Privacy Policy

1. Information We Collect

We collect different types of information depending on how you interact with us:

Information you provide directly

• When you place an order: your name, email address, delivery address, billing address, and phone number (if provided)
• When you contact us: your name, email address, and the content of your message

Information collected automatically

• Analytics data (with your consent): We use Google Analytics 4 to understand how visitors use our website. This includes pages visited, time spent on pages, and general location data (country/city level). This data is anonymised and cannot be used to identify you personally.
• Essential site data: Your cookie consent preference is stored locally in your browser so we can remember your choice.

Information we do not collect

We do not store your payment card details. All payments are processed securely by our payment provider, SumUp. We never have access to your full card number or CVV.

2. How We Use Your Information

We only use your personal data for the following purposes:

• Fulfilling your order – processing payment, dispatching products, and sending order confirmation and tracking information
• Responding to enquiries – replying to messages sent via our contact form or email
• Improving our website – using anonymised analytics data (with your consent) to understand how our site is used and make improvements
• Legal compliance – keeping records as required by tax and accounting regulations

3. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases to process your personal data:

• Contract performance: Processing your order details is necessary to fulfil our contract with you (i.e., delivering the products you have purchased)
• Legitimate interest: Responding to customer enquiries and maintaining business records
• Consent: Analytics cookies are only placed on your device if you click “Accept All” on our cookie banner. You can withdraw consent at any time by clicking “Manage Cookies” in the footer of our website
• Legal obligation: Retaining order records for tax and accounting purposes as required by HMRC

4. Cookies

Cookies are small text files stored on your device when you visit a website. We keep our use of cookies to a minimum.

Essential storage (always active)

Analytics cookies (consent required)

These cookies are only set if you click “Accept All” on our cookie banner. They help us understand how visitors interact with our website.

You can change your cookie preferences at any time by clicking “Manage Cookies” in the footer of our website, or by clearing cookies in your browser settings.

5. Third-Party Services

We share your data only with the following trusted third parties, and only to the extent necessary to fulfil our services:

• SumUp – processes your card payments securely. SumUp is PCI DSS compliant. We never see or store your full card details.
• Royal Mail – delivers your orders. We share your name and delivery address to fulfil shipping.
• Google Analytics – provides anonymised website usage statistics (only with your consent). Google may process data outside the UK; see Google's Privacy Policy.

We do not sell, rent, or trade your personal data to any other third parties.

6. Data Retention

We keep your personal data only for as long as necessary:

• Order data: Retained for 6 years after the date of purchase, as required by HMRC for tax and accounting records
• Contact form enquiries: Retained for up to 12 months after the enquiry is resolved, then deleted
• Analytics data: Google Analytics data is retained for 14 months (the default GA4 retention period), after which it is automatically deleted

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access – request a copy of the personal data we hold about you
• Right to rectification – ask us to correct any inaccurate or incomplete data
• Right to erasure – ask us to delete your personal data (subject to legal retention requirements)
• Right to restrict processing – ask us to limit how we use your data
• Right to data portability – request your data in a structured, commonly used format
• Right to object – object to processing based on legitimate interest
• Right to withdraw consent – withdraw your cookie consent at any time via the “Manage Cookies” link in our footer

To exercise any of these rights, please email us at hello@runicflame.co.uk. We will respond within one month of receiving your request.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption on all pages of our website
• Secure payment processing through PCI DSS-compliant providers
• Restricted access to personal data on a need-to-know basis

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. We cannot guarantee the absolute security of your data.

9. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

11. Contact Us & Complaints

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: hello@runicflame.co.uk
• Location: Deerness, Orkney, Scotland, KW17 2QH

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113