1. Introduction

This Privacy Policy explains how Harry & Rose collects, processes and protects personal data in accordance with the UK GDPR, the Data Protection Act 2018, and other applicable laws.

By using the Website, you consent to the data practices described herein.

2. Data Controller

Harry & Rose is the Data Controller for all personal information processed through the Website.

3. Personal Data We Collect

We may collect and process:

• Identity Data – name, date of birth (if provided)
• Contact Data – email, phone number, address
• Billing and Transaction Data
• Technical Data – IP address, browser type, device identifiers
• Usage Data – pages visited, interactions, session duration
• Marketing Preferences
• Order History

We do not knowingly collect data from children nor process special category data.

4. Lawful Basis for Processing

Data is processed under one or more of the following lawful bases:

• Consent (e.g., email marketing)
• Contractual necessity (e.g., delivering your order)
• Legal obligations (e.g., accounting records)
• Legitimate interests (e.g., site improvement, fraud prevention)

5. How We Use Your Data

We may use your data to:

• Process and fulfil orders
• Deliver customer service and support
• Provide shipping notifications
• Improve Website functionality
• Customise your browsing experience
• Send marketing communications (where consent is provided)
• Comply with legal and regulatory requirements

6. Sharing Your Information

We may share data with:

• Payment processors
• Delivery couriers
• IT and hosting providers
• Analytics services
• Legal or regulatory bodies where required

We do not sell personal information.

7. International Transfers

Where data is transferred outside the UK, we ensure:

• Adequacy regulations, or
• Standard contractual clauses, or
• Other valid GDPR-compliant safeguards

8. Data Security

We implement:

• Encryption
• Secure server technology
• Access controls
• Regular monitoring and audits

9. Data Retention

Personal data is retained only for as long as necessary to fulfil contractual or legal requirements, after which it is securely deleted.

10. Your Rights

Under GDPR you have the right to:

• Access your data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent

Requests can be made via info@harryandrose.com