Privacy policy

Ember & Rose is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal information when you visit our website at emberandrose.com, place an order with us, or otherwise interact with us.

We will keep your personal data confidential at all times and only collect, use and store it in accordance with this Privacy Policy and the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. If you have any questions, please contact us at care@emberandrose.com.

Who We Are

The data controller responsible for your personal data is Ember & Rose.

Contact: care@emberandrose.com

What Personal Data We Collect

We may collect and process the following personal data about you:

  • Identity and contact data: your name, email address, delivery address, billing address, and telephone number.
  • Order and transaction data: details of products you have purchased, payment information (processed securely via our payment provider), and order history.
  • Account data: your username and password if you create an account on our website.
  • Marketing and communication data: your preferences for receiving marketing from us and your communication history with us.
  • Technical data: your IP address, browser type and version, device information, pages visited, and how you found our website.

We do not collect any special category data such as health, biometric, or financial data beyond what is necessary to process your payment.

How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you: when you place an order, create an account, sign up to our newsletter, contact us by email, or interact with our website.
  • Automatically: when you browse our website, we may collect technical data through cookies and similar technologies. Please see our Cookie section below for more information.

Legal Basis for Processing Your Data

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

  • Contract: processing is necessary to fulfil your order, manage your account, and provide our services to you.
  • Legitimate interests: we may process your data where it is in our legitimate business interests to do so, such as improving our website and products, preventing fraud, and ensuring the security of our systems, where these interests are not overridden by your rights.
  • Consent: where you have given us your consent to send you marketing communications. You may withdraw your consent at any time.
  • Legal obligation: where we are required by law to process your data.

How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and fulfil your orders, including arranging delivery and sending order confirmations and tracking information.
  • To manage your account and respond to your enquiries.
  • To send you marketing communications about our products, promotions, and brand updates by email, where you have consented or where you are an existing customer and have not opted out. You can unsubscribe at any time by clicking the link in any marketing email or by contacting us at care@emberandrose.com.
  • To improve and personalise your experience on our website.
  • To comply with our legal and regulatory obligations.
  • To detect and prevent fraud and protect the security of our website and services.

Sharing Your Personal Data

We do not sell your personal data to any third party. We may share your data with the following trusted third parties who act as data processors on our behalf:

  • Shopify Inc: our e-commerce platform provider, which hosts our website and processes orders. For more information, please see Shopify’s Privacy Policy at shopify.com/legal/privacy.
  • Payment processors: we use trusted third party payment providers to process your payment securely. We do not store your full payment card details.
  • Delivery partners: we share your name and delivery address with our courier partners solely for the purpose of delivering your order.
  • Email marketing platforms: where you have consented to receive marketing from us, your email address may be stored on a third party email marketing platform.

All third parties are required to process your data in accordance with UK GDPR and are only permitted to use your data for the specific purposes we instruct them.

International Data Transfers

Some of our third party service providers, including Shopify, may process your data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR, including adequacy decisions or standard contractual clauses.

If you would like more information about international transfers of your data, please contact us at care@emberandrose.com.

How Long We Keep Your Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

Order and transaction data is retained for 6 years in accordance with UK tax and accounting obligations.

Marketing data is retained until you unsubscribe or withdraw your consent. You may request deletion of your data at any time by contacting us at care@emberandrose.com.

Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse website traffic, and personalise content.

Essential cookies are necessary for the website to function and cannot be switched off. Analytical and marketing cookies are only placed where you have given your consent via our cookie banner.

You can manage your cookie preferences at any time through your browser settings or by revisiting our cookie banner. Disabling certain cookies may affect the functionality of our website.

Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: you have the right to request a copy of the personal data we hold about you.
  • Right to rectification: you have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure: you have the right to ask us to delete your personal data in certain circumstances.
  • Right to restriction: you have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Right to data portability: you have the right to request that we transfer your personal data to you or a third party in a structured, commonly used, machine readable format.
  • Right to object: you have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis, including for direct marketing purposes.
  • Right to withdraw consent: where we process your data on the basis of consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at care@emberandrose.com. We will respond to your request within one month. There is no charge for making a request.

Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office.

ICO website: ico.org.uk
ICO helpline: 0303 123 1113

Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. All payment information is encrypted during transmission. However, no method of transmission over the internet is completely secure, and we cannot guarantee the absolute security of your data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on our website. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Ember & Rose
[Company Address]
United Kingdom
Email: care@emberandrose.com