Privacy policy

At SweetPaws, we take your privacy seriously and we're committed to protecting your personal information. This Privacy Policy explains in plain language what data we collect, why we collect it, how we use it, and the rights you have over your information. Please take a moment to read it — we've done our best to keep things clear and free of legal jargon.
This Privacy Policy applies to our website at sweetpaws.uk and all products, content, features, tools, and services we offer (the "Services"). Our store is powered by Shopify, which enables us to provide the Services to you. By using our website or making a purchase, you acknowledge that you have read and understood this Privacy Policy.
This policy is effective from 5 May 2026 and may be updated from time to time. We'll always post the latest version on this page, and if we make any significant changes, we'll let you know.
**1. Who We Are**
For the purposes of UK data protection law, we are the "data controller" of your personal information. Our company details — including our registered name, address, and registration number — are shown at the top of this page.
If you have any questions about this policy or how we handle your data, please contact us using the email address shown in our company details above. We aim to respond to all privacy-related enquiries within 5 working days.
**2. What Information We Collect**
When we use the term "personal information," we mean information that identifies or can reasonably be linked to you. This does not include information that has been anonymised or de-identified so that it cannot identify you.
We may collect or process the following categories of personal information, including any inferences drawn from this information, depending on how you interact with our Services:
**Information You Give Us Directly**
— **Contact details**: Your name, billing address, shipping address, phone number, and email address
— **Account information**: Your username, password, security questions, preferences, and settings
— **Communications**: Any information you include when contacting our customer support team
— **Reviews and content**: Any reviews, photos, or content you choose to post
**Financial Information**
— Payment card information, financial account information, transaction details, form of payment, and payment confirmations. Note: full card numbers are processed securely by our payment providers — we never see or store them.
**Information We Collect Automatically**
— **Device information**: Information about your device, browser, operating system, IP address, and other unique identifiers
— **Usage information**: How and when you interact with our Services, pages you visit, products you view, items added to cart or wishlist, and your past transactions
— **Location data**: Approximate location based on your IP address (country/region level)
— **Referral data**: The website or search term that referred you to us
We collect this information using cookies and similar technologies (see Section 7).
**Information from Third Parties**
We may also receive information about you from:
— Payment providers (to confirm your payment was successful)
— Shipping carriers (to provide delivery updates)
— Marketing and advertising partners
— Service providers who help us operate our store
**3. Why We Use Your Information and Our Lawful Basis**
Under UK GDPR, we must have a "lawful basis" for using your personal information. Here's a clear breakdown of why we use your data and the legal basis we rely on for each purpose:
**To fulfil your order (Lawful basis: Performance of a contract)**
We use your name, address, email, phone number, and order details to process your purchase, arrange shipping, send order confirmations, and handle returns or refunds. This includes remembering your preferences, recommending related products, and creating a customised shopping experience.
**To provide customer support (Lawful basis: Performance of a contract / Legitimate interests)**
When you contact us, we use your information to respond to your questions and resolve any issues with your order.
**To prevent fraud and keep our store secure (Lawful basis: Legitimate interests / Legal obligation)**
We use your IP address, device information, and order details to authenticate your account, detect and prevent fraudulent transactions, protect public safety, and keep our services secure.
**To improve our website and services (Lawful basis: Legitimate interests)**
We analyse how visitors use our site so we can fix issues, improve product pages, and create a better shopping experience.
**To send you marketing communications (Lawful basis: Consent)**
If you sign up for our newsletter or opt in to marketing emails, we'll send you updates about new products, special offers, and pet care tips. We may also show you online advertisements based on items you've previously viewed or purchased. You can unsubscribe at any time using the link at the bottom of any marketing email.
**To comply with our legal obligations (Lawful basis: Legal obligation)**
We may be required to keep certain records (e.g. tax records, transaction logs) for a specified period under UK law, or to respond to valid legal requests from law enforcement or government agencies.
**4. Who We Share Your Information With**
We never sell your personal data to anyone — full stop. However, we do share certain information with trusted third parties who help us run our business:
— **Shopify** — our e-commerce platform, which hosts our store and processes orders. Shopify's privacy policy: https://www.shopify.com/legal/privacy
— **Payment providers** (such as Shopify Payments, PayPal, Klarna, Stripe) — to process your payment securely
— **Shipping and fulfilment partners** — to deliver your order and provide tracking updates
— **Email and marketing platforms** — to send order confirmations and (with your consent) marketing emails
— **Analytics providers** (such as Google Analytics, Meta Pixel) — to help us understand how visitors use our site. Google's privacy policy: https://policies.google.com/privacy
— **Customer support tools** — to manage and respond to your enquiries
— **Fraud prevention services** — to detect and prevent fraudulent activity
— **Cloud storage and IT providers** — to securely store and manage data
All of our service providers are carefully chosen and required to handle your data securely and in line with applicable data protection laws. They only access your data to the extent necessary to perform their services for us.
We may also disclose your information:
— When you direct, request, or otherwise consent to such disclosure (e.g. through your use of social media widgets or login integrations)
— With our affiliates or otherwise within our corporate group
— In connection with a business transaction, such as a merger, acquisition, or bankruptcy, in which case your personal data may be transferred to the new owners
— To comply with legal obligations, respond to valid legal process (such as subpoenas or court orders), enforce our terms of service, or protect our rights, property, or the safety of others
**5. Relationship with Shopify**
Our Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for us and for you.
In some cases, Shopify uses certain enhanced features that incorporate data from your interactions with our store, along with other Shopify merchants, to help protect, grow, and improve our business. When Shopify processes your data in this way, Shopify acts as a separate data controller and is responsible for handling your data and any rights requests directly.
To learn more about how Shopify uses your personal information and the rights you may have, please visit the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy or the Shopify Privacy Portal at https://privacy.shopify.com/en.
**6. International Data Transfers**
Because we work with international service providers and our company operates outside the UK, your personal data may be transferred to and processed in countries outside the United Kingdom — including Hong Kong, the United States, Canada, and the European Economic Area.
Whenever we transfer your data outside the UK, we make sure appropriate safeguards are in place to protect it, such as:
— Transferring data to countries the UK has determined provide adequate protection ("adequacy decisions")
— Using the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other transfer mechanisms approved by the ICO
— Working with providers who are certified under recognised privacy frameworks
You can request more information about the specific safeguards we use by contacting us.
**7. How Long We Keep Your Information**
We only keep your personal information for as long as we need it for the purposes described in this policy, or as required by law. How long we retain your data depends on factors such as whether we need it to maintain your account, provide you with Services, comply with legal obligations, resolve disputes, or enforce our policies.
Here's a general guide:
— **Order and customer account information**: Kept for 6 years after your last purchase, to comply with UK tax and accounting obligations
— **Marketing preferences and newsletter subscriptions**: Kept until you unsubscribe or ask us to delete your data
— **Customer support correspondence**: Kept for 2 years from the date of your last contact
— **Website analytics and cookie data**: Typically kept for up to 24 months
— **Fraud prevention records**: Kept for as long as necessary to investigate and prevent fraud
When we no longer need your data, we securely delete or anonymise it.
**8. Cookies and Similar Technologies**
Our website uses cookies and similar technologies to make your shopping experience smoother and to help us understand how our site is used.
**What are cookies?**
Cookies are small text files placed on your device when you visit a website. They allow the site to remember your preferences, keep you logged in, and track basic information about your visit.
**Types of cookies we use**
— **Strictly necessary cookies**: Required for the website to function (e.g. keeping items in your shopping cart, processing payments). These don't require your consent.
— **Performance and analytics cookies**: Help us understand how visitors use our site so we can improve it. These require your consent.
— **Marketing and advertising cookies**: Used to show you relevant ads on other websites and measure the effectiveness of our marketing campaigns. These require your consent.
**Managing your cookie preferences**
When you first visit our website, you'll see a cookie banner where you can accept all cookies, reject non-essential cookies, or customise your preferences. You can change your preferences at any time by clicking the "Cookie Settings" link in the footer of our website.
You can also block or delete cookies through your browser settings. For more information about cookies, visit https://www.allaboutcookies.org. Please note that disabling certain cookies may affect how our website works.
**9. Your Rights**
Under UK GDPR, you have a number of rights regarding your personal data. We're committed to making it easy for you to exercise these rights — just contact us using the email shown in our company details above.
**Your rights include:**
— **Right of access**: You can ask for a copy of the personal information we hold about you.
— **Right to rectification**: If any of your information is incorrect or incomplete, you can ask us to update or correct it.
— **Right to erasure ("right to be forgotten")**: You can ask us to delete your personal data in certain circumstances.
— **Right to restriction**: You can ask us to limit how we use your data while we look into a request.
— **Right to data portability**: You can ask us to provide your data in a portable format so you can transfer it to another service.
— **Right to object**: You can object to us processing your data for certain purposes, including direct marketing (which we'll always honour immediately).
— **Right to withdraw consent**: Where we rely on your consent, you can withdraw it at any time.
— **Rights related to automated decision-making**: We don't use your data for any automated decision-making that has a significant effect on you.
**Managing your communication preferences**
You can opt out of marketing emails at any time by using the unsubscribe link in any of our emails. If you opt out, we may still send you essential transactional emails (such as order confirmations and shipping updates).
**A few important notes about your rights**
These rights are not absolute and may only apply in certain circumstances. We will respond to any rights request within one month. There's normally no charge, although in some rare cases we may charge a reasonable fee or refuse the request if it's clearly unfounded or excessive.
We may need to verify your identity before processing your request, to make sure we're not handing over your data to someone else. You're also welcome to designate an authorised agent to make requests on your behalf — we'll just need proof that you've authorised them, and we may still need to verify your identity directly.
We will never discriminate against you for exercising any of your data protection rights.
**Right to complain to the ICO**
If you're not happy with how we've handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority:
— Website: https://ico.org.uk
— Helpline: 0303 123 1113
— Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We'd really appreciate the chance to resolve any concerns directly first, so please contact us before going to the ICO if you can.
**10. How We Protect Your Information**
We take security seriously and use a range of technical and organisational measures to protect your personal data, including:
— SSL encryption (HTTPS) on every page of our website
— Secure payment processing compliant with the Payment Card Industry Data Security Standard (PCI-DSS)
— Restricted access to personal data on a need-to-know basis
— Regular security reviews of our systems and service providers
— Secure data storage with industry-standard encryption
While we do everything we reasonably can to protect your information, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Any information you send to us may not be fully secure while in transit. We recommend that you avoid using unsecure channels to communicate sensitive or confidential information to us.
If you have an account with us, you're responsible for keeping your account credentials safe. We strongly recommend that you don't share your username, password, or other access details with anyone else. If you suspect your account or personal data has been compromised, please contact us immediately.
**11. Children's Privacy**
Our Services are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you're a parent or guardian and you believe your child has provided us with personal information, please contact us and we'll delete it promptly.
As of the effective date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.
**12. Third-Party Links**
Our website may contain links to other websites — for example, our social media pages or partner sites. This Privacy Policy only applies to our website, so if you click through to a third-party site, we'd encourage you to read their privacy policy too. We're not responsible for the privacy practices of other websites.
Information you share on public or semi-public platforms (such as social media) may be visible to other users of those platforms, and we have no control over how that information is used by them.
**13. Changes to This Privacy Policy**
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons. Whenever we make changes, we'll update the "effective date" at the top of this page. If we make significant changes, we'll let you know via email or a prominent notice on our website.
We encourage you to review this policy periodically to stay informed about how we protect your data.
**14. Contact Us**
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please get in touch using the email address shown in our company details at the top of this page. We're always happy to help, and we genuinely value your trust.