Privacy policy
Oliver Rose Designs
Effective from: 25th April 2025
Oliver Rose Designs (a trading name of Sarah Slaughter) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and potential clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Consent
By using our website you hereby consent to our Privacy Policy and agree to its terms.
Information we collect
We collect the following categories of personal information directly from you, as you visit our website, reach out to us, create an account with us, or place an order with us:
● Personal details: Such as your name, email address, telephone number, shipping address, and company name (if applicable).
● Account information: Such as your order history, wish list and any other information you provide to us when you complete the registration form, in addition to personal details.
● Cookies: are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org
● Marketing information: Such as your marketing preferences, and the level of engagement our emails receive, such as the delivery rates, open rates and click-through rates which our emails achieve.
● Log Files: track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
● Billing information: Such as credit, debit, or other payment card information, billing name, billing address.
● Communications you send us: Such as survey responses, correspondence, and any other information you provide to us.
● Web Beacons: “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
How we use the information we collect
We use the above categories of personal information for the following purposes:
|
Purpose of use |
Legal basis for processing |
Categories of personal information |
|
Perform transactions |
- Necessary for legitimate interests
- Necessary for compliance with a legal obligation
- Necessary to perform a contract or to take steps at your request to enter into a contract
- Consent (where you have provided consent as appropriate under applicable law)
|
Personal details, Account information, Log information, Marketing information, Billing information |
|
Respond to inquiries and messages we receive and keep records of correspondence |
- Necessary for legitimate interests
- Necessary to perform a contract or to take steps at your request to enter into a contract
|
Personal details, Account information, Log information, Billing information, and Communications you send us |
|
Manage your accounts and generally facilitate the running and operation of our business. |
- Necessary for legitimate interests
- Necessary for compliance with a legal obligation
|
Personal details, Account information, Log information, Marketing information, Billing information, Communications you send us, Visual information |
|
Make our website more intuitive and easier to use and conduct research regarding opinions of customer services |
- Necessary for legitimate interests
- Consent (where you have provided consent as appropriate under applicable law)
|
Personal details, Account information, Log information, Marketing information, Communications you send us, Visual information |
|
Protect the security and effective functioning of our website and information technology systems. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity. |
- Necessary for legitimate interests
- Necessary for compliance with a legal obligation
|
Personal details, Account information, Billing information, Log information |
|
Provide relevant marketing |
- Necessary for legitimate interests
- Consent (where you have provided consent as appropriate under applicable law)
|
Personal details, Account information, Log information, Marketing information, Visual information |
|
Address our compliance and legal obligations and exercise our legal rights |
- Necessary for compliance with a legal obligation |
Personal details, Account information, Log information, Marketing information, Billing information, and Communications you send us |
How We Share Your Personal Information
We may share personal information, for the purposes outlined above, with the following categories of recipients:
● Service providers: We share personal information with service providers, acting as data processors, to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above (e.g., information technology services, information storage, payment processing, fraud detection, marketing management and communications, customer service functions, statistical analysis). We require such parties by contract to provide reasonable security for personal information and to use and process such personal information only on our behalf, and in compliance with applicable law. A limited number of service providers will act as data controllers (e.g., fraud detection, and statistical analysis) and will be contractually obligated to comply with applicable data protection laws, rules, and regulations.
● Auditors, advisors, and financial institutions: We share personal information with auditors for the performance of audit functions, with advisors for the provision of legal and other advice, and with financial institutions in connection with payment and other transactions.
● Mandatory disclosures and legal rights: We may share personal information in order to comply with any subpoena, court order, other legal process, or other governmental request. We also share personal information to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims or prevent fraud.
Service providers we use:
|
Name |
Purpose |
Privacy Policy |
|
Shopify |
E-commerce Platform |
|
|
Royal Mail Click & Drop |
Shipping Carrier |
|
|
Microsoft Clarity |
Analytics Tool |
|
|
Google Analytics |
Analytics Tool |
|
|
|
Advertising |
|
|
Consentmo GDPR |
Cookie Consent Management |
https://www.consentmo.com/privacy-policy-terms-of-service/en |
|
Easify Options |
Product Personalisation |
|
|
Judge.me |
Review collection |
|
|
Essential Loyalty & Rewards |
Loyalty & Rewards Scheme |
Where do you store the information you collect
We will only store and transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR to equivalent standards by law. Should information need to be transferred out of the EU/EEA (due to cloud storage) this will be done under the Privacy Shield.
How long do we retain the information we collect
We will not keep your personal data for any longer than is necessary in light of the reason(s) in which it was first collected. Your personal data will therefore be kept for the following periods (where there is no fixed period, the following facts will be used to determine how long it is kept):
● Personal details for as long as a contractual relationship exists between us.
● Contact details for an indefinite period following our contractual relationship terminating to prove the existence of such a relationship.
● Information for the purpose of legal and regulatory obligations, to resolve disputes and to enforce agreements for an indeterminate period of time.
Cookies
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner are called "first-party cookies". Cookies set by parties other than the website owner are called "third-party cookies". Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g. advertising, interactive content and analytics). The parties that set these third-party cookies can recognise your computer both when it visits the website in question and also when it visits certain other websites.
How can I control cookies?
You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.
The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/. or http://www.youronlinechoices.com.
We use cookies to enhance your experience on our website. These cookies are broken down into the following categories:
● Essential Cookies: Required for site functionality
● Reporting & Analytics: Used to track website performance.
● Marketing: Used for personalised advertising.
Cookies for Essential functions of the website
|
Provider |
Name |
Function |
|
Shopify |
_ab |
Used in connection with access to admin.
|
|
Shopify |
_secure_session_id |
Used in connection with navigation through a storefront. |
|
Shopify |
cart |
Used in connection with shopping carts.
|
|
Shopify |
cart_sig, cart_ts, checkout_token, secret, cart_currency, _pay_session, shopify_pay_redirect |
Used in connection with checkout. |
|
Shopify |
secure_customer_sig |
Used in connection with customer login. |
|
Shopify |
storefront_digest |
Used in connection with customer login. |
|
Shopify |
cart_currency |
|
|
Shopify |
_shopify_u |
Used to facilitate updating customer account information. |
|
Cosentmo GDPR Compliance |
consentmo_cookie_consent |
Cookie consent management. |
|
Shopify |
_tracking_consent |
Tracking preferences. |
|
Shopify |
localization |
Website language and currency. |
Cookies for Reporting and Analytics
|
Provider |
Name |
Function |
|
Shopify |
_landing_page, _orig_referrer |
Track landing pages |
|
Shopify |
_s, _shopify_fs, _shopify_s, _shopify_y |
Shopify analytics. |
|
Shopify |
_shopify_sa_p , _shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
|
Google Analytics |
_ga, _gid, _gat |
Google Analytics website traffic tracking. |
|
Microsoft Clarity |
MCLID, MUID |
Website traffic tracking (anonymised) |
Cookies for Marketing
|
Provider |
Name |
Function |
|
Google Ads |
_gads, _gac, NID, ANID, IDE, ID |
Google Ads personal ads targeting and tracking. |
|
Google Adwords |
ga-audiences |
Google Adwords personal ads targeting and tracking. |
|
|
_fbc, fr, date, c_user, xs |
Facebook Ads and Tracking. |
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Your Privacy Choices
At checkout and upon first arriving at the site you will have the option to receive marketing communications from us, by ticking a box indicating that you would like to receive such communications during checkout or at any time while browsing the site by entering your email address into our newsletter sign-up form. You may sign up for our e-newsletter on our website or opt-in to receive news, offers, or updates on out-of-stock items.
You have control regarding our use of your personal information for direct marketing. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, you can choose to not receive such communications at any time. Please follow the unsubscribe link in the relevant communication (e.g., ticking a box to opt-out, clicking “unsubscribe” in an email from us).
Under the GDPR, you have the following rights, which we will always work to uphold:
● The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out or to ask any questions using the details in the contact section.
● The right to access the personal data we hold about you.
● The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in the contact section to find out more.
● The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in the contact section to submit your request.
● The right to restrict (i.e. prevent) the processing of your personal data.
● The right to object to us using your personal data for a particular purpose or purposes.
● The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service business in many cases.
● Rights relating to automated decision-making and profiling. [we do not use your personal data in this way]
How Can I access my personal data
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in the contact section.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 30 days and, in any case, not more than one month after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
Further Information and Complaints
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a complex area of law. More information about your legal rights can be found on the ICO’s website at https://ico.org.uk/for-the-public/.
Further information about your rights can also be obtained from the Information Commissioner’s Office, your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office - https://ico.org.uk/make-a-complaint/.
Third-Party Links and Third-Party Advertising
This website contains links and references to other websites (e.g. social media buttons) administered by unaffiliated third parties. This privacy policy does not apply to such third-party websites. When you click a link to visit a third-party website, you will be subject to that website's privacy policies. The inclusion of a linked site or service by us or by our affiliates does not imply endorsement. We encourage you to familiarise yourself with the best privacy and security practices before visiting any third-party websites.
This site may be linked via sponsored links (or advertisements / sponsored posts) and adverts. These will typically be served through our advertising partners who may have detailed privacy policies relating directly to the adverts they serve. Although this site only looks to include quality, safe and relevant external links, you should always adopt a policy of caution before clicking any external web links.
Changes
We may update this Privacy Policy from time to time to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. We will specify at the end of this policy the date of the last policy update(s).
Contact
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details
Email Address: info@oliverrosedesigns.co.uk
Telephone Number: 01375 462377
Postal Address: Oliver Rose Designs, 82 Welling Road, Orsett, Grays, Essex, RM16 3DW
