PRIVACY POLICY

1. INTRODUCTION

String Dolls (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard your personal data when you visit our website or use our services. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant UK data protection laws.

2. DATA WE COLLECT

We may collect and process the following data:

• Personal Information: Name, email address, contact information, and delivery address when you submit inquiries via our contact forms or place orders through our website.
• Transaction Data: Details about purchases and payments processed through our WooCommerce system.
• Website Usage Data: Information about how you use our website, including pages visited and time spent on the site, collected via Google Analytics with anonymised IP addresses.
• Technical Data: Anonymised IP addresses, browser type, operating system, and device information collected through Cloudflare and other security services.
• Cookies and Similar Technologies: Information collected through cookies to improve your browsing experience and the functionality of our website.

2.1 COOKIES

Our website uses cookies and similar technologies. Cookies are small text files that are placed on your device when you visit our website. We use the following types of cookies:

• Necessary cookies: These cookies are essential for the website to function properly and cannot be disabled in our systems. They include cookies needed for shopping cart functionality, security, and basic website operations.
• Analytics cookies: We use Google Analytics with anonymised IP addresses to count visits, traffic sources, and site performance. These cookies do not share data with other Google services and are set to respect your privacy.
• Functionality cookies: These cookies enable the website to provide enhanced functionality and personalisation.
• E-commerce cookies: WooCommerce sets cookies necessary for the shopping experience, including remembering items in your cart.

You can control and/or delete cookies as you wish through your browser settings. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit our site, and some services and functionalities may not work.

3. HOW WE USE YOUR DATA

We use your personal data for the following purposes:

• To process and fulfil your orders, including payment processing and delivery through WooCommerce.
• To respond to your inquiries via contact forms.
• To maintain and improve our website functionality and user experience.
• To ensure website security and performance through services like Wordfence Security and Cloudflare.
• To analyse website traffic patterns and user behaviour through anonymised Google Analytics data.
• To communicate with you regarding your orders and services via Zoho Mail.

4. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds:

• Contract: Processing necessary for the performance of a contract with you (e.g., to fulfil your orders and provide our services).
• Consent: When you explicitly provide us with your personal data through contact forms or cookie consent mechanisms.
• Legitimate Interests: For ensuring the security of our website, improving our services, and analysing anonymised website traffic.
• Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject under UK law.

5. THIRD-PARTY SERVICES AND INTERNATIONAL DATA TRANSFERS

We use third-party services to provide functionality and ensure the security of our website. These services may collect personal data. Below are the services we use, along with links to their privacy policies:

• WooCommerce: For e-commerce functionality (WooCommerce Privacy Policy)
• Zoho Mail: For communication services (Zoho Privacy Policy)
• Cloudflare: For website performance and security (Cloudflare Privacy Policy)
• Google Analytics (via Google Tag Manager): For anonymised website traffic analysis (Google Privacy Policy)
• Google Fonts: For website typography (Google Privacy Policy)
• Wordfence Security: For website security and protection (Wordfence Privacy Policy)

Some of these third-party service providers may be based outside the United Kingdom. For services that may transfer data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, such as International Data Transfer Agreements, UK Addendums to EU Standard Contractual Clauses, or adequacy decisions issued by the UK government.

6. DATA SECURITY

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. We implement:

• Encryption technologies for data transmission and payment processing.
• Access controls to limit data access to authorised personnel.
• Regular security assessments and updates.
• Regular security training for our staff.

7. DATA RETENTION

We retain personal data only for as long as necessary for the purposes set out in this policy or as required by law. Our specific retention periods are as follows:

• Order information and transaction data: 6 years from the date of transaction (as required by UK tax regulations).
• Contact form submissions and email correspondence: 2 years from the date of last contact.
• Website analytics data: 26 months from collection (anonymised).
• Server logs and security-related data: 12 months from collection.
• Customer accounts: Active until you request deletion, after which order history is retained for 6 years for tax purposes with personal identifiers removed.

These retention periods may be extended if your data is necessary for the establishment, exercise, or defence of legal claims, or if required by applicable laws. When your personal data is no longer required, we will securely delete or anonymise it.

8. YOUR RIGHTS

Under UK data protection law, you have the following rights:

• Right to Access: Request access to your personal data.
• Right to Rectification: Correct any inaccuracies in your data.
• Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
• Right to Restriction of Processing: Request restriction of processing of your data.
• Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to the processing of your data.
• Right to Not Be Subject to Automated Decision-making: Including profiling, which produces legal effects concerning you.
• Right to Withdraw Consent: Withdraw your consent at any time where we are relying on consent to process your personal data.

To exercise these rights, please contact us at [INSERT EMAIL ADDRESS].

9. CHANGES TO THIS POLICY

We may update this privacy policy from time to time to reflect changes in technology, legislation, or our data practices. Any changes will be posted on this page, and if significant changes are made, we will provide a more prominent notice on our website.

10. CONTACT US

If you have any questions or concerns about this privacy policy or how we handle your personal data, please contact us at:

String Dolls Admin
Email: info@stringdolls.uk
Address: Main St, Pocklington, York YO42 4RW, United Kingdom

If you wish to exercise any of your rights under data protection legislation or have any questions about this policy, please email us with the subject line “Data Protection Request.”

You also have the right to lodge a complaint with the UK data protection authority:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Last updated: February 26, 2025