Retningslinjer for angrerett
Privacy Policy
Mono & Moss (monoandmoss.co.uk)
Last updated: [DATE]
This Privacy Policy explains how Mono & Moss ("we", "us", "our") collects, uses, shares, and protects your personal data when you visit or make a purchase from monoandmoss.co.uk (the "Site"), in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Business name: [YOUR REGISTERED BUSINESS NAME]
Business address: [YOUR ADDRESS]
Contact email: [YOUR SUPPORT EMAIL]
Data Controller: [YOUR NAME / BUSINESS NAME]
2. What Personal Data We Collect
We may collect the following categories of personal data:
Identity data: name, username
Contact data: email address, delivery address, billing address, phone number
Transaction data: details of orders you have placed, payment information (processed securely by our payment providers — we do not store full card details)
Technical data: IP address, browser type, device information, time zone setting
Usage data: information about how you use the Site, pages visited, products viewed
Marketing data: your preferences for receiving marketing communications
3. How We Collect Your Data
We collect data when you:
Create an account or place an order
Sign up for our newsletter or marketing emails
Browse the Site (via cookies and similar technologies)
Contact us for customer support
4. How We Use Your Data
We use your personal data to:
Process and fulfil your orders, including payment, delivery, and returns
Communicate with you about your order (confirmations, shipping updates, customer service)
Send you marketing communications, where you have consented, and allow you to opt out at any time
Improve the Site, our products, and customer experience
Detect and prevent fraud or misuse of the Site
Comply with our legal obligations
5. Legal Basis for Processing
We process your personal data under the following legal bases:
Contract: to fulfil our contract with you when you place an order
Consent: for marketing communications, which you can withdraw at any time
Legitimate interests: to improve our services and prevent fraud
Legal obligation: to comply with tax, accounting, and other legal requirements
6. Sharing Your Data
We may share your personal data with:
Payment processors (e.g. Shopify Payments, PayPal, Stripe) to process transactions securely
Delivery and fulfilment partners (including dropshipping suppliers) to deliver your order
IT and platform providers (e.g. Shopify) who host and support our Site
Marketing and analytics providers, where applicable
Law enforcement or regulators, where required by law
We do not sell your personal data to third parties.
7. International Data Transfers
Some of our service providers may process your data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision, to protect your data in accordance with UK GDPR.
8. Cookies
Our Site uses cookies and similar technologies to improve your browsing experience, remember your preferences, and analyse Site traffic. You can control cookies through your browser settings. For more details, see our Cookie Policy [if you have a separate one] or the cookie banner on our Site.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Order and transaction data is typically retained for [X years] in accordance with UK tax record-keeping requirements.
10. Your Rights
Under UK GDPR, you have the right to:
Access the personal data we hold about you
Correct inaccurate or incomplete data
Erase your data, in certain circumstances
Restrict or object to our processing of your data
Data portability — receive your data in a portable format
Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, contact us at [YOUR SUPPORT EMAIL]. We will respond within one month, as required by law.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
12. Children's Privacy
Our Site is not intended for children under 18. We do not knowingly collect personal data from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
Email: [YOUR SUPPORT EMAIL]
Address: [YOUR BUSINESS ADDRESS]
This document is a general template and does not constitute legal advice. We recommend having this Privacy Policy reviewed by a qualified solicitor or data protection professional before publishing, to ensure it accurately reflects your specific data practices and complies with current UK GDPR requirements.