Privacy Policy

Section 1 – What Do We Do With Your Information?

When you purchase something from our store, we collect the personal information you provide as part of the buying and selling process, such as your name, billing address, shipping address, email address, and phone number.

When you browse our store, we automatically receive your device's Internet Protocol (IP) address to help us learn about your browser, operating system, and interaction with our website.

We may collect additional information such as:

• Order history
• Communication history
• Marketing preferences
• Device and usage data

Email marketing:

With your permission, we may send you emails about our products, new collections, special offers, and other updates. You may unsubscribe at any time.

Section 2 – Legal Basis & Consent

We collect and process your personal information on the following bases:

• To perform a contract (processing orders, shipping, customer support)
• To comply with legal obligations
• With your consent (marketing communications)
• For legitimate business interests (analytics, fraud prevention, service improvement)

When you provide personal information to complete a transaction, verify your payment method, place an order, arrange delivery, or request a return, you consent to us collecting and using it for that purpose.

If we request your information for marketing purposes, we will either ask for explicit consent or provide you the opportunity to opt out.

You may withdraw your consent at any time by contacting:

📧 support@nancyandwren.co.uk

Section 3 – Disclosure of Information

We may disclose your personal information:

• If required by law
• To comply with legal processes
• To enforce our Terms of Service
• To protect our legal rights

We do not sell your personal data.

Section 4 – Shopify Hosting

Our store is hosted by Shopify Inc., which provides the e-commerce platform that enables us to sell products to you.

Your data is stored through Shopify's secure data storage systems and databases, protected by firewalls and encryption.

For more information, please review Shopify's policies:

• https://www.shopify.com/legal/terms
• https://www.shopify.com/legal/privacy

Section 5 – Payment Processing

If you choose a direct payment gateway to complete your purchase, your payment data is processed securely via PCI-DSS compliant providers.

Payment data is encrypted and stored only as long as necessary to complete the transaction.

We do not store full credit card details on our own servers.

Section 6 – Third-Party Services

We may share your data with trusted third parties strictly to perform services on our behalf, including:

• Payment processors
• Shipping and logistics providers
• Fraud prevention services
• Marketing platforms
• Analytics providers

These third parties only receive the information necessary to perform their services and are required to protect your information.

Some providers may be located in jurisdictions outside the United Kingdom. Your data may therefore be transferred internationally. Where this happens, we take steps to ensure your information is protected in accordance with UK data protection law.

Section 7 – Analytics & Advertising

We use Google Analytics and similar tools to understand how visitors use our website.

These tools may collect:

• IP address
• Device type
• Pages visited
• Time spent on site
• Referring websites

We may also use advertising platforms such as Meta (Facebook/Instagram) and Google Ads for marketing and retargeting purposes.

You may have the right to object to certain data uses, including targeted advertising. You can manage your preferences through our cookie banner or by contacting us.

Section 8 – Cookies

We use cookies to:

• Keep our website functional
• Remember your preferences
• Analyse traffic
• Improve marketing performance

Information about Shopify cookies can be found at:

• https://www.shopify.com/legal/cookies

You can control cookies through your browser settings or via our cookie banner when visiting our website.

Section 9 – Security

We take reasonable precautions and follow industry best practices to protect your personal information.

Security measures include:

• SSL encryption
• Secure servers
• Access restrictions
• PCI-DSS compliance

Section 10 – Data Retention

We retain personal information only as long as necessary to:

• Fulfil orders
• Provide customer service
• Comply with legal obligations
• Resolve disputes

Section 11 – Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have rights regarding your personal information, including the right to:

• Access your personal information
• Request deletion
• Correct inaccurate data
• Object to or restrict certain data uses
• Withdraw consent
• Data portability

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise your rights, contact:

📧 support@nancyandwren.co.uk

Section 12 – International Data Transfers

Because we operate internationally, your information may be transferred to and processed in countries outside the United Kingdom. Where we do this, we ensure appropriate safeguards are in place in line with UK data protection law.

Section 13 – Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes take effect immediately upon posting.

If you have any questions about this Privacy Policy, please contact us at support@nancyandwren.co.uk.