Privacy Policy & Data Protection

Seadrift Press complies with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018. This policy outlines how we collect, store, and use your personal data to process payments and fulfill orders, in compliance with the UK General Data Protection Regulation (GDPR).

1. Data Collection

  • We collect the following data to process orders and deliver products:

  • Personal identifiers: Name, email address, billing/shipping address, and phone number.

  • Payment information: Credit/debit card details (processed securely via third-party gateway Stripe) and transaction history.

  • Order details: Product selection, purchase history, and delivery preferences.

  • Legal basis:

  • Contractual necessity: Data required to fulfill your order (e.g., address for delivery, payment details for transactions).

  • Consent: For marketing communications (e.g., newsletters), obtained via explicit opt-in checkboxes during checkout.

2. Data Storage

  • Security measures:

  • Payment data is encrypted and stored securely by PCI-DSS-compliant third-party processors (PayPal and Stripe). We do not retain full card details.

  • Personal identifiers are stored on password-protected servers with SSL encryption.

  • Retention period:

  • Order data is retained for 6 years to comply with tax/legal obligations.

  • Marketing data is retained until consent is withdrawn.

3. Data Use

  • Your data is used to:

  • Process payments and prevent fraud.

  • Ship orders and provide tracking updates.

  • Respond to customer service inquiries.

  • Send order confirmations and delivery notifications.

  • We never sell your data. It is shared only with:

  • Payment processors (PayPal and Stripe) to complete transactions.

  • Delivery partners (Royal Mail, FedEx) to fulfill orders.

4. Your Rights

  • Under UK GDPR, you have the right to:

  • Access: Request a copy of your stored data.

  • Rectification: Correct inaccurate data.

  • Erasure: Request deletion of non-essential data (e.g., marketing profiles).

  • Portability: Receive your data in a machine-readable format.

  • Withdraw consent: Unsubscribe from marketing emails via links in every message.

  • To exercise these rights, contact us at [email protected].

5. Security & Compliance

  • Regular security audits and staff training to protect against unauthorized access.

  • Data transfers outside the UK/EU comply with GDPR adequacy requirements.

6. Policy Updates

  • Changes will be posted on this page.

  • Last updated: 22 March 2025.

7. Contact Us