Privacy Policy

Privacy Policy

Last updated: 3 September 2025

This Privacy Policy explains how PlatesandCups.com ("we", "us", "our") collects, uses, discloses, and protects your personal data when you visit or make a purchase on our website (the Site) or otherwise interact with us (the Services).

If anything here conflicts with local law, we follow the law. Capitalised terms are defined in context.

1) Who we are (Data Controller)

Controller:  Platesandcups.com

Registered address: Research House, London, United Kingdom

Contact for privacy matters: Contact us

Data Protection Officer (if appointed): [Name / Contact]

Our store is powered by Shopify. Shopify acts as our service provider/processor. For details on Shopify’s privacy practices, see Shopify’s privacy notice and data processing terms.

2) What data we collect and why

We collect information that identifies, relates to, describes, or can reasonably be linked to you (Personal Data). The data we collect depends on how you interact with us.

A. Device & Usage Data (collected automatically)

  • Examples: IP address, device type, browser version, time zone, cookie identifiers, pages/products viewed, search terms, clicks, referring/exit pages, and how you interact with the Site.

  • How we collect: cookies, log files, web beacons, tags, pixels, SDKs.

  • Why: to load the Site, provide core functionality, prevent abuse, and run analytics to improve performance and user experience.

  • Legal basis (UK/EU): our legitimate interests in running a secure, effective Site and, where required, consent for non‑essential cookies/analytics/advertising.

B. Identity & Contact Data

  • Examples: name, email address, billing and shipping addresses, telephone number.

  • How we collect: checkout forms, account registration, newsletter sign‑ups, customer support channels (including live chat), surveys, or events/promotions.

  • Why: to create/manage your account, fulfil orders, communicate with you, and provide customer support.

  • Legal basis (UK/EU): performance of a contract (order fulfilment); legitimate interests (support, account management); consent (marketing communications where required).

C. Order & Transaction Data

  • Examples: items purchased, order value, payment method, transaction identifiers, fulfilment and delivery information, invoices/receipts.

  • How we collect: during checkout via our ecommerce platform and payment providers. We do not store full payment card numbers; these are processed securely by our payment processors.

  • Why: to process payments, deliver products, provide invoices/order confirmations, handle returns, and screen for fraud.

  • Legal basis (UK/EU): performance of a contract; legal obligations (tax/accounting); legitimate interests (fraud prevention and network security).

D. Communications & Support Data

  • Examples: messages sent via email or live chat, call notes, support tickets, and related metadata.

  • Why: to respond to requests, troubleshoot, and improve our Services and training.

  • Legal basis (UK/EU): legitimate interests (customer service) and performance of a contract where applicable.

E. Marketing Preferences & Engagement

  • Examples: your subscriptions, opt‑in/opt‑out status, and interactions with our emails or ads.

  • Why: to send relevant updates and offers (when permitted) and to honour your choices.

  • Legal basis (UK/EU): consent (where required by law) and legitimate interests for permitted direct marketing to existing customers.

We do not intentionally collect special category/sensitive data. Please avoid sharing such information with us.

3) Cookies, tracking & choices

Cookies are small files placed on your device. We use:

  • Strictly necessary cookies – core functionality and security (do not require consent).

  • Preference/functionality cookies – remember choices (may require consent).

  • Performance/analytics cookies – help us understand Site usage (consent where required).

  • Advertising/targeting cookies – deliver and measure ads (consent where required).

Manage your preferences: You can control cookies in our banner or settings panel: [link to “Cookie Settings”]. You can also use your browser settings to block or delete cookies. Blocking some cookies may impact Site functionality.

Do Not Track: We do not currently respond to browser “Do Not Track” signals due to lack of a common standard. We honour applicable consent requirements.

4) How we use Personal Data

We use your Personal Data to:

  1. Provide and improve the Services – operate the Site, process orders and payments, arrange shipping/returns, and maintain your account.

  2. Communicate with you – order updates, service messages, and responses to enquiries.

  3. Personalise and analyse – understand performance, improve our content, and tailor your experience (with consent where required).

  4. Marketing – send newsletters and offers with your consent or as permitted by law (you can opt out at any time).

  5. Security and fraud prevention – protect accounts, detect suspicious activity, and maintain network security.

  6. Compliance – meet tax, accounting, and other legal obligations.

We will only process Personal Data where we have a lawful basis and for the purposes listed above (or compatible purposes).

5) Sharing your Personal Data

We share Personal Data with trusted recipients for the purposes above, including:

  • Shopify (store platform/processor) and Shopify apps we install (e.g., for shipping, reviews, analytics, marketing).

  • Payment processors (e.g., Shopify Payments, PayPal) – to securely process payments.

  • Fulfilment and logistics partners – carriers, warehouses, and returns processors.

  • Customer support and communications tools – including live chat and email service providers.

  • Analytics and advertising partners – where enabled and subject to consent where required.

  • Professional advisers – lawyers, auditors, accountants.

  • Authorities – where required by law or to protect rights, property, or safety.

We require recipients to handle Personal Data securely and lawfully. We do not sell your Personal Data for money. Where US/California law applies, we do not knowingly "sell" or "share" Personal Data as defined by the CPRA. If we enable advertising cookies or cross‑context behavioural advertising in future, we will provide a "Do Not Sell or Share My Personal Information" link and honour opt‑out signals.

6) International transfers

Your data may be processed outside the UK/EEA (for example, where our providers operate). When we transfer Personal Data internationally, we use lawful safeguards such as the UK/EU Standard Contractual Clauses (and UK Addendum), adequacy regulations/decisions, or other appropriate measures.

7) Data retention

We keep Personal Data only as long as necessary for the purposes above:

  • Order/transaction records: typically 6 years after the end of the financial year in which the transaction occurred (to meet tax/legal obligations), unless a longer period is required by law.

  • Account data: while your account is active and for a reasonable period after closure.

  • Support records: for up to 24 months after resolution, unless needed longer to establish or defend legal claims.

  • Marketing data: until you opt out or your consent is withdrawn, after which we retain a minimal record to respect your choice.

  • Cookies: per their individual lifespan (see Cookie Settings).

8) Your rights

UK/EEA residents (UK GDPR/EU GDPR)

You have the right to access, rectify, erase, restrict or object to processing, and to data portability. Where we rely on consent, you may withdraw consent at any time (this does not affect prior processing). You also have the right to complain to a supervisory authority. In the UK, this is the ICO.

California residents (CPRA)

You may have the right to know/access specific pieces and categories of Personal Information we collect, delete Personal Information, correct inaccurate information, and opt out of the sale/share of Personal Information and certain profiling. We will not discriminate against you for exercising your rights.

How to exercise rights: Email us at Contact us or write to us at the address above. We may need to verify your identity and, where permitted, may refuse manifestly unfounded or excessive requests.

9) Security

We use technical and organisational measures appropriate to the risk (e.g., encryption in transit, access controls, backups). No method of transmission or storage is 100% secure. If we become aware of a data incident affecting your rights, we will notify you and regulators as required by law.

10) Children’s privacy

Our Services are not directed to children. We do not knowingly collect Personal Data from children under the age required by local law (e.g., 13 or 16 in the UK/EU). If you believe a child has provided Personal Data, please contact us so we can take appropriate action.

11) Automated decision‑making

We do not carry out decisions based solely on automated processing that produce legal or similarly significant effects. We may use automated tools to help detect fraud or abusive activity; you can request human review of such assessments.

12) Third‑party links

Our Site may link to third‑party websites or services. Their privacy practices are governed by their own policies; we are not responsible for them.

13) Changes to this Policy

We may update this Policy from time to time to reflect operational, legal, or regulatory changes. We will post the updated version on this page with a new “Last updated” date. Where changes are material, we will take additional steps to inform you.

14) Contact us

Questions or requests about this Policy or your Personal Data? Please contact Contact us or write to [Plates & Cups Ltd, Address, Country].