Privacy Policy – QuirkyTweed.com

1. Data Controller
QuirkyTweed.com, operating under UK data protection laws, serves as the data controller for your personal information.

2. Information We Collect
a) Personal Data:

  • Identity (name, title)
  • Contact (email, shipping/billing addresses)
  • Payment details (processed securely via PCI-compliant providers)
  • Size preferences and purchase history

b) Technical Data:

  • IP addresses
  • Browser type/version
  • Time zone and location
  • Cookie data (see Section 7)

3. Legal Basis for Processing
We process data based on:

  • Contractual necessity (order fulfillment)
  • Legitimate business interests
  • Legal compliance (tax/VAT)
  • Consent (for marketing communications)

4. How We Use Your Data
Primary purposes include:

  • Processing transactions
  • Personalizing shopping experience
  • Fraud prevention
  • Improving our services
  • Complying with legal obligations

5. Data Sharing
Limited to:

  • Payment processors (Stripe, PayPal)
  • Shipping carriers (DHL, Royal Mail)
  • IT service providers (under strict confidentiality)
  • Legal authorities when required

6. International Transfers
Data may be transferred outside the UK with appropriate safeguards:

  • EU Standard Contractual Clauses
  • UK Adequacy Decisions
  • Binding Corporate Rules

7. Cookies & Tracking Technologies
Essential cookies:

  • Shopping cart functionality
  • User authentication
    Analytical cookies:
  • Google Analytics (anonymized)
    Marketing cookies:
  • Only with explicit consent

8. Data Retention Periods

  • Active customer data: 5 years from last interaction
  • Financial records: 7 years (HMRC requirement)
  • Marketing consent: 2 years before re-permissioning

9. Your Rights
Under UK GDPR, you may:

  • Request access to your data
  • Rectify inaccurate information
  • Erase personal data (“right to be forgotten”)
  • Restrict processing
  • Object to direct marketing
  • Request data portability

10. Security Measures
We implement:

  • TLS 1.2 encryption
  • Regular penetration testing
  • Role-based access controls
  • Secure data centers with 24/7 monitoring

11. Children’s Privacy
We do not knowingly collect data from users under 16. Parents/guardians may contact us to remove accidental collections.

12. Third-Party Links
Our site may contain links to other websites with independent privacy policies.

13. Policy Updates
Notification method for material changes:

  • Website banner notification
  • Email to active customers
  • Updated revision date below

14. Contact Information
For data protection inquiries:

  • Email: [[email protected]]
  • Postal: Data Protection Officer, Quirky Tweed Ltd [Company Number]

15. Complaint Resolution
You have the right to lodge complaints with:
UK Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF