0 items £0.00 0
Become a member

GDPR Policy

HomeGDPR Policy

GDPR Privacy Policy for MedievalArts & Crafts Ltd

Last Updated: [29 September 2025]

This Privacy Policy explains how MedievalArts & Crafts Ltd (“we”, “us”, “our”, “MedievalANC”) collects, uses, stores, and protects your personal data when you visit our website, make purchases, or otherwise interact with us.

We are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable laws.

1. Data Controller

The data controller responsible for your personal data is:

MedievalArts & Crafts Ltd
Flat 143 Foundry Court
Mill Street
Slough SL2 5FZ
United Kingdom
Email: info@medievalanc.com

2. What Personal Data We Collect

We may collect the following categories of personal data:

  • Identity Data: Name, username, date of birth (if applicable).
  • Contact Data: Email address, billing/shipping address, phone number.
  • Transaction Data: Payment details (processed securely by third-party providers), order history.
  • Technical Data: IP address, browser type, operating system, device identifiers, cookies.
  • Usage Data: How you interact with our website, pages visited, time spent, clickstream.
  • Marketing & Communications Data: Your preferences for receiving marketing emails or newsletters.

We do not collect special categories of personal data (e.g. health data, religious beliefs, biometric data) unless required by law.

3. How We Collect Your Data

We collect data in the following ways:

  • Directly from you (e.g. when you register, purchase, or contact us).
  • Automatically through cookies and similar technologies when you use our website.
  • From third parties (e.g. analytics providers, advertising partners, payment processors).

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual necessity – to process and deliver your orders.
  • Legal obligation – to comply with tax, accounting, or regulatory requirements.
  • Legitimate interests – to improve our services, prevent fraud, and ensure site security.
  • Consent – for marketing communications, cookies, and newsletters.

5. How We Use Your Personal Data

We use your personal data to:

  • Process payments and deliver products.
  • Manage your account and provide customer support.
  • Send order confirmations, shipping updates, or refunds.
  • Send marketing (if you have consented).
  • Improve our website, products, and services.
  • Comply with legal and regulatory obligations.
  • Detect and prevent fraud or misuse.

6. Sharing of Data

We may share your data with:

  • Service providers (payment processors, shipping carriers, IT/hosting providers).
  • Analytics and advertising partners (Google Analytics, Meta Ads, etc.).
  • Professional advisers (lawyers, accountants, auditors).
  • Authorities or regulators (where required by law).
  • Business transfers (in case of a merger, acquisition, or sale).

We require all third parties to respect your data privacy and security.

7. International Data Transfers

If we transfer personal data outside the UK/EEA, we ensure it is protected by:

  • Adequacy decisions (countries deemed to have adequate protection by the EU/UK).
  • Standard Contractual Clauses (SCCs) approved by the EU/UK.
  • Other appropriate safeguards as required by GDPR.

8. Data Retention

We retain your personal data only as long as necessary:

  • Orders and transactions: up to 6 years (for tax/legal purposes).
  • Marketing data: until you withdraw consent or unsubscribe.
  • Technical data: as per cookie policy, typically 12–24 months.

After retention periods expire, we delete or anonymize your data.

9. Your GDPR Rights

Under GDPR, you have the following rights:

  1. Right of Access – request a copy of your personal data.
  2. Right to Rectification – request correction of inaccurate data.
  3. Right to Erasure – request deletion of your data (“right to be forgotten”).
  4. Right to Restriction – request limited use of your data.
  5. Right to Data Portability – receive your data in a machine-readable format.
  6. Right to Object – object to processing for marketing or legitimate interests.
  7. Right to Withdraw Consent – withdraw consent at any time (e.g. marketing emails).

To exercise these rights, email us at info@medievalanc.com.

You also have the right to lodge a complaint with your local Data Protection Authority (DPA).

10. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Essential website functionality
  • Analytics and performance
  • Marketing and personalization

For details, please see our Cookie Policy. You can manage cookie preferences via your browser or our site’s cookie banner.

11. Security

We implement technical and organizational measures to protect personal data, including encryption, secure servers, firewalls, and limited access. However, no system is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any updates will be posted on this page with a new “Last Updated” date. Significant changes may be communicated via email or site notice.

13. Contact Us

For questions or to exercise your rights, contact us at:

Email: info@medievalanc.com
Address: MedievalArts & Crafts Ltd, Flat 143 Foundry Court, Mill Street, Slough SL2 5FZ, United Kingdom