Privacy Policy — Haven Garden Furniture
Last updated: MAY 2026
Who we are
This privacy policy applies to **Haven Garden Furniture** ("Haven", "we", "us", "our"). We're a UK-registered company that sells outdoor furniture online and from our showroom.
- Trading name: Haven Garden Furniture
- Company number: [TO CONFIRM — Companies House number]
- Email: hello@havengardenfurniture.co.uk
- Phone:** [TO CONFIRM — main customer service number]
For the purposes of UK GDPR and the Data Protection Act 2018, Haven Garden Furniture is the **data controller** of your personal information.
What this policy covers
This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have over it. It applies to data we collect when you:
- Visit our website at havengardenfurniture.co.uk
- Place an order with us
- Sign up for our newsletter
- Contact us by phone, email, or contact form
What we collect and why
When you place an order
To process and deliver your order, we need:
- Identity data: name, billing address, delivery address
- Contact data: email, phone number
- Transaction data: items ordered, order value, delivery preferences
- Payment data: handled directly by Shopify Payments and our payment processors (we don't see or store your full card details — only the last four digits and card type for reference)
- Marketing preferences: whether you've opted in to email updates
Legal basis: performance of a contract (we need this data to fulfil your order) and our legitimate interest in running the business properly.
When you create an account
If you create a customer account, we additionally store:
- Login email and an encrypted password
- Order history
- Saved delivery addresses
- Wishlist items (if you use that feature)
Legal basis: performance of a contract (you've asked us to maintain an account for you).
When you sign up for marketing
For newsletter subscribers we store your email and the date you opted in. We don't add anyone to our marketing list without explicit consent.
Legal basis: consent — you can withdraw it at any time using the unsubscribe link in any email or by emailing hello@havengardenfurniture.co.uk.
When you browse the site
Like nearly all e-commerce sites we collect some data automatically:
- IP address, browser type, device type, operating system
- Pages viewed, time spent, items added to cart
- How you reached us (search engine, ad, social media, direct)
- Cookies (see the Cookies section below)
Legal basis: legitimate interest in improving the site and detecting fraud, and consent for non-essential cookies.
When you contact us
If you call, email, or use the contact form, we keep a record of the conversation and any details you've shared so we can help you.
Who we share your data with
We share your data only with parties who help us run the business. We never sell your data.
Order fulfilment and payment
- **Shopify Inc.** — our e-commerce platform; hosts the site and processes orders. Shopify is GDPR-compliant and acts as a data processor. [Shopify's privacy practices](https://www.shopify.com/legal/privacy).
- **Payment processors** — currently Shopify Payments, [TO CONFIRM — and any others, e.g. PayPal, Klarna, Apple Pay]. They process payment data directly under their own privacy policies.
- **Delivery partners** — your name, address, and phone number are passed to whichever courier or freight company is delivering your order. **[TO CONFIRM — who are your delivery partners? e.g. Tuffnells, Panther, your own fleet]**.
- **Finance providers** — if you use 0% finance, your data is shared with the finance provider (currently **[TO CONFIRM — Klarna, Novuna, etc.]**) so they can run their credit check.
Marketing and analytics
- Google Analytics — anonymised website analytics (only if you accept analytics cookies)
- Meta (Facebook/Instagram)** — for ad measurement (only if you accept advertising cookies)
- Trustpilot, Reviews.io, Yotpo, etc.]** — to collect reviews after delivery, if you opted in
Legal and security
We may share data with:
- HMRC and other UK government bodies as required by law
- Our solicitors, accountants, or auditors when we genuinely need their help
- The police or fraud-prevention agencies where there's a credible suspicion of fraud or other crime
Where your data is stored
Most of our processors are based in the UK, EU, or USA. Where data is transferred outside the UK or EU, we rely on standard contractual clauses or UK adequacy decisions to make sure your data has equivalent protection. Shopify is headquartered in Canada (which has UK adequacy) with hosting in the EU and USA.
How long we keep it
- **Order records**: 7 years (HMRC tax rules require this)
- **Customer accounts**: until you delete them or until 5 years of inactivity, then we anonymise them
- **Marketing list**: until you unsubscribe
- **Contact form / email enquiries**: 2 years from last contact, then deleted
- **Server logs and analytics**: 26 months
Cookies
Cookies are small text files that sit on your device. We use:
- **Strictly necessary cookies** — for the site to work (e.g. remembering what's in your cart). These don't need consent.
- **Functional cookies** — to remember your preferences. Set with consent.
- **Analytics cookies** — to understand how visitors use the site (Google Analytics). Set with consent.
- **Marketing cookies** — to show you relevant ads on Facebook, Instagram, and Google after you've visited. Set with consent.
You can change your cookie preferences anytime via the cookie banner / cookie settings link in the footer]**.
Your rights
Under UK GDPR you have the right to:
- **Access** the personal data we hold about you
- **Correct** anything that's wrong
- **Delete** your data ("right to be forgotten") — subject to our legal duty to keep order records for 7 years
- **Object** to processing based on legitimate interests
- **Withdraw consent** at any time for anything we do based on consent
- **Receive your data in a portable format** so you can move it elsewhere
- **Restrict** how we use your data while a query is being resolved
- **Lodge a complaint** with the Information Commissioner's Office (ICO) — though we'd appreciate the chance to fix things first
To exercise any of these rights, email **hello@havengardenfurniture.co.uk** with "Privacy request" in the subject line. We aim to respond within 5 working days and are required to respond within 30 days.
Marketing communications
If you've opted in to our marketing emails, we'll send you product news, offers, and seasonal updates. Every email has a one-click unsubscribe link. Unsubscribing from marketing doesn't stop transactional emails about orders you've placed — those are essential to fulfilling your purchase.
Children
Our website is not intended for children under 16, and we don't knowingly collect data from anyone under 16. If you're a parent and believe we've collected data about your child, email us and we'll delete it.
Security
We use industry-standard security: TLS encryption on every page, encrypted password storage, restricted internal access to customer data, and Shopify's PCI-DSS-compliant payment processing. No system is 100% secure, but we take it seriously.
Changes to this policy
We may update this policy from time to time. The "last updated" date at the top will change when we do. If we make a significant change, we'll email customers on our marketing list and post a notice on the site.
Contact and complaints
For any privacy question, complaint, or rights request, email **hello@havengardenfurniture.co.uk** or write to:
> Haven Garden Furniture — Data Protection
If you're not satisfied with our response, you have the right to complain to the Information Commissioner's Office at **ico.org.uk** or 0303 123 1113.
---