Last updated: October 12 2024

 Bodiam Foundry (“Bodiam Foundry”, “we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit or make a purchase from bodiamfoundry.com (the “Site”), or otherwise interact with us.

I. Who we are

For the purposes of applicable data protection laws (including the UK/EU GDPR), Bodiam Foundry is the “controller” of your personal information.

Our store is hosted on Shopify Inc. Shopify provides the e-commerce platform that allows us to sell products to you.

II. What personal information we collect

We collect personal information from you in a few ways: when you provide it to us, when you use the Site, and from third parties that help us run our business.

A) Information you provide to us

When you purchase, attempt to purchase, create an account, sign up for updates, contact us, or otherwise interact with us, we may collect:

• Identifiers & contact details: name, email address, phone number
• Order details: billing address, shipping address, items purchased, order notes, returns/exchanges information
• Account information: password (stored/handled by Shopify), saved addresses, order history (if you create an account)
• Communications: messages you send us (email, contact forms), and our replies

B) Payment information

Payments are processed by third-party payment processors (such as Stripe and/or Shopify Payments, depending on your checkout method). We do not store full payment card details on our servers. Payment processors receive and process your payment information in accordance with their own privacy policies.

C) Automatically collected information (device & usage)

When you visit the Site, we automatically collect certain information about your device and your interaction with the Site, including:

• IP address, device identifiers
• Browser type, time zone, cookie information
• Pages viewed, products viewed, referring/exit pages, clickstream and interaction data

D) Information from third parties

We may receive information from service providers supporting our store operations (e.g., Shopify), payment processors, analytics providers, advertising partners, and shipping carriers—typically to help us fulfil orders, prevent fraud, and improve our website.

III. How we use your personal information

We use personal information to:

A) Provide and operate the store

• Process orders, payments, shipping, returns, and exchanges
• Provide customer support and respond to inquiries
• Manage accounts (if you create one)

B) Improve and protect our business

• Monitor and improve Site performance and customer experience
• Detect and prevent fraud, abuse, or security incidents
• Maintain records for accounting, tax, and compliance purposes

C) Marketing and communications (where allowed)

• Send transactional communications (e.g., order confirmations, shipping updates)
• Send marketing emails (where you’ve opted in, or where permitted by law)
• Measure the effectiveness of our marketing

You can opt out of marketing emails at any time by using the “unsubscribe” link in our emails or by contacting us.

IV. Legal bases for processing (EEA/UK users)

If you are in the EEA or UK, we rely on the following legal bases under the GDPR/UK GDPR to process your personal information:

• Performance of a contract: to process your order and provide products/services you request
• Legitimate interests: to operate, improve, and secure our business (e.g., analytics, fraud prevention, customer service), where these interests are not overridden by your rights
• Consent: where required (e.g., certain cookies/marketing)
• Legal obligation: to comply with laws (tax, accounting, consumer protection)

V. Cookies and similar technologies

We use cookies and similar technologies (e.g., pixels, tags) to operate the Site, understand how it’s used, and support marketing.

Essential cookies

These are necessary for the Site to function (e.g., cart, checkout, security).

Analytics cookies

We use Google Analytics to help us understand how visitors use the Site. Google Analytics may use cookies and collect information like your IP address and browsing behaviour.

• Learn about how Google uses data: https://policies.google.com/privacy
• Opt out (Google Analytics browser add-on): https://tools.google.com/dlpage/gaoptout

Managing cookies

You can manage cookies via your browser settings and (where available) via our cookie banner/preferences tool. If you disable cookies, parts of the Site may not function properly.

Do Not Track

Some browsers offer a “Do Not Track” signal. Because there is no consistent industry standard for responding to these signals, we do not currently respond to “Do Not Track”.

VI. Sharing your personal information

We share personal information with trusted third parties only as needed to run our business, provide services to you, and comply with the law.

A) Shopify

Our store is hosted on Shopify. Your information may be stored and processed through Shopify’s platform to provide checkout, order management, fraud prevention, and store functionality.

Shopify privacy policy: https://www.shopify.com/legal/privacy

B) Payment processors (e.g., Stripe)

Payments are handled by payment processors such as Stripe (and/or Shopify Payments). These providers process your payment information to complete transactions and prevent fraud.

Stripe privacy policy: https://stripe.com/privacy

C) Analytics providers

We use services such as Google Analytics to understand website traffic and performance.

D) Shipping, fulfilment, and customer service providers

We share information necessary to deliver your order (e.g., name, address, phone/email for delivery updates) with shipping carriers and fulfilment partners.

E) Legal and compliance

We may disclose personal information if required to do so by law or in response to valid legal requests, or to protect our rights, customers, and the integrity of our business.

VII. Data retention

We keep personal information only as long as necessary to:

·       fulfil the purposes described in this policy,

·       maintain business records,

·       comply with legal obligations (e.g., tax/accounting),

·       resolve disputes and enforce agreements.

When you place an order, we will retain order information for our records unless and until you ask us to delete it (subject to legal requirements).

VIII. International transfers

We may transfer, store, and process your personal information outside your country, including in the United States and Canada, where some of our service providers (such as Shopify, Google, and Stripe) operate.

Where required, we use appropriate safeguards for international transfers (such as contractual protections) to help ensure your personal information remains protected.

IX. Your rights and choices

A) EEA/UK (GDPR/UK GDPR)

If you are in the EEA or UK, you have rights to:

• access your personal information,
• correct inaccurate information,
• request deletion,
• request restriction of processing,
• object to processing,
• request data portability,
• withdraw consent (where processing is based on consent).

You also have the right to lodge a complaint with your local data protection authority (in the UK, the ICO).

B) United States – California (CCPA/CPRA)

If you are a California resident, you may have the right to:

• know what personal information we collect, use, disclose, and share,
• request deletion of certain personal information,
• correct inaccurate personal information,
• opt out of the sale or sharing of personal information (if applicable),
• not be discriminated against for exercising your rights.

Sale/Sharing: Bodiam Foundry does not sell your personal information.

(If you later run targeted ads that qualify as “sharing” under CPRA, we should add a “Do Not Sell or Share” mechanism and update this statement.)

How to exercise your rights

To make a request, email bodiamfoundry@gmail.com with the subject line “Privacy Request”. We may need to verify your identity before processing your request.

You can also manage some information through your Shopify customer account (if you have one), such as updating your shipping address.

X. Children’s privacy

Our Site is not intended for children, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK where applicable). If you believe a child has provided us personal information, contact us and we will take steps to delete it.

XI. Security

We use reasonable administrative, technical, and physical safeguards designed to protect your personal information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

XII. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated version on the Site and update the “Last updated” date above.