Privacy Policy

Who we are

Our website address is: http://glittergravy.co.uk.

What personal data we collect and why we collect it

Information Collected Automatically

We (Glitter Gravy) store some information automatically as you browse our site, such as the IP address of the device you are visiting with. This is for the purpose of security and gaining information on the way you use the website for market research etc.

Full details of the information collected automatically is for Google Analytics to track anonymised user data.

How We Use This Information

The information you provide to us is used so that we can offer you, the customer, the best experience possible.

We are committed to being transparent when it comes to data and your privacy, if you require any further clarification on any of the information below then please contact us via the methods set out on our Contact us area.

We use data that you provide us for the following reasons:

Website Tracking – Anonymised information is collected when you use the website to help provide users with more relevant content on site. For registered users we also store this anonymised behaviour data against their profile, things like what categories or products you have visited. For users that don’t wish to for this to happen we use cookies for Google Analytics to track anonymised user data, for registered users you can opt out of profile enrichment.

Processing your order – We use the information you provide to process your order. For example, we need to supply address details to our suppliers and couriers in order for them to dispatch your purchase.

Analysis We use anonymised data about how you use the website in order to monitor traffic and website performance. We use tools like Google Analytic to do this.

More information about this is found in our cookie policy. For more information on how you can opt-out of sending information to Google Analytics, see Google’s support document here.

Protecting our website – We use data to prevent fraudulent transactions against you, our website, and our other users.

Who we share this information with

In order to fulfil our contractual obligation to you as a customer who has placed an order with us, it may be necessary for us to share information with other third-party data processors. An example of those third parties can be found below.

As a customer, you can request to see a comprehensive list of data that we share with other data processors.

  • Dispatch/Fulfilment – Our warehouse partner and drop-ship suppliers get basic information, like your name and address, so they know where to send your order.
  • Couriers – Our courier partners will receive address information in order to get your order to you. If you supply it, they may also get your mobile phone number to send you SMS updates regarding your delivery time estimate.
  • Payment Providers – These companies process the actual payment on our behalf when you pay by credit or debit card, they process the payment and they’ll use some information you provide to verify your identity and prevent fraud.
  • Technical Software Providers – These companies will get some anonymised data that help them to provide services to us that allow us to host the website and keep it secure.

As a customer, you can request to see a comprehensive list of data that we share with other data processors.

Saved card details and payment information

Glitter Gravy do not store card details directly. Instead, any card details you provide are stored securely by Paypal. Glitter Gravy store a reference/token to your securely held card details so that the information is retrievable by you – the customer – for repeat purchases. The information is stored in such a way that means we have no access at all to be able to read it.

Data Retention

We retain information provided indefinitely as we use it to provide individuals access to information about their order history and to enable communications with our customer service teams etc.

We also retain customer records in accordance with FCA and PCI policy – as governed by law and in interest of preventing crime and fraud.

In compliance with GDPR, we respect the individual’s right to access, rectification and erasure of personal data. For more information on how to access, edit or erase information we hold please see the relevant points below.

Your Rights

In compliance with GDPR and as part of our privacy policy, we inform you as an individual that you have the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right not to be subject to automated decision-making including profiling

Lawful Basis For Processing Personal Data

We have a lawful basis for processing personal data, that you provide at the time of placing an order, in order to fulfil our contractual obligations to you. For example, without using the delivery details that you provide to us at time of purchase, we wouldn’t be able to delivery your order to you.

By placing an order and disclosing this information with us at the time of purchase, you consent to the collection, storage and processing of that information in the manner as set out in this policy.

This lawful basis for processing personal data is in compliance with the new GDPR as stated in Article 6(1)(b):

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Full information on lawful basis for processing personal data can be found on the Information Commissioner’s Office website

Right of Access: Data Access Requests

In compliance with GDPR, individuals have the right to access your personal data. Individuals have the right to obtain

  • Confirmation that their data is being processed;
  • Access to your personal data; and
  • Other supplementary information

What Does This Mean?

The purpose of right access under GDPR is to clarify the reasons to allow individuals to access their personal data. Individuals should be aware of, and can verify the lawfulness of the processing (details of which can be found above).

You can request to see a copy of the data that we hold.

We have the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if the request is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information. The fee will be based on the administrative costs of providing the information.
we must provide this information without delay and within one month of the receipt of the request. This period can be extended by a further two months where requests are numerous or complex. If this is the case then we must inform the individual within one month of the receipt of the request and explain why the extension is necessary.

What If The Request Is Manifestly Unfounded Or Excessive?

Where requests are manifestly unfounded or excessive, in particular because they are repetitive, We can: charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond.

Where we refuse to respond to a request, we must first explain to the individual why we have made this decision and inform them of their right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

Changes To Privacy Policy

Any changes to this privacy policy will be made on this page. Where possible and appropriate, we will notify you of any significant changes by email.

Contact Details

If you require any further assistance with regards to matters of privacy, then please do not hesitate to contact our customer services team.
Registered Office:
LGE Ventures Ltd
Floor 1, Room 6
Barracks House
Hillsborough
Sheffield
S6 2LR

© 2021 Glitter Gravy