Privacy Policy

1. Introduction

This Privacy Policy explains how Craftishly Ltd collects, uses, stores, and shares your personal information when you visit our website, place an order, create an account, contact us, attend an event, or otherwise interact with our products and services.

Craftishly Ltd is a company registered in England and Wales under company number 14424007 and is the data controller responsible for your personal information.

Our online store is powered by Shopify, which provides the ecommerce platform that enables us to offer products and services to customers. By using our website and services, you acknowledge that you have read and understood this Privacy Policy.

2. Personal Information We Collect

We may collect and process the following categories of personal information:

Contact Information

  • Name
  • Billing address
  • Shipping address
  • Email address
  • Telephone number

Account Information

  • Username
  • Password
  • Account preferences and settings

Order and Transaction Information

  • Products viewed
  • Basket contents
  • Wishlist items
  • Orders placed
  • Returns and exchanges
  • Purchase history

Payment Information

Payment information is processed securely through Stripe and Shopify Payments where applicable. We do not store or have access to your full payment card details.

We may receive limited payment-related information such as payment status, transaction references, and billing information required to process orders.

Communications

Information contained in enquiries, support requests, reviews, feedback, messages, and other communications with us.

Technical Information

  • IP address
  • Browser type
  • Device information
  • Operating system
  • Network information
  • Website usage information
  • Cookies and similar technologies

Event and In-Person Sales Information

If you provide personal information at events, exhibitions, markets, workshops, or other in-person sales locations, that information will be collected, processed, and stored in accordance with this Privacy Policy.

3. How We Collect Information

We collect information:

Directly From You

When you:

  • Place an order
  • Create an account
  • Subscribe to marketing communications
  • Contact us
  • Submit reviews or feedback
  • Participate in events or promotions

Automatically

When you use our website through:

  • Cookies
  • Analytics tools
  • Device identifiers
  • Server logs
  • Website tracking technologies

From Service Providers

We may receive information from service providers who help us operate our business, including payment processors, shipping providers, fraud prevention services, and Shopify.

4. Legal Basis for Processing

Under UK GDPR, we process personal information on one or more of the following legal bases:

Contractual Necessity

To fulfil our contract with you, including:

  • Processing orders
  • Taking payments
  • Delivering products
  • Managing returns and refunds
  • Providing customer support

Legal Obligations

To comply with legal and regulatory requirements, including:

  • Accounting obligations
  • Tax requirements
  • Fraud prevention obligations
  • Consumer protection laws

Legitimate Interests

Where necessary for our legitimate business interests, including:

  • Website administration
  • Fraud prevention
  • Security monitoring
  • Business management
  • Improving products and services
  • Analytics and performance monitoring

Consent

Where required by law, including:

  • Marketing communications
  • Certain cookies and tracking technologies

You may withdraw consent at any time where processing is based on consent.

5. How We Use Your Information

We use personal information to:

  • Process and fulfil orders
  • Arrange delivery
  • Manage returns, refunds, and exchanges
  • Communicate with you regarding orders
  • Provide customer support
  • Improve website functionality and performance
  • Personalise your shopping experience
  • Prevent fraud and unlawful activity
  • Maintain website security
  • Comply with legal obligations
  • Send marketing communications where you have consented

6. How We Share Information

We do not sell your personal information. We may share personal information with:

Shopify

Our ecommerce platform provider, which hosts and operates our online store.

Payment Providers

Including Stripe and any other payment providers available through our checkout process.

Delivery Providers

Including Royal Mail, DPD, Evri, and other courier or postal services used to fulfil orders.

Technology and Service Providers

Including:

  • Shopify
  • Website hosting providers
  • Security providers
  • IT support providers
  • Analytics providers
  • Cloud storage providers
  • Email marketing providers
  • and other service providers necessary for operating our business.

Professional Advisers

Including accountants, insurers, legal advisers, and auditors where required.

Government Authorities

Where required by law, regulation, court order, or lawful request.

7. Relationship With Shopify

Our store is hosted by Shopify.

Shopify collects and processes personal information to provide and improve the ecommerce services used by our store. Information you provide may be shared with Shopify and Shopify's service providers, some of whom may process information outside the United Kingdom.

For more information about Shopify's privacy practices, please review Shopify's Privacy Policy.

8. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Enable website functionality
  • Process orders
  • Maintain shopping carts
  • Remember preferences
  • Analyse website performance
  • Improve user experience
  • Support marketing activities where consent has been provided

Some cookies are essential for the operation of the website and cannot be disabled. Non-essential cookies will only be placed on your device where you have provided consent through our cookie preferences tool. You can also control cookies through your browser settings.

9. Third-Party Websites

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party websites. We encourage you to review their privacy policies before providing personal information.

10. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations.

Retention periods may include:

  • Order and accounting records: generally up to 6 years
  • Customer service records: as reasonably required
  • Marketing consent records: until consent is withdrawn or no longer required
  • Website security records: as reasonably required for security and fraud prevention purposes

When personal information is no longer required, it will be securely deleted or anonymised.

11. International Transfers

Some of our service providers, including Shopify, may process personal information outside the United Kingdom.

Where personal information is transferred internationally, we rely on our service providers to implement appropriate safeguards in accordance with applicable data protection laws. These safeguards may include Standard Contractual Clauses, UK International Data Transfer Agreements, adequacy regulations, or other lawful transfer mechanisms as appropriate.

For further information about Shopify's international data transfers and privacy practices, please refer to Shopify's Privacy Policy.

12. Your Rights

Under UK GDPR, you may have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of personal information
  • Restrict processing
  • Object to processing
  • Request portability of your information
  • Withdraw consent where processing is based on consent

These rights may be subject to legal limitations and exemptions. To exercise your rights, please contact us using the Contact Us form on our website.

13. Children's Information

Our website and services are not intended for children. We do not knowingly collect personal information from children under the age of 16.

If you believe a child has provided personal information to us, please contact us and we will investigate and, where appropriate, delete the information.

14. Security

We take reasonable technical and organisational measures to protect personal information from unauthorised access, disclosure, alteration, misuse, or loss. However, no system can guarantee absolute security and you provide information at your own risk.

15. Complaints

If you have concerns regarding how we handle your personal information, please contact us first using the Contact Us form on our website. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Website: https://ico.org.uk

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, business practices, or services. Updated versions will be published on this page and will take effect from the date shown at the bottom of the policy. We recommend reviewing this Privacy Policy periodically.

17. Contact Us

For questions regarding this Privacy Policy or to exercise your data protection rights, please contact us using the Contact Us form available on our website.

Data Controller:
Craftishly Ltd
Company Number: 14424007
England and Wales

(Last Updated: 30 May 2026)