PRIVACY POLICY (UK GDPR)

Privacy Policy

This Privacy Policy explains how we collect, use, share and protect personal data when you use our Store or buy our products.

UK GDPR and Data Protection Act 2018

1. Who we are (data controller)

Controller: PAPADEN LTD (trading as “PapaDen”)
Company number: 15673833
Registered office: 21 West View, Wesham, Preston, England, PR4 3DA
Contact email: privacy@papaden.co.uk

If you have questions about this policy or your data, email us at privacy@papaden.co.uk.

2. Personal data we collect

Depending on how you use the Store and what you buy, we may collect:

Identity and contact data

  • Name
  • Email address
  • Billing address
  • Delivery address (for Goods)
  • Telephone number (if provided)

Order and transaction data

  • Order details, items purchased, timestamps
  • Payment status (payment card details are handled by payment processors; we do not receive full card numbers)

Personalisation data

  • Names, dates, and messages you request on the artwork
  • Photos/images you upload or send to us
  • Optional preferences you provide (for example facts/events requests)

Technical data

  • IP address, device information, browser information, cookies and similar technologies

Communications

  • Emails/messages to and from customer support
  • Proof approvals and change requests

3. How we use your data and lawful bases

We process personal data under UK GDPR and the Data Protection Act 2018 for the following purposes:

To perform our contract with you

  • Create and supply personalised Digital Content and/or Goods
  • Provide customer service, proofs, and order updates
    Lawful basis: contract.

To meet legal obligations

  • Accounting, tax and statutory recordkeeping
    Lawful basis: legal obligation.

To run and secure our business

  • Prevent fraud, secure the Store, manage disputes and chargebacks
    Lawful basis: legitimate interests.

Marketing (if applicable)

  • Sending marketing emails only where you have opted in (or where permitted under applicable rules)
    Lawful basis: typically consent (and you can withdraw at any time).

4. Who we share data with (processors)

We may share personal data with:

  • Shopify (e-commerce platform hosting, order management)
  • Payment providers (to process payments)
  • Email/communications providers (to send order emails and digital delivery links)
  • Delivery carriers (for Goods deliveries)
  • Professional advisers (accountants, legal advisers) where necessary
  • Fraud prevention and dispute/chargeback services where required

We only share what is necessary for the relevant purpose.

5. International transfers

Some service providers may process data outside the UK. Where this occurs, we use appropriate safeguards recognised under UK GDPR (for example international data transfer agreements or adequacy regulations where applicable).

6. Data retention

We retain data only as long as necessary:

  • Order and invoice records: typically up to 6 years for UK accounting/tax purposes.
  • Personalisation files and photos: typically up to 90 days after fulfilment to handle queries/replacements, unless a longer period is necessary for an ongoing dispute, legal claim, or you request earlier deletion where applicable.
  • Customer support communications: typically up to 24 months, unless needed longer for dispute/legal reasons.

7. Your rights (UK GDPR)

Subject to legal limits, you have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (where applicable)
  • Restrict or object to processing (in certain situations)
  • Data portability (in certain situations)
  • Withdraw consent (where processing is based on consent)
  • Complain to the UK Information Commissioner’s Office (ICO)

To exercise rights, contact us at privacy@papaden.co.uk.

Security

8. Security

We use appropriate technical and organisational measures to protect personal data. No system is completely secure; please protect your account credentials and contact us if you suspect unauthorised access.

9. Children

The Store is not intended for children, and we do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date shows when it was most recently changed.

Cookies help the Store function, improve performance, remember preferences, and support analytics and advertising features where enabled.

Last updated: 17 January 2026
Company: PAPADEN LTD

1. What cookies are

Cookies are small text files placed on your device when you visit a website. They help websites function, improve performance, and remember preferences.

2. How we use cookies

We use cookies and similar technologies to:

  • Enable core site functionality (cart, checkout, account login)
  • Remember preferences
  • Understand how visitors use the Store (analytics)
  • Help prevent fraud and keep the Store secure
  • Support marketing/advertising features where enabled (for example measuring ad effectiveness)

3. Shopify and third-party cookies

Our Store is hosted by Shopify. Shopify and third-party apps you interact with may set cookies to enable store features and services.

4. Managing cookies

You can manage cookies through:

  • Cookie banner preferences (where provided), and/or
  • Your browser settings (blocking or deleting cookies)

Blocking essential cookies may stop parts of the Store from working correctly (for example checkout).