Privacy PolicyEffective date: [Insert date, e.g., 20 March 2026]
Last updated: [Insert date][Your Business Name / Trading Name] (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website [yourwebsite.co.uk], place orders, or interact with our services.We are the data controller for the personal data we process. Our registered office / principal place of business is:
[Your full business address]
Company number: [If registered]
Email: [your privacy/contact email, e.g. privacy@yourwebsite.co.uk]
Telephone: [optional]We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Personal data we collect
We collect the following types of personal data:
- Identity and contact data: name, billing/shipping address, email address, telephone number.
- Transaction data: details of products purchased, order history, payment amounts (we do not store full card details ourselves — see Payment section below).
- Technical data: IP address, browser type/version, operating system, time zone, device information, pages visited, time/date of visits (collected automatically via server logs and WooCommerce functionality).
- Usage data: information about how you use our site and services (e.g., products viewed, cart contents).
- Marketing and communications data: your preferences for receiving marketing from us (if you have opted in).
We do not collect special category data (e.g., health, race, religion) or data about children.
2. How we collect your personal data
- Directly from you when you: create an account, place an order, contact us, subscribe to newsletters (if applicable), or fill in forms.
- Automatically via cookies, server logs, and WooCommerce analytics when you browse the site (see our separate Cookie Policy for details).
- From third parties only where necessary (e.g., payment confirmation from your card issuer or shipping carrier updates).
3. How we use your personal data (purposes and lawful basis)
We process your personal data only where we have a lawful basis under UK GDPR. The main bases we rely on are:
| Purpose | Types of data | Lawful basis |
|---|---|---|
| To process and fulfil your orders, including payment processing, shipping/delivery (including internationally) | Identity, contact, transaction | Performance of a contract (Art. 6(1)(b) UK GDPR) |
| To manage your account and provide customer support | Identity, contact, transaction | Performance of a contract + legitimate interests (Art. 6(1)(f)) |
| To comply with legal obligations (e.g., tax/VAT records, fraud prevention) | Identity, transaction | Legal obligation (Art. 6(1)(c)) |
| To improve our website/services (aggregated/anonymised usage stats only) | Technical, usage | Legitimate interests (Art. 6(1)(f)) |
| To send transactional emails (order confirmations, shipping updates) | Contact | Performance of a contract |
| Direct marketing (if you have opted in) | Contact, preferences | Consent (Art. 6(1)(a)) — you can withdraw at any time |
We do not carry out automated decision-making or profiling that produces legal effects.
4. Payment processing
We use WooCommerce to facilitate payments. Full payment card details are not stored on our servers. Payments are processed securely by third-party payment service providers (e.g., Stripe, PayPal, or whichever gateway(s) you use — list them here if known). These providers act as separate data controllers/processors and have their own privacy policies. We receive only limited confirmation data (e.g., payment reference, last 4 digits) necessary to complete your order.
5. Sharing your personal data
We do not sell, rent, or share your personal data with third parties for marketing purposes.We may share your data only where strictly necessary:
- With payment processors (to process payments).
- With shipping/delivery carriers (to fulfil international or domestic delivery — e.g., Royal Mail, DPD, UPS).
- With our professional advisers (e.g., accountants for tax compliance) under strict confidentiality.
- If required by law, court order, or to protect our rights.
All such recipients are required to respect the security of your data and treat it in accordance with the law.
6. International transfers
As we ship products internationally, your personal data (particularly shipping address and contact details) may be transferred to countries outside the UK (e.g., non-adequate countries). Where this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK government, or
- The destination country has an adequacy decision from the UK.
Payment processors and carriers typically provide equivalent protections.
7. Data security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction (e.g., encryption, secure hosting, access controls, regular security updates to WooCommerce/WordPress).However, no method of transmission over the internet is 100% secure.
8. Data retention
We keep personal data only for as long as necessary:
- Order/account data: 6 years after your last order (for tax/legal reasons).
- Marketing data: until you unsubscribe/withdraw consent.
- Technical logs: usually 12–24 months or shorter.
After this, data is securely deleted or anonymised.
9. Your rights under UK GDPR
You have the following rights (subject to exceptions):
- Access your data (subject access request)
- Rectify inaccurate data
- Erase data (right to be forgotten — where applicable)
- Restrict processing
- Object to processing (e.g., direct marketing)
- Data portability
- Withdraw consent (where consent is the basis)
To exercise any right, contact us at info@gobespoke.co.uk. We usually respond within one month (free of charge unless manifestly unfounded/excessive).You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
10. Changes to this policy
We may update this policy from time to time. Changes will be posted here with an updated effective date. Continued use of the site after changes constitutes acceptance.
11. Contact us
For any privacy questions:
Email: info@gobespoke.co.uk
Post: [Your address]
Thank you for trusting us with your data.