Elder & Thorn

Policies

Privacy Policy

Last updated: 22 April 2026

1. Who We Are

This Privacy Policy explains how Elder & Thorn Limited collects, uses, and protects personal data when you visit our website, place an order, contact us, or otherwise interact with us.

Data controller: Elder & Thorn Limited
Email: Click Here to send us an email
Registered office: 29 New Road, SG3 6LA, GB
Company number: 16448231

2. Personal Data We Collect

Depending on how you use the site, we may collect:

  • your name;
  • billing and delivery addresses;
  • email address and telephone number;
  • order details and purchase history;
  • payment-related information processed by our payment providers;
  • account or login information where accounts are offered;
  • communications you send to us; and
  • technical data such as IP address, browser type, device information, and site usage data where applicable.

3. How We Collect Data

We collect personal data when you:

  • place an order;
  • create or use an account;
  • subscribe to emails or waitlists, if available;
  • contact us by email, form, or otherwise;
  • browse the website; or
  • interact with checkout, account, or security features.

4. How We Use Your Data

We may use your personal data to:

  • process and deliver orders;
  • take payment and manage refunds;
  • communicate with you about your order or account;
  • provide customer support;
  • maintain website functionality, security, and fraud prevention;
  • comply with legal and accounting obligations; and
  • send marketing communications where permitted by law or where you have consented.

5. Lawful Bases

We rely on one or more of the following lawful bases under UK data protection law:

  • Contract: where processing is necessary to fulfil your order or provide requested services;
  • Legal obligation: where we must keep records or comply with legal duties;
  • Legitimate interests: for running and improving our business, securing the website, preventing fraud, and handling customer service, provided your rights do not override those interests; and
  • Consent: where required, such as certain marketing or non-essential cookie activities.

6. Payments

Payments are processed by third-party payment providers. We do not store full card details on our own servers. Payment providers process your data in accordance with their own privacy information and security procedures.

Providers we currently use to process payments: Stripe

7. Service Providers and Sharing

We may share personal data with trusted third parties where necessary, including:

  • payment processors;
  • delivery and fulfilment providers;
  • hosting, security, and website infrastructure providers;
  • email and customer support providers; and
  • professional advisers, regulators, courts, or authorities where required.

8. International Transfers

Some service providers may process data outside the UK. Where that happens, we take steps intended to ensure an appropriate level of protection, such as relying on adequacy regulations or approved transfer mechanisms where required.

9. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to satisfy legal, tax, accounting, reporting, and dispute-resolution obligations.

Example:

  • customer order records: up to 6 years after the end of the relevant financial year;
  • customer service emails: up to 24 months unless longer retention is needed;
  • account data: until the account is deleted or becomes inactive for a defined period. If a user deletes their account, order history and other data may be stored for reasons stated above, however a full purge of personal information which can be removed is achievable upon request.

10. Your Rights

Depending on the circumstances, you may have rights to:

  • be informed about how your data is used;
  • access your personal data;
  • request correction of inaccurate data;
  • request erasure of your data;
  • restrict processing;
  • object to processing;
  • request data portability; and
  • withdraw consent where processing depends on consent.

To exercise these rights, contact ususing our contact form.

11. Complaints

If you have concerns about how we handle personal data, contact us first so we can try to resolve the issue. You also have the right to complain to the Information Commissioner's Office (ICO).

12. Cookies and Similar Technologies

We use strictly necessary cookies or similar technologies where required for core website functions such as security, checkout, login, session management, and remembering items in your basket.

We may also use optional analytics and, where enabled, marketing technologies to measure traffic, understand how visitors use the website, improve performance, and support advertising or attribution activities.

Optional analytics and marketing technologies are disabled by default and are used only where you actively consent through our cookie preferences tool.

You can change your preferences at any time through our cookie settings control or by visiting our Cookie Policy.

13. Marketing

We may send marketing emails only where permitted by law. You can opt out at any time by using the unsubscribe link in an email or by contacting us directly.

14. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. However, no internet transmission or storage system is completely secure.

15. Third-Party Links

This website may contain links to third-party websites. We are not responsible for their privacy practices, content, or security.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with the updated date shown above.

17. Contact

Questions about this Privacy Policy should be sent by using our contact form.