GDPR

GDPR Compliance Statement

We are committed to protecting your personal data and respecting your privacy. As an organisation operating within the UK, we comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection laws.

Lawful basis for processing

We only process personal data when we have a lawful basis to do so. Depending on the interaction, this may include:

– Consent — for example, when you submit a contact form or opt in to cookies.  

– Contractual necessity — such as processing your details to fulfil a shop order.  

– Legitimate interests — including website security, spam prevention, and improving site functionality.  

– Legal obligation — such as retaining financial records for accounting and tax purposes.

Your rights under GDPR

Under the UK GDPR, you have the right to:

– Access the personal data we hold about you.  

– Rectify inaccurate or incomplete data.  

– Erase your data (“right to be forgotten”) where applicable.  

– Restrict or object to certain types of processing.  

– Data portability, allowing you to request your data in a structured, commonly used format.  

– Withdraw consent at any time where consent is the basis for processing.

To exercise any of these rights, please contact us using the details provided on our website.

Data security

We take appropriate technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction.

Data retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or to meet legal, accounting, or reporting requirements. Specific retention periods are outlined in our Privacy Policy.

Third‑party processing

Where necessary, we share data with trusted third‑party providers such as:

– Payment processors (for shop purchases)  

– Delivery services  

– Spam detection and security services  

– Website hosting and analytics providers  

All third parties are required to handle your data securely and in accordance with GDPR.

International data transfers

If any third‑party services transfer data outside the UK, they must do so under approved safeguards such as adequacy decisions or standard contractual clauses.

Contact details

If you have questions about how we handle your data or wish to exercise your rights, please contact us via the contact details on our website.

If you believe your data has been mishandled, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).