Introduction

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and your rights. It applies to https://bowlsandpaws.co.uk and our online store.

Who we are and contact details

We process personal data under UK GDPR and the Data Protection Act 2018.

What data we collect

  • Account and profile: Name, email, password, optional profile details.
  • Orders and fulfilment: Name, email, phone, billing and shipping address, order details, delivery notes, purchase history.
  • Payments: We do not store full card numbers or CVV; payment processors handle this securely.
  • Communications: Messages via contact forms, email, chat, reviews, and support tickets.
  • Comments: Data shown in the comments form, IP address, and browser user agent to help spam detection; Gravatar hash may be sent to check if you use the service.
  • Media uploads: Images you upload. Images may contain embedded location data (EXIF).
  • Technical data: IP address, browser type/version, device identifiers, pages viewed, time on page, referral source, and cookie identifiers.
  • Marketing preferences: Newsletter opt-ins, campaign interactions, and consent records.

How and why we use your data

  • To provide and deliver services: Process orders, take payment, arrange shipping, handle returns and customer service.
  • To manage your account: Authentication, preferences, saved addresses, order history.
  • To communicate: Order updates, service notices, responses to inquiries, and requested marketing.
  • To improve the site and store: Security, performance, analytics, A/B testing, troubleshooting.
  • To comply with law: Accounting, tax, fraud prevention, and regulatory requests.

Lawful bases for processing

  • Contract: Processing orders, account management, customer service.
  • Consent: Optional marketing emails, non-essential cookies. You can withdraw consent at any time.
  • Legitimate interests: Site security, basic analytics, preventing fraud, improving user experience (balanced against your rights).
  • Legal obligation: Record-keeping for tax and accounting, responding to lawful requests.

Cookies and similar technologies

We use cookies to operate the site and store. You can control cookies via your browser settings and the on-site cookie banner. Disabling essential cookies may affect site functionality.

WordPress cookies

  • Comment convenience:
    • Purpose: Remember your details when commenting.
    • Duration: Up to 1 year.
  • Login/session:
    • Purpose: Determine if your browser accepts cookies; manage login and screen options.
    • Duration: Temporary test cookie (deleted on close), login cookies (2 days), “Remember Me” (2 weeks), screen options (1 year).
  • Editor cookies:
    • Purpose: Store post ID when editing/publishing.
    • Duration: 1 day.

WooCommerce cookies

  • Store/cart functionality:
    • Purpose: Track items in your cart and session.
    • Typical cookies: woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_, store_notice.
    • Duration: Session to 2 days (session ID up to 48 hours).
  • Checkout and account:
    • Purpose: Maintain checkout flow, logged-in status, saved addresses.
    • Duration: Session to 1 year.
  • Abandoned carts:
    • Purpose: Recover carts via email where consent/legitimate interest applies.
    • Duration: Up to 3 months.

Analytics and performance

  • Basic site analytics:
    • Purpose: Understand site usage to improve services.
    • Duration: Depends on provider; typical retention 14–26 months.
  • Consent:
    • Purpose: Non-essential analytics and marketing cookies are set only with your consent via the banner.

Embedded content and third parties

Articles may include embedded content (e.g., videos, images, articles). Embedded content behaves as if you visited the other site, which may collect data, use cookies, add third-party tracking, and monitor interactions if you’re logged in to their service.

We share data only as needed to provide services:

  • Payment processors:
    • Purpose: Securely process payments, fraud checks.
    • Data shared: Order details, billing info, transaction IDs, and limited device data.
  • Shipping and delivery providers:
    • Purpose: Deliver your order and handle returns.
    • Data shared: Name, address, phone/email, order items, delivery notes.
  • IT and security providers:
    • Purpose: Hosting, backups, performance, spam detection (e.g., Akismet), DDoS protection, caching/CDN.
    • Data shared: Technical data and limited personal data necessary for operation.
  • Communication tools:
    • Purpose: Email delivery, newsletters (if opted in), customer support.
    • Data shared: Contact details, preferences, and message content.

We require these providers to protect your data and only use it for the services we request.

Data retention and service provision

We retain personal data only as long as necessary to provide services, comply with legal obligations, and resolve disputes. After retention periods, data is securely deleted or anonymised.

  • Orders and invoices:
    • Retention: Minimum required to meet UK tax and accounting requirements.
    • Purpose: Provide services as requested, customer support, legal compliance.
  • Customer accounts:
    • Retention: While active; inactive accounts may be removed or anonymised after 24 months.
  • Communications and support tickets:
    • Retention: Up to 24 months for service history and quality assurance.
  • Abandoned carts (if enabled):
    • Retention: Up to 3 months to offer assistance where appropriate.
  • Comments and reviews:
    • Retention: Indefinitely to maintain discussion history, unless you request deletion.
  • Analytics data:
    • Retention: Typically 14–26 months, aggregated/anonymised thereafter.
  • Cookie consent records:
    • Retention: Up to 24 months to demonstrate compliance.

If you request a password reset, your IP address may be included in the reset email to prevent fraud.

International data transfers

Some providers may process data outside the UK. Where this happens, we use safeguards such as adequacy decisions or standard contractual clauses to protect your data.

Security

We take reasonable technical and organisational measures to protect your data.

  • Access controls: Limited access to personal data based on role.
  • Encryption: HTTPS across the site; secure payment flows via providers.

No system is perfectly secure, but we work to prevent unauthorised access and promptly address issues.

Your rights

You have rights over your personal data.

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion where we no longer need the data, subject to legal obligations.
  • Restriction: Ask us to limit processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Portability: Receive your data in a commonly used format, where applicable.
  • Withdraw consent: Withdraw consent at any time for optional processing like marketing.

To exercise your rights, contact info@bowlsandpaws.co.uk. If you’re not satisfied, you can complain to the Information Commissioner’s Office (ICO).

ICO: ico.org.uk

Children’s privacy

Our services are not directed to children under 13, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us to delete it.

Updates to this policy

We may update this policy to reflect changes in our services or legal requirements. We’ll post updates on this page and adjust the “Last updated” date.

Last updated: 22 November 2025

WordPress-specific notes (comments, media, Gravatar)

  • Comments: We collect the data shown in the comments form, your IP address, and browser user agent for spam detection. An anonymised hash of your email may be sent to Gravatar to check if you use it. After approval, your profile picture is visible with your comment.
  • Media: Avoid uploading images with embedded location data (EXIF GPS). Visitors can download and extract location data from images.
  • Spam detection: Visitor comments may be checked through an automated spam detection service.