Legal

Privacy Policy

Last updated: [Month Year] Applies to: etchfy.co.uk

Contents

  1. Who we are
  2. What data we collect
  3. How we use your data
  4. Legal basis for processing
  5. Who we share data with
  6. How long we keep your data
  7. Your rights
  8. Cookies
  9. Security
  10. Children
  11. Changes to this policy
  12. Contact & complaints
This policy is written in plain English.

We've tried to be clear about what we collect, why, and what you can do about it. If anything is unclear, contact us and we'll explain.

1. Who we are

Etchfy is a trading name operated by [Full legal name], based in Yorkshire, United Kingdom. We are the data controller for personal data collected through this website and in connection with orders placed with us.

Contact: [your email]
Address: [Your registered address]

We are registered with the Information Commissioner's Office (ICO) under reference number [ICO registration number, if applicable].

2. What data we collect

We collect personal data in the following ways:

When you place an order

  • Name and delivery address
  • Email address
  • Phone number (if provided)
  • Payment information (processed securely by our payment provider — we do not store full card details)
  • Personalisation details entered for your order (names, dates, messages, artwork)
  • Order history

When you contact us or submit an enquiry

  • Name and contact details
  • The content of your message or enquiry
  • Business name and details (for trade enquiries)

When you subscribe to our newsletter

  • Email address
  • Name (if provided)

When you browse our website

  • IP address and browser information (collected via cookies and analytics tools — see section 8)
  • Pages visited and time spent on site

3. How we use your data

Purpose Data used
Processing and fulfilling your order Name, address, email, payment details, personalisation content
Sending order confirmations and dispatch notifications Email address, order details
Handling returns, complaints, and customer service Name, email, order history
Responding to enquiries and quotes Name, contact details, enquiry content
Sending marketing emails (newsletter) Email address, name — only where you have opted in
Improving our website and services Anonymised analytics data
Complying with legal obligations (tax records, fraud prevention) Order and payment records

4. Legal basis for processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract: Processing your order, handling returns, and communicating about your purchase.
  • Legitimate interests: Responding to enquiries, improving our services, and preventing fraud.
  • Consent: Sending marketing emails — only where you have actively opted in. You can withdraw consent at any time.
  • Legal obligation: Retaining financial records for tax purposes.

5. Who we share data with

We do not sell your personal data. We share it only where necessary to operate our business:

  • Payment processors — e.g. [Stripe / PayPal / your payment provider] to process payments securely. They act as independent data controllers under their own privacy policies.
  • Delivery carriers — e.g. [Royal Mail / DPD / your carrier] — name and delivery address are shared to fulfil your order.
  • Email and marketing platforms — e.g. [Mailchimp / your provider] for transactional emails and newsletter distribution, where you have opted in.
  • Website analytics — e.g. [Google Analytics / your analytics tool], which collects anonymised browsing data to help us understand how the site is used.
  • Professional advisers — accountants and legal advisers, where necessary and under confidentiality obligations.

Where any third-party processor handles your data on our behalf, we ensure appropriate data processing agreements are in place.

We may also disclose your data if required to do so by law or in response to a valid request from a law enforcement authority.

6. How long we keep your data

Data type Retention period
Order records (name, address, order details) 6 years (HMRC requirement for financial records)
Customer enquiries and correspondence 2 years from last contact
Newsletter subscribers Until you unsubscribe
Website analytics data [X months — check your analytics tool settings]
Customer artwork and design files 12 months from last order (for reorder convenience), then deleted on request

After these periods, data is securely deleted or anonymised.

7. Your rights

Under UK GDPR, you have the following rights regarding your personal data.

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Ask us to correct inaccurate or incomplete data.

Right to erasure

Request deletion of your data, subject to legal obligations.

Right to restrict processing

Ask us to limit how we use your data in certain circumstances.

Right to portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests.

Marketing emails:

You can unsubscribe from our newsletter at any time by clicking the unsubscribe link in any email, or by contacting us directly.

8. Cookies

Our website uses cookies — small text files stored on your device — to make the site function correctly and to help us understand how it is being used.

We use the following types of cookies:

  • Essential cookies — required for the website to work (e.g. shopping basket, session management). These cannot be disabled.
  • Analytics cookies — used to collect anonymised information about how visitors use the site (e.g. [Google Analytics]). These help us improve the website.
  • Marketing cookies — [include only if applicable — e.g. used by Meta Pixel or Google Ads to measure the effectiveness of advertising campaigns].

When you first visit the site, you will be asked to consent to non-essential cookies. You can withdraw or change your consent at any time via the cookie settings [link to your cookie consent tool if applicable].

You can also manage or disable cookies through your browser settings. Note that disabling some cookies may affect how the website functions.

9. Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. These include secure connections (HTTPS), password-protected systems, and limiting access to personal data to those who need it to fulfil your order or provide customer service.

No method of transmission over the internet is completely secure. While we take all reasonable precautions, we cannot guarantee absolute security.

If we become aware of a data breach that is likely to affect your rights and freedoms, we will notify you and the ICO as required by law.

10. Children

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this privacy policy from time to time to reflect changes in how we operate or changes in law. The date at the top of this page shows when it was last updated.

Where changes are significant, we will make reasonable efforts to notify you — for example, by email if you are a subscriber, or by a notice on the website.

12. Contact & complaints

If you have any questions about this policy, or want to exercise your rights, contact us:

Email: [your email]
Address: [Your registered address]
Contact form: /contact

If you are not satisfied with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO website: ico.org.uk
ICO helpline: 0303 123 1113

We would always prefer to resolve any concerns directly before you approach the ICO, so please contact us first.

This policy was last updated in [Month Year]. It applies to all personal data collected through etchfy.co.uk and directly via Etchfy.

See also: