Logo

Privacy Policy

Last Updated: October 18, 2025

Company Name: Ceylon Shop (Your Company Name)
Company Number: 15394969
VAT Number: GB482280192
Registered in: England and Wales
Governing Law: United Kingdom

1. Introduction

This Privacy Policy explains how we ("we", "us", or "our") collect, use, disclose, and safeguard your personal information when you visit our website or make a purchase from us.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when you:

  • Create an account (name, email address, password, phone number)
  • Place an order (billing address, delivery address, payment information, UK postcode)
  • Contact customer service (name, email, phone number, message content)
  • Sign up for marketing communications (email address, preferences)
  • Participate in surveys or promotions

2.2 Information Automatically Collected

When you visit our website, we automatically collect:

  • Log information (IP address, browser type, operating system)
  • Device information (device type, unique device identifiers)
  • Usage data (pages visited, time spent, links clicked)
  • Cookies and similar tracking technologies

2.3 Information from Third Parties

We may receive information from:

  • Payment processors (Stripe - transaction details, payment status)
  • Delivery services (Royal Mail - tracking information)
  • Social media platforms (if you log in using Google or Facebook)

3. How We Use Your Information

We use your personal information for:

  • Order Processing: To process and fulfill your orders, including payment processing and Royal Mail delivery
  • Account Management: To create and manage your account
  • Customer Service: To respond to your inquiries and provide support
  • Marketing Communications: To send promotional emails (with your consent)
  • Legal Compliance: To comply with UK tax and accounting requirements (6-year retention)
  • Fraud Prevention: To detect and prevent fraudulent transactions
  • Website Improvement: To analyze usage and improve our services

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing is necessary to fulfill our contract with you (orders, delivery)
  • Legal Obligation: Processing is required by UK law (tax records, consumer rights)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (fraud prevention, analytics)
  • Consent: You have given clear consent for marketing communications

5. Information Sharing and Disclosure

5.1 Service Providers

We share your information with:

  • Payment Processors: Stripe for secure payment processing
  • Delivery Services: Royal Mail for order fulfillment
  • Email Services: For sending order confirmations and marketing emails
  • Web Hosting: For website infrastructure

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and login status
  • Maintain your shopping cart
  • Analyze website traffic and user behavior
  • Provide personalized content

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features.

7. Data Security

We implement appropriate technical and organizational measures:

  • SSL/TLS encryption for data transmission
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication
  • Payment data handled by PCI-DSS compliant processors (Stripe)

8. Data Retention

We retain your personal information:

  • Order Information: 6 years (UK tax and accounting requirements)
  • Account Information: Until you request deletion or close your account
  • Marketing Data: Until you unsubscribe or withdraw consent
  • Website Analytics: Up to 26 months

9. Your Rights Under UK GDPR

You have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests or marketing
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, please contact us using the details below.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Transfers

Your data is primarily processed and stored within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place through standard contractual clauses or adequacy decisions.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices:

Company Number: 15394969
VAT Number: GB482280192
Email: Contact us via our website contact form

14. Complaints

If you believe we have not complied with UK data protection law, you have the right to lodge a complaint with:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: https://ico.org.uk