Privacy Policy
1. Who We Are
Boutique Supply Co is a trading name of GETBOOKD LTD (Company No. pending), registered at 49 Maes y Crofft, Morganstown, Cardiff CF15 8FE, United Kingdom. We are the data controller for the personal data we collect through this website.
For any privacy-related queries, contact us at info@boutiquesupplyco.com.
2. Data We Collect
2.1 Information You Provide
- Account and order data: Name, email address, business name, delivery address, phone number, and payment details when you place an order or create a trade account.
- Contact form submissions: Name, email, and any message content you send via our enquiry or wholesale application forms.
- Communications: Records of emails, phone calls, or other correspondence with our team.
2.2 Data Collected Automatically
- Usage data: Pages visited, time on site, referral source, browser type, device type, and IP address, collected via Vercel Analytics.
- Cookies: Essential cookies for site functionality and optional analytics cookies. See Section 6 for details.
3. How We Use Your Data
We process personal data for the following purposes:
- Fulfilling orders and managing your trade account
- Processing payments securely through Stripe
- Communicating about your orders, deliveries, and account
- Responding to enquiries and providing customer support
- Improving our website and services through anonymised analytics
- Complying with legal obligations (e.g. tax records, fraud prevention)
4. Legal Basis for Processing
Under the UK GDPR, we rely on the following legal bases:
- Contract: Processing necessary to fulfil your orders and manage your account.
- Legitimate interest: Analytics to improve our services, fraud prevention, and direct marketing to existing customers.
- Legal obligation: Retaining financial records as required by HMRC.
- Consent: Where you opt in to marketing communications. You may withdraw consent at any time.
5. Third-Party Services
We share data with trusted third parties only as necessary to operate our business:
- Stripe — Payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
- Vercel — Website hosting and analytics. See Vercel's Privacy Policy.
- Royal Mail / Courier partners — Delivery fulfilment (name and delivery address only).
We do not sell your personal data to any third party.
6. Cookies
We use the following types of cookies:
- Essential cookies: Required for the website to function (e.g. session management). Cannot be disabled.
- Analytics cookies: Help us understand how visitors use our site. These are anonymised and do not identify you personally.
You can manage cookie preferences through your browser settings. Disabling cookies may affect site functionality.
7. Data Retention
- Order and account data: Retained for 6 years after your last transaction, in line with HMRC requirements.
- Contact form submissions: Retained for 2 years, then deleted.
- Analytics data: Anonymised and retained for up to 24 months.
- Marketing consent records: Retained for as long as you remain subscribed, plus 1 year after unsubscribing.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of the data we hold about you.
- Right to rectification: Ask us to correct inaccurate or incomplete data.
- Right to erasure: Request deletion of your data (where no legal obligation to retain it exists).
- Right to restrict processing: Ask us to limit how we use your data.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interest or direct marketing.
- Right to withdraw consent: Where processing is based on consent, withdraw at any time.
To exercise any of these rights, email us at info@boutiquesupplyco.com. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including encrypted connections (TLS/SSL), secure payment processing via Stripe (PCI DSS compliant), access controls, and regular security reviews.
10. International Transfers
Your data is primarily processed within the UK and EEA. Where data is transferred outside these regions (e.g. to US-based service providers like Stripe and Vercel), we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent measures.
11. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via our website. The "Last updated" date at the top reflects the most recent revision.
13. Contact
GETBOOKD LTD
49 Maes y Crofft
Morganstown, Cardiff CF15 8FE
United Kingdom
info@boutiquesupplyco.com