top of page

Privacy Policy (Creating Legacies) 

Last updated: [13 February 2026] 

Creating Legacies “we” respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website, place an order, contact us, or otherwise interact with us. 

This policy is intended to meet the requirements of the UK GDPR, the EU GDPR (where applicable), and the UK Data Protection Act 2018. 

1) Who we are (Data Controller) 

Data Controller: Creating Legacies 
Business location: United Kingdom 
Contact email: [creatinglegacies25@gmail.com] 

If you have questions about this policy or want to exercise your rights, contact us using the details above. 


2) The personal data we collect 

We may collect and process the following categories of personal data: 

A. Identity & contact details 

  • Name 

  • Billing address and delivery address 

  • Email address 

  • Phone number (if provided) 

B. Account data (if you create an account) 

  • Login details (e.g., email + password). Passwords are stored using secure hashing and are not visible to us. 

C. Order and payment-related data 

  • Items purchased, order value, order history 

  • Payment status and transaction references 

We do not store full card details. Payments are processed by third-party payment providers. 

D. Communications 

  • Messages you send us (e.g., customer support emails, contact forms, social messages) 

  • Feedback, reviews, or survey responses (if you choose to provide them) 

E. Technical & usage data 

  • IP address, device type, browser type, operating system 

  • Pages visited, clickstream, time spent, referral URLs 
    This may be collected via cookies and similar technologies. 

F. Marketing preferences 

  • Whether you opted in/out of marketing 

  • Email engagement (e.g., opens/clicks), where supported by our email provider 


3) How we collect your personal data 

We collect personal data: 

  • Directly from you (e.g., checkout, account creation, contact forms) 

  • Automatically when you browse our website (e.g., cookies, analytics) 

  • From third parties involved in fulfilling orders (e.g., payment providers, delivery couriers) and marketing platforms (where you interact with our ads) 


4) Why we use your data (purposes and legal bases) 

Under UK/EU data protection law, we must have a lawful basis for using your personal data. 

We use personal data for: 

A. Processing and delivering orders 

  • To take payment, confirm orders, ship items, manage returns/refunds, and provide customer service 
    Legal basis: performance of a contract (order fulfilment) and legal obligation (records/tax) 

B. Account management 

  • To create and manage your account (if applicable) 
    Legal basis: performance of a contract / legitimate interests 

C. Customer support and communications 

  • To respond to enquiries, complaints, and product/size guidance 
    Legal basis: legitimate interests (supporting customers) / contract 

D. Website operation, security, and fraud prevention 

  • To keep the site secure and prevent fraudulent transactions 
    Legal basis: legitimate interests / legal obligation (where applicable) 

E. Analytics and site improvement 

  • To understand how visitors use our website and improve products and user experience 
    Legal basis: consent (where required for cookies/analytics) and/or legitimate interests (where permitted) 

F. Marketing 

  • To send marketing emails/SMS (where you opt in) and show you relevant ads 
    Legal basis: consent (for direct marketing where required) and legitimate interests (for certain non-intrusive marketing activities, subject to your rights) 

You can withdraw marketing consent at any time (see “Your rights” below). 


5) Cookies and similar technologies 

We use cookies and similar technologies to: 

  • Make our site work properly 

  • Remember your preferences 

  • Understand site performance (analytics) 

  • Support marketing/advertising (where used) 

Where required by law, we will ask for your consent before placing non-essential cookies on your device. 
For more details, see our Cookie Policy. 


6) Who we share your data with 

We share personal data only where necessary, including with: 

  • Payment providers (to process payments) 

  • E-commerce and website hosting providers (to run the website/store) 

  • Delivery and logistics partners (to ship orders) 

  • Email and marketing platforms (if you opt in or where permitted) 

  • Analytics providers (only where you consent/where permitted) 

  • Professional advisers (e.g., accountants, legal advisers) 

  • Authorities where required by law or to protect rights and safety 

All third parties are required to respect the security of your personal data and process it lawfully. 


7) International data transfers 

Some of our service providers may process personal data outside the UK/EEA (for example, in the United States). Where this happens, we ensure appropriate safeguards are in place, such as: 

  • UK International Data Transfer Addendum / UK IDTA 

  • EU Standard Contractual Clauses (SCCs) 

  • Other lawful transfer mechanisms permitted by law 

You can ask us for more information about these safeguards. 


8) Data security 

We use appropriate technical and organisational measures to protect your personal data, including: 

  • Encryption in transit (HTTPS) 

  • Access controls and least-privilege access 

  • Secure payment processing via third-party providers 

  • Monitoring and security measures designed to prevent unauthorised access 

No method of transmission or storage is 100% secure, but we work to protect your data appropriately. 


9) How long we keep your data (retention) 

We keep personal data only as long as necessary for the purposes described in this policy, including legal, accounting, and reporting requirements. 

Typical retention periods: 

  • Order and transaction records: usually up to 6 years (UK tax/accounting requirements may apply) 

  • Customer service communications: typically up to 24 months after resolution (unless needed longer) 

  • Marketing data: until you opt out or we determine it is no longer relevant 

  • Analytics/cookie data: according to our cookie settings and provider defaults 


10) Your rights (UK/EU) 

Depending on your location and applicable law, you may have the right to: 

  • Access your personal data 

  • Rectify inaccurate or incomplete data 

  • Erase your data (in certain circumstances) 

  • Restrict processing (in certain circumstances) 

  • Data portability (in certain circumstances) 

  • Object to processing based on legitimate interests and to direct marketing 

  • Withdraw consent at any time (where we rely on consent) 

  • Lodge a complaint with a supervisory authority 

UK supervisory authority: the Information Commissioner’s Office (ICO). 
If you are in the EU/EEA, you may also complain to your local data protection authority. 

To exercise rights, email: [creatinglegacies25@gmail.com]. 


11) Marketing preferences 

You can opt out of marketing at any time by: 

  • Using the unsubscribe link in marketing emails 

  • Changing your account preferences (if available) 

Opting out won’t affect service messages (e.g., order confirmations, delivery updates). 


12) Children’s privacy 

Our website is not intended for children and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps. 


13) Third-party links 

Our website may contain links to third-party websites (e.g., social platforms). We are not responsible for their privacy practices. Please review their policies before providing data. 


14) Changes to this Privacy Policy 

We may update this policy from time to time. We will post the latest version on our website and update the “Last updated” date above. 


15) Contact us 

For privacy questions or requests: 
Email: [creatinglegacies25@gmail.com] 
 

 

We aim to respond to all correspondence within 5 working days. 

bottom of page