Privacy Policy

Privacy Policy for The Lavender Lair

Effective Date:23/06/2025
Last Updated: 23/06/2025

1. Introduction

Welcome to The Lavender Lair ("we", "us", or "our"). This Privacy Policy explains how we collect, use, and protect your personal data when you visit our store, website, or use our services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By interacting with us, you agree to the practices described in this policy.

 

 

3. What Information We Collect

We may collect the following types of personal data:

  • Contact Information: Name, email address, phone number

     
  • Transaction Data: Payment details (processed securely via third-party providers), purchase history

     
  • Account Information: Username, password (if registered online)

     
  • Marketing Preferences: Your choices on how we contact you

     
  • CCTV Footage: For security within our physical store premises

     

 

 

4. How We Use Your Information

We process your personal data for the following purposes:

  • To process and deliver your orders

     
  • To manage your customer account (if applicable)

     
  • To respond to your inquiries and provide customer service

     
  • To send you updates, promotions, or newsletters (with your consent)

     
  • To improve our products and services

     
  • To detect and prevent fraud or security issues

     

 

 

5. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

  • Contractual necessity – to fulfil our obligations under a purchase or service agreement

     
  • Legal obligation – to comply with applicable laws

     
  • Consent – where you have given us permission (e.g. marketing emails)

     
  • Legitimate interest – to operate and grow our business responsibly

     

 

 

6. Sharing Your Data

We do not sell or rent your personal data. We may share your data with:

  • Payment processors (e.g. Square, Stripe)

     
  • Delivery and courier services

     
  • IT service providers supporting our systems

     
  • Legal or regulatory authorities if required by law

     

 

 

7. Data Retention

We retain your personal data only as long as necessary for the purposes stated in this policy or as required by law (e.g. tax purposes). When no longer needed, we securely delete or anonymise your data.

 

 

8. Your Rights

You have the right to:

  • Access the personal data we hold about you

     
  • Correct inaccuracies in your data

     
  • Request erasure ("right to be forgotten")

     
  • Restrict or object to processing

     
  • Withdraw consent at any time (where applicable)

     
  • Lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

     

To exercise these rights, please contact us at [your store’s email].

 

 

9. Security

We take appropriate security measures to protect your data, including:

  • Secure payment systems

     
  • Encrypted website access (HTTPS)

     
  • Restricted access to customer records

     
  • CCTV data stored securely and retained only for a limited time

     

 

 

10. Cookies and Tracking

If we operate a website, it may use cookies to enhance user experience. You can control cookie settings in your browser or via our cookie consent banner (if applicable).

 

 

11. Children’s Privacy

We do not knowingly collect personal information from children under 13. If we become aware of such data, we will delete it promptly.

 

 

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website with the "last updated" date.

 

 

 

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.