete your transactions.
- You choose to contact us. In this case, we will collect your email address and whatever additional personal data you choose to send us via our web form (e.g. as a minimum we need/ask for your email address so that we can respond to you, but you may also include additional information such as your name) to respond to your request.
When you choose to buy from one of our external shops (e.g. a marketplace), personal details required for the processing of your order are passed to us by that shop, but this site does not collect or store that data.
If you contact us via separate email, then this site does not store your information, but we will hold that elsewhere.
We collect your data on a consent basis where you place an order with us, or pass us your data voluntarily, or make an enquiry. Where we have a contractual relationship, we will collect necessary data necessary to fulfil the contract, and collect data to meet legal obligations such as tax and accountancy purposes.
Who we share your data with
We don’t share your data, expect for necessary delivery information passed to postal services essential to deliver items that you buy. For UK orders, we usually send items by UK Royal Mail or a courier, but for overseas transactions, parcels are often passed to local delivery services, customs etc, who will therefore also have access to the necessary delivery details.
We will not sell your data, or give it away.
When you choose to buy from one of our external shops (e.g. a marketplace), you are buying from that external shop and the specific Terms and Conditions stated on that external shop applies to your purchase, otherwise our Terms and Conditions and Privacy Policy applies at all times and without exception.
Where we receive or process your order on this website, our Terms and Conditions and Privacy Policy applies at all times and without exception.
If we are required legally, or requested by law enforcement, to provide data to them we will provide that data. For example, this might be in relation to money laundering, fraud investigations or other suspected breaches of the law or regulations.
Our payment providers
We use PayPal (EU) to provide payment services. It is necessary for us to pass necessary data to PayPal to complete your purchase transaction. We do not hold payment details on our website nor in our systems, such as card numbers, bank details or any other similar financial information. We store your PayPal ID and the PayPal transaction references as part of our sales records.
For payment taken on the PayPal payment services, PayPal are acting as a Data Controller. Their Privacy Policy can be found on the PayPal site. Their contact point for questions relating to their Privacy Policy and for GDPR enquiries can also be found on their site. If you wish to exercise your GDPR Rights over data processed by PayPal, you must contact PayPal directly or make your changes directly in your PayPal account if suitable.
How long do we retain your data
In the case of emails, requests, enquiries and other communications you send to us, we will retain those details for as long as we think we have an ongoing communication or the opportunity for business, or of we are unable to determine if the enquiry is complete. We typically review stored data every 12 months and delete what we no longer deem necessary. This might happen where you have not contacted us with follow-on questions or enquiries, or we have otherwise lost touch.
Where you make a purchase or other financial transactions, we will retain the data for up to 7 years for mandatory Accounting and Tax reporting purposes, and for historical records.
We will retain data where we have a lawful need such as collecting debts owed to us, in legal defence or other action, or for mandatory legal or statutory purposes, or where we have been asked or required to maintain that data for other legal purposes such as law enforcement.
If you are a past customer, we will retain your data until we are no longer required to comply with contractual, tax, accounting or legal obligations.
Our live website data (including your information relating to your orders) is stored in a UK data centre. Daily website backups are stored online in that data centre typically for 30 days. Our archived backups and other records that might contain personal data are stored offsite in encrypted data storage. Our email systems also use encrypted data storage.
We do not offer any facility for visitors or customers to setup up registered “accounts” on our website, but to supply data necessary to process each individual order.
What rights you have over your data
We pay close attention to data privacy and security. You have the following rights, as set out in the GDPR regulation:
Right to be informed. We will tell you what data we are collecting and why, how long we will keep that data, and if it will be shared or stored with a 3rd party. We give you privacy information at the point of collection (for example, we will explain this on web forms before you submit your data).
Right of access. You have the right to obtain confirmation that your data is being processed, and information about its processing, retention period or retention criteria, where it was collected, how and where it is processed, if it shared, and other supplemental information.
You have the right to access your data for no charge (except where permitted by law). To avoid a data breach, we will verify your identity before we process your request.
Right to rectification. We will correct inaccurate or update incomplete data when you ask us to, without charge (except where permitted by law), taking steps to ensure the updated data is accurate.
Right to be forgotten. You can ask us to delete your personal data.
Right to restrict processing. This is an alternative to the “right to be forgotten” used to restrict the processing of data for a temporary period.
Right to data portability. You have the right to obtain and reuse personal data that you have previously consented to give us or is used for the performance of a contact, and that is processed in electronic format.
Right to object. You may ask us to stop processing your personal data.
Under the GDPR, you also have “rights related to automated decision making including profiling”; although we do not perform “automated decision making including profiling” in our systems.
Exercising your GDPR rights
To exercise your Right provided by the GDPR regulation, get in touch with us here. We will retain an electronic audit record of each “rights request” and how we handled the request. To properly protect your and other subjects’ data, we may ask you form additional identification information so that we can verify your identity.
Contacting the UK supervising authority
The UK supervising authority for privacy matters is the UK ICO (Information Commissioner’s Office). You have a right to complain to the ICO. We always want to deal with concerns fairly and quickly, so please let us know what we can do to address any questions before you contact the ICO.
If you have questions
If you have questions, please contact us.
Revisions
Updated October 2024 to better explain aspects of this policy.