Privacy Policy

This privacy policy explains how we collect, use, store, and share your personal data when you visit or make a purchase from our website. It applies to all customers, visitors, and users of our online store.

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Personal Data We Collect

3.1 Information You Provide

When you use our website, create an account, or place an order, we may collect:

• Name and title
• Email address, phone number, and postal address (billing and delivery)
• Account login credentials (email and encrypted password)
• Order history and product preferences

3.2 Payment Information

We collect payment details necessary to process your transactions. Card payments are processed securely by our payment provider and we do not store full card numbers on our systems. We may retain partial card details (e.g. last four digits) for reference purposes only.

3.3 Automatically Collected Data

When you browse our website, we automatically collect certain technical data including:

• IP address and browser type
• Pages visited and time spent on each page
• Referring website and search terms used
• Device type, operating system, and screen resolution
• Cookie identifiers and session data

4. Cookies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small files placed on your device that help us recognise you and remember your preferences.

We use the following types of cookies:

• Essential cookies – required for the website to function (e.g. shopping basket, login session). These cannot be disabled.
• Analytics cookies – help us understand how visitors use our site so we can improve it (e.g. Google Analytics). These are only set with your consent.
• Preference cookies – remember your settings such as language or currency.

You can manage or withdraw your consent to non-essential cookies at any time through our cookie banner or your browser settings. Please note that disabling some cookies may affect your experience on the site.

5. How We Use Your Personal Data

We use your data only where we have a lawful basis to do so under UK GDPR. Our purposes and legal bases are:

• To process and fulfil your orders – necessary for the performance of a contract.
• To manage your account and provide customer support – necessary for the performance of a contract.
• To send transactional emails (order confirmation, dispatch notifications, returns) – necessary for the performance of a contract.
• To process payments and prevent fraud – necessary for the performance of a contract and our legitimate interest in protecting our business.
• To analyse website usage and improve our service – our legitimate interest in developing and improving our website.
• To send marketing emails or promotions – only where you have given us your explicit consent, or where permitted under the soft opt-in rule for existing customers.
• To comply with legal obligations (e.g. tax records, fraud prevention) – legal obligation.

You may withdraw consent for marketing at any time by clicking ‘unsubscribe’ in any of our emails or contacting us directly.

6. Sharing Your Personal Data

We do not sell your personal data to third parties. We may share your data with trusted service providers who assist us in operating our website and fulfilling orders:

• Shipping and fulfilment partners – to deliver your orders (they receive only the information necessary to complete delivery, such as your name and delivery address).
• Analytics providers – such as Google Analytics, which may process anonymised browsing data to help us understand site usage. Google Analytics data is processed in accordance with Google’s privacy policy and may involve transfers to the USA under appropriate safeguards.
• Payment processors – to securely handle card transactions. They are independently data controllers and subject to their own privacy policies.

All third parties we work with are contractually required to keep your data secure and to use it only for the purposes we specify. Where required, we have Data Processing Agreements in place.

We may also disclose your data where required by law, court order, or to protect our legal rights.

7. International Data Transfers

Some of our third-party providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses (SCCs) or transfers to countries with an adequacy decision from the UK Information Commissioner’s Office (ICO).

8. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations. Our standard retention periods are:

• Order and transaction records – 7 years (required for UK tax and accounting obligations).
• Account data – for the duration your account is active, plus 2 years after account closure.
• Analytics data – up to 26 months (anonymised).
• Marketing consent records – until you withdraw consent, plus 3 years for audit purposes.

9. Your Rights Under UK GDPR

As a UK data subject, you have the following rights regarding your personal data:

• Right of access – to request a copy of the personal data we hold about you.
• Right to rectification – to ask us to correct inaccurate or incomplete data.
• Right to erasure – to request that we delete your data in certain circumstances.
• Right to restrict processing – to ask us to pause processing of your data.
• Right to data portability – to receive your data in a structured, machine-readable format.
• Right to object – to object to processing based on legitimate interests or for direct marketing.
• Rights related to automated decision-making – we do not currently make solely automated decisions that produce significant effects on individuals.

To exercise any of these rights, please contact us at privacy@yourwebsite.co.uk. We will respond within one calendar month. We may need to verify your identity before fulfilling your request.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

10. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include SSL/TLS encryption for data in transit, access controls, and regular security reviews.

However, no method of internet transmission is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO as required by law.

11. Children’s Privacy

Our website is not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by email or by posting a notice on our website. The date at the top of this page shows when the policy was last updated.

We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or the way we handle your personal data, please get in touch:

• Email: info@pacha-mama.co.uk
• Post: 17 Church St, Macclesfield, Cheshire, England, SK11 6LB

We aim to respond to all enquiries within 7 working days.