SupacolourSupacolour

Privacy Policy

Supacolour

Privacy Policy – Supacolour UK Ltd

11/11/25

This Privacy Policy describes how Supacolour UK Ltd (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from www.supacolour.co.uk (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

UK GDPR Compliance: This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Supacolour UK Ltd is the data controller responsible for your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect personal information about you from a variety of sources, as set out below. The information that we collect, and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

·       Contact details including your name, address, phone number, and email

·       Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number

·       Account information including your username, password, security questions and other information used for account security purposes

·       Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect about Your Usage

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

·       Companies who support our Site and Services, such as Shopify

·       Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfil your orders and provide you with products or services you have requested, in order to perform our contract with you

·       When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies

 

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. Also see the section below, Third Party Websites and Links.

Lawful Basis for Processing Your Personal Information

Under UK GDPR, we must have a lawful basis for processing your personal information. We rely on the following lawful bases:

Purpose

Lawful Basis

Processing and fulfilling orders

Performance of a contract with you

Creating and managing your account

Performance of a contract with you

Payment processing

Performance of a contract with you

Customer support

Performance of a contract with you and our legitimate interests in providing quality service

Marketing communications (with consent)

Your consent

Improving our services and website

Our legitimate interests in operating and improving our business

Fraud prevention and security

Our legitimate interests in protecting our business and customers

Legal compliance

Legal obligation

Analytics and usage tracking

Our legitimate interests in understanding how our services are used

 

Where we rely on our legitimate interests, we have balanced these against your rights and freedoms and ensured appropriate safeguards are in place.

How We Use Your Personal Information

Providing Products and Services

We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfil your orders, to send notifications to you related to your account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, facilitate any returns and exchanges and other features and functionalities related to your account. We may also enhance your shopping experience by enabling Shopify to match your account with other Shopify services that you may choose to use. In this case, Shopify will process your information as set forth in its Privacy Policy and Consumer Privacy Policy.

Marketing and Advertising

We may use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites. We will only send you marketing communications where you have consented or where we have another lawful basis to do so.

Security and Fraud Prevention

We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately.

Communicating with You and Service Improvement

We use your personal information to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you.

Cookies and Similar Technologies

Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies.

We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimise the Services). We may also permit third parties and service providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Cookie Consent: In compliance with the Privacy and Electronic Communications Regulations (PECR), we will ask for your consent before placing non-essential cookies on your device. You can manage your cookie preferences through our cookie consent tool when you first visit our Site.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for contract fulfilment purposes, legitimate purposes and other reasons subject to this Privacy Policy. Such circumstances may include:

·       With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping)

·       With business and marketing partners to provide services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices

·       When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship your products or through your use of social media widgets or login integrations, with your consent

·       With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business

·       In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others

 

We disclose the following categories of personal information about users for the purposes set out above:

Category

Categories of Recipients

Identifiers such as basic contact details and certain order and account information

Vendors and third parties who perform services on our behalf (such as Internet service providers, payment processors, fulfilment partners, customer support partners and data analytics providers)

Commercial information such as order information, shopping information and customer support information

Business and marketing partners, Affiliates

Internet or other similar network activity, such as Usage Data

Business and marketing partners, Affiliates

Geolocation data such as locations determined by an IP address or other technical measures

Vendors and third parties who perform services on our behalf

 

We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. Our retention periods are as follows:

·       Customer account data: Retained while your account is active and for 7 years after your last transaction for accounting and legal compliance purposes

·       Order and transaction data: Retained for 7 years to comply with tax and accounting obligations

·       Marketing data: Retained until you withdraw consent or for 3 years from your last interaction with our marketing communications

·       Customer support data: Retained for 3 years after the support case is closed

·       Website usage data: Typically retained for 26 months

When we no longer need your personal information, we will securely delete or anonymise it.

Third Party Websites and Links

Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children under the age of 13, and we do not knowingly collect any personal information about children under 13. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we process personal information of individuals under 16 years of age for marketing purposes.

Security and Retention of Your Information

We implement appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include encryption, access controls, and secure storage systems.

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

Your Rights Under UK GDPR

You have the following rights in relation to your personal information:

·       Right to Access: You have the right to request access to the personal information we hold about you and to receive information about how we process it

·       Right to Rectification: You have the right to request that we correct inaccurate personal information we hold about you

·       Right to Erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected

·       Right to Restrict Processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances

·       Right to Data Portability: You have the right to receive a copy of your personal information in a structured, commonly used and machine-readable format and to request that we transfer it to another organisation

·       Right to Object: You have the right to object to our processing of your personal information where we rely on legitimate interests as our lawful basis, including for marketing purposes

·       Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time

·       Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal information in accordance with the law

·       Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorised agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorised them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request within one month, though this may be extended by up to two months for complex requests.

Automated Decision-Making and Profiling

We do not use your personal information for automated decision-making or profiling that produces legal effects or similarly significantly affects you. If this changes in the future, we will update this Privacy Policy and seek your consent where required.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below.

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

International Users

Please note that we may transfer, store and process your personal information outside the country you live in, including to countries within the European Economic Area and other jurisdictions. Your personal information is also processed by staff and third-party service providers and partners in these countries.

If we transfer your personal information out of the UK, we will rely on recognised transfer mechanisms like the UK International Data Transfer Agreement (IDTA) or the UK International Data Transfer Addendum to the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Data Protection Contact

If you have any questions about how we handle your personal information or would like to exercise any of your rights, please contact our Data Protection Contact:

Email: jim@supacolour.co.uk

Address: Unit A, Bracknell House, Pywell Road, Corby, NN17 5XJ, United Kingdom

Phone: (+44) 01536203461

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please email us at jim@supacolour.co.uk or contact us at Unit A, Bracknell House, Pywell Road, Corby, NN17 5XJ, United Kingdom.