top of page
Privacy Policy
Privacy Policy

Effective Date: September 2025

The Crafty Nanas ("we," "our," or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

The Crafty Nanas

Joan Dewar

joanpdewar@btinternet.com

2. What Personal Data We Collect

We may collect and process the following personal data:

  • Identity Data: Name, username, or similar identifiers

  • Contact Data: Email address, phone number, billing and shipping addresses

  • Transaction Data: Purchase details, payment information (processed securely via third-party providers)

  • Technical Data: IP address, browser type, device information, and website usage data via cookies and similar technologies

  • Communication Data: Emails, messages, or feedback you send to us

We do not collect special categories of personal data (e.g., health, religion, or biometric data).

3. Legal Bases for Processing

We process your personal data under one or more of the following lawful bases:

  • Contract: To process and deliver your orders, payments, and account management

  • Consent: When you opt in to newsletters, marketing, or cookies

  • Legal Obligation: To comply with tax, accounting, or regulatory requirements

  • Legitimate Interests: To improve our website, prevent fraud, and enhance customer experience (unless your rights override these interests)

4. How We Use Your Data

We use your personal data to:

  • Fulfil and deliver your purchases

  • Manage your customer account (if applicable)

  • Communicate with you about your orders, inquiries, or promotions (if you consent)

  • Improve our website, services, and customer support

  • Comply with legal obligations

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Payment processors, shipping carriers, website hosting, and IT support

  • Legal Authorities: If required by law or regulation

  • Business Transfers: In the event of a merger, acquisition, or sale of business assets

All third-party providers are required to respect your privacy and process data in accordance with GDPR.

6. International Data Transfers

If we transfer personal data outside the UK or European Economic Area (EEA), we will ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission or UK Government

  • Standard Contractual Clauses (SCCs)

  • Other lawful mechanisms under GDPR

7. Data Retention

We retain your personal data only for as long as necessary for the purposes collected, including:

  • Order and transaction records: 6 years (for tax/legal obligations)

  • Marketing data: Until you withdraw consent or unsubscribe

  • General inquiries: Up to 2 years after resolution

After retention periods, your data will be securely deleted or anonymized.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access – Request a copy of your data

  • Right to Rectification – Correct inaccurate or incomplete data

  • Right to Erasure – Request deletion of your data (subject to legal obligations)

  • Right to Restrict Processing – Limit how your data is used

  • Right to Data Portability – Receive your data in a machine-readable format

  • Right to Object – Object to processing based on legitimate interests or direct marketing

  • Right to Withdraw Consent – If processing is based on consent, you may withdraw it at any time

To exercise your rights, contact us at [insert email]. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies & Tracking

We use cookies and similar technologies to enhance your experience. You will be asked to provide consent before non-essential cookies are set. You may change your cookie preferences at any time via your browser or cookie banner settings.

10. Data Security

We use appropriate technical and organizational measures to protect your personal data, including encryption, secure servers, and restricted access. However, no method of transmission over the internet is 100% secure.

11. Children’s Privacy

Our website is not intended for children under 16, and we do not knowingly collect their data. If we learn we have done so, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with the “Effective Date.”

13. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us:

Email: joanpdewar@btinternet.com

bottom of page