1. Who We Are
Pink Cloud Sweets (“we”, “us”, “our”) operates the website www.pinkcloudsweets.co.uk. We are committed to protecting your personal data and handling it responsibly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For questions about this policy, contact us at: hello@pinkcloudsweets.co.uk
2. What Data We Collect
When you place an order
- Full name
- Billing and delivery address
- Email address
- Phone number
- Payment details (processed securely via our payment provider — we do not store card details)
- Order contents and special requests
When you sign up to our newsletter
- Email address
- First name (optional)
When you browse our website
- IP address and browser type (via cookies)
- Pages visited and time spent on site
- Referring website or search term
3. How We Use Your Data
- To process and fulfil your orders
- To send order confirmation and delivery updates
- To respond to customer enquiries
- To send marketing emails (only if you have opted in)
- To improve our website and customer experience
- To comply with legal obligations
4. Legal Basis for Processing
- Contract: to fulfil orders you have placed with us
- Legitimate interests: to improve our services and prevent fraud
- Consent: to send marketing emails (you may withdraw consent at any time)
- Legal obligation: to comply with tax, accounting, and regulatory requirements
5. Who We Share Your Data With
We do not sell your personal data. We may share it with:
- Delivery providers (e.g. Royal Mail) to fulfil your order
- Payment processors to handle transactions securely
- Email marketing platforms (e.g. MailerLite) for newsletter delivery
- Analytics providers (e.g. Google Analytics) to understand site usage
- Legal authorities where required by law
6. How Long We Keep Your Data
- Order records: 7 years (UK tax law requirement)
- Marketing data: until you unsubscribe
- Browsing data (cookies): see our Cookie Policy
- Customer enquiries: 2 years after resolution
7. Your Rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to processing for marketing purposes
- Withdraw consent at any time
- Lodge a complaint with the ICO (ico.org.uk)
To exercise any of these rights, email us at hello@pinkcloudsweets.co.uk.
8. Data Security
We use industry-standard security measures to protect your data. Payment data is processed via PCI-DSS compliant providers. We do not store card details on our servers.