Privacy Policy
Last updated: [Insert Date]
Sole Trader
Website: https://art.wrightwells.com
Email: art_admin@wrightwells.com
1. Introduction
This Privacy Policy explains how I, collect, use, store and protect your personal data when you visit or purchase from my website powered by WordPress and WooCommerce.
As a sole trader, I am the Data Controller for the purposes of the:
My information security practices are aligned with the principles of:
2. Contact Details
Trading as: [Business Name]
Email: [Insert Email Address]
]
3. What Personal Data I Collect
A. When You Place an Order
- Full name
- Billing address
- Delivery address
- Email address
- Telephone number
- Order details
- IP address (for fraud prevention)
B. Payment Information (Stripe)
Payments on this website are processed securely by Stripe.
- I do not store full card numbers.
- Payment data is transmitted directly to Stripe using encrypted (SSL) connections.
- Stripe may collect payment information including card details, billing information, and transaction metadata.
- Stripe acts as an independent data controller for payment processing.
You can view Stripe’s privacy policy at: https://stripe.com/gb/privacy
C. Account Registration (If Enabled)
- Username
- Email address
- Encrypted password
- Order history
D. Contact Forms
- Name
- Email address
- Any information you choose to provide
E. Automatically Collected Data
- IP address
- Browser type
- Device information
- Website activity
4. How I Use Your Personal Data
I process your personal data to:
- Fulfil and deliver orders
- Process payments
- Provide customer service
- Send order confirmations
- Prevent fraud
- Comply with HMRC tax obligations
- Improve website functionality
I do not sell personal data.
5. Legal Basis for Processing
Under UK GDPR, I rely on:
- Contractual necessity – to fulfil orders
- Legal obligation – to comply with tax and accounting laws
- Legitimate interests – to operate and secure my business
- Consent – for marketing communications (if applicable)
6. Marketing Communications (If Used)
If you opt in to receive marketing emails:
- You may unsubscribe at any time via the link in emails
- You may contact me to withdraw consent
7. Data Sharing
I may share personal data with:
- Stripe (payment processing)
- Courier and delivery companies
- Website hosting providers
- IT/security service providers
- Accountants
- HMRC or regulators (where legally required)
All third parties are required to process data securely.
8. International Transfers
Stripe may transfer data outside the UK. Where this occurs, appropriate safeguards such as Standard Contractual Clauses are used.
9. Data Retention
I retain personal data as follows:
- Order and invoice data: minimum 6 years (HMRC requirement)
- Account data: until account deletion
- Contact enquiries: typically 12–24 months
10. Data Security
I implement appropriate technical and organisational security measures including:
- SSL encryption (HTTPS)
- Secure hosting environment
- Password protection
- Restricted admin access
- Regular WordPress and WooCommerce updates
11. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request correction
- Request deletion
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent
If you are not satisfied with my response, you may lodge a complaint with the:
Information Commissioner’s Office (ICO)
12. Data Breaches
If a personal data breach occurs that is likely to result in risk to individuals, I will notify the ICO and affected individuals where required by law.
13. Children’s Privacy
This website is not intended for children under 13. I do not knowingly collect data from children.
14. Changes to This Policy
I may update this Privacy Policy periodically. Updates will be posted on this page with a revised date.