Privacy Policy

1. Information We Collect

When you make a purchase or attempt to make a purchase from our store, we collect the following types of information:

  • Personal identifiers: name, billing address, shipping address, email address, and phone number.

  • Payment information: such as credit or debit card details (processed securely by our payment providers).

  • Order information: products purchased, order value, and transaction history.

  • Technical information: your device’s IP address, browser type, operating system, and browsing behaviour on our site.

If you opt into our mailing list, we may also collect your preferences and marketing consent.

2. How We Use Your Information

We use your personal data for the following purposes:

  • To process and fulfil your orders.

  • To verify payments and prevent fraudulent activity.

  • To arrange shipment and returns.

  • To communicate with you about your order, delivery, or queries.

  • To send marketing communications (only if you have consented).

  • To improve our website, products, and services.

3. Legal Basis for Processing

Under the UK GDPR, we process your personal data only when we have a lawful basis to do so, including:

  • Contractual necessity: to perform our obligations under a purchase contract.

  • Consent: for marketing communications.

  • Legal obligation: to comply with applicable laws and regulations.

  • Legitimate interests: to improve our business and prevent fraud.

4. How We Obtain Your Consent

When you provide personal information to complete a transaction, verify your payment method, place an order, arrange delivery, or process a return, we assume your consent for that specific purpose.

If we require your personal data for any additional purpose (such as marketing), we will request your explicit consent, which you may withdraw at any time by contacting us at marthalondon.shop@gmail.com.

5. Disclosure of Your Information

We may disclose your personal data if required by law, court order, or to enforce our Terms and Conditions.

We also share your information with trusted third-party service providers, such as:

  • Payment gateways.

  • Shipping and delivery companies.

  • IT and marketing service providers.

These providers will only process your data to the extent necessary to provide their services to us and are bound by confidentiality obligations.

Some third parties may be located outside the UK. If we transfer your data internationally, we ensure adequate safeguards in line with UK GDPR requirements.

6. Shopify Hosting

Our store is hosted by Shopify Inc., which provides the e-commerce platform enabling us to sell our products.

Your data is stored on Shopify’s secure servers behind a firewall. If you choose a direct payment gateway, your payment details are encrypted in compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

You can review Shopify’s own Privacy Policy here: https://www.shopify.com/legal/privacy

7. Data Security

We take reasonable technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, alteration, or disclosure.

All payment transactions are encrypted using Secure Socket Layer (SSL) technology and stored with AES-256 encryption. While no system is 100% secure, we follow all PCI-DSS requirements and best industry practices.

8. Retention of Data

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law (for example, for tax purposes).

9. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate or incomplete data.

  • Request deletion of your personal data.

  • Restrict or object to certain processing activities.

  • Withdraw consent where processing is based on consent.

  • Request transfer of your personal data to another provider (data portability).

To exercise your rights, contact our Privacy Compliance Officer at marthalondon.shop@gmail.com.

10. Age of Consent

By using our website, you confirm that you are at least 18 years old or have the consent of a parent or guardian.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Effective Date.”

If we make significant changes, we will notify you by email or through a notice on our website.

12. Contact Information

For any questions or concerns regarding this Privacy Policy or your personal data, please contact:


📧 Support: info@nancylondon.com
📅 Hours:
Mon–Fri: 9:00 am – 6:00 pm
Sat: 9:00 am – 4:00 pm
Sun: 9:00 am – 2:00 pm