Privacy policy

PRIVACY POLICY

Last Updated: 17-03-2026

1. Who We Are

This website is operated by:

Edith & Mae
Legal Entity: BelleYork
Company Registration Number (if applicable): 
VAT Number (if applicable): [Insert]
Email: contact@edithandmae.co.uk

For the purposes of UK data protection law, we are the Data Controller of your personal data.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website

  • Customers who place orders

  • Individuals who contact customer support

  • Individuals who subscribe to marketing communications

We comply with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR)

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Data

  • Full name

  • Billing address

  • Delivery address

  • Email address

  • Telephone number

Transaction Data

  • Order details

  • Payment confirmations

  • Purchase history

Technical & Usage Data

  • IP address

  • Browser type

  • Device type

  • Referring website

  • Pages viewed

  • Cart activity

Marketing Data

  • Email subscription preferences

  • Interaction with marketing emails

  • Ad interaction data

We do not store full credit card details. Payment data is processed securely by third-party payment providers.

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

Contractual Necessity

To process and fulfil your order.

Legal Obligation

To comply with tax, accounting, and fraud prevention laws.

Legitimate Interests

To:

  • Improve our website and services

  • Prevent fraud and abuse

  • Protect our business

  • Defend against chargebacks or disputes

Consent

Where required (e.g., marketing emails, non-essential cookies).

5. How We Use Your Data

We use personal data to:

  • Process and deliver orders

  • Verify transactions

  • Prevent fraudulent activity

  • Respond to customer enquiries

  • Improve product offerings

  • Analyse performance and website usage

  • Send marketing communications (if opted in)

  • Defend against payment disputes and chargebacks

We reserve the right to retain transaction data where necessary to protect our legal rights.

6. Fraud Prevention & Chargeback Protection

To protect our business and customers, we may:

  • Store transaction logs

  • Retain proof of delivery

  • Retain IP address and device information

  • Share necessary data with payment processors for dispute resolution

This processing is based on legitimate interest and legal obligation.

7. Sharing Your Data

We may share personal data with trusted service providers, including:

  • Shopify (e-commerce platform provider)

  • Payment processors

  • Shipping carriers

  • Email marketing providers

  • Analytics providers

  • Advertising platforms (Meta, Google, etc.)

  • Fraud detection services

These providers process data under contractual safeguards.

We do not sell personal data.

8. International Data Transfers

Some service providers may process data outside the UK.

Where data is transferred internationally, we ensure appropriate safeguards, including:

  • UK-approved Standard Contractual Clauses

  • Adequacy decisions

  • Contractual data protection measures

9. Data Retention

We retain personal data only as long as necessary:

  • Order and transaction data: minimum 6 years (tax/legal compliance)

  • Fraud prevention data: as required for dispute defence

  • Marketing data: until you unsubscribe

  • Support correspondence: as necessary for service and dispute resolution

10. Your Rights Under UK GDPR

You have the right to:

  • Access your data

  • Request correction

  • Request erasure

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent at any time

Requests can be made via contact@edithandmae.co.uk

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO):

https://www.ico.org.uk

11. Cookies & Tracking Technologies

We use cookies for:

  • Essential site functionality

  • Cart and checkout processes

  • Analytics

  • Advertising and retargeting

Non-essential cookies are deployed only with user consent via our cookie banner.

Users may manage cookie preferences through browser settings or our consent tool.

12. Data Security

We implement appropriate technical and organisational measures to safeguard personal data, including:

  • Secure hosting environments

  • Encrypted data transmission (SSL)

  • Restricted internal access

  • Payment processor security standards

However, no internet transmission is 100% secure.

13. Third-Party Links

Our website may contain links to third-party websites.
We are not responsible for their privacy practices.

14. Updates to This Policy

We may update this Privacy Policy periodically.
The latest version will always be available on our website.

15. Contact

If you have any questions about this Privacy Policy or your data:

contact@edithandmae.co.uk