Privacy policy

Privacy Policy
Last updated: 05/08/2025

At The Flat Fan, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and store your personal data when you visit our website (www.theflatfan.co.uk), make a purchase, or interact with us.

We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The Box Fan Ltd t/a The Flat Fan
Email: info@theflatfan.co.uk
Data Controller: The Flat Fan

2. What Personal Data We Collect

We may collect the following types of personal data when you use our site:

  • Identity Data: Name, title

  • Contact Data: Billing address, delivery address, email address, phone number

  • Transaction Data: Details of products you have purchased, payment method, order history

  • Technical Data: IP address, browser type, device type, time zone, operating system

  • Usage Data: How you use our website (pages visited, time spent, etc.)

  • Marketing Preferences: Your preferences in receiving marketing from us

We do not collect or store full payment card details—these are processed securely via our third-party payment processors (e.g., Shopify Payments, PayPal).

3. How We Collect Your Data

We collect personal data in the following ways:

  • When you make a purchase

  • When you contact us via email or the contact form

  • When you sign up for our newsletter

  • When you browse our website (via cookies and analytics tools)

4. How We Use Your Personal Data

We use your data to:

  • Process and deliver your order

  • Communicate with you about your order or customer service issues

  • Manage your account

  • Send you marketing communications (if you’ve opted in)

  • Improve our website and user experience

We only process your data when we have a lawful basis to do so, including:

  • Performance of a contract (e.g., fulfilling your order)

  • Legal obligation (e.g., tax recordkeeping)

  • Consent (e.g., for email marketing)

  • Legitimate interests (e.g., improving our services)

5. Sharing Your Data

We may share your personal data with:

  • Service providers (e.g., Shopify, payment processors, delivery companies)

  • Professional advisors (e.g., accountants, legal counsel)

  • Authorities where legally required (e.g., HMRC or fraud prevention bodies)

We never sell or rent your data to third parties.

6. International Transfers

Shopify and some of our service providers may process your data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or UK adequacy decisions.

7. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including to meet legal or tax obligations.

For example:

  • Order records: up to 6 years (for tax compliance)

  • Marketing data: until you unsubscribe or request deletion

8. Your Rights Under UK GDPR

You have the following rights:

  • Right to access – request a copy of your personal data

  • Right to rectification – correct inaccurate or incomplete data

  • Right to erasure – request deletion of your data (in certain cases)

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing (e.g. for direct marketing)

  • Right to withdraw consent – at any time where processing is based on consent

To exercise any of these rights, contact us at: [Insert Email]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/

9. Marketing Communications

If you opt in to our newsletter, we may send you updates, special offers, and news. You can unsubscribe at any time by clicking the “unsubscribe” link in any email or by contacting us directly.

10. Cookies

We use cookies and similar tracking technologies to improve your browsing experience and analyse site traffic. You can manage cookie preferences via your browser settings or our cookie banner.

11. Data Security

We use industry-standard security measures (via Shopify and our partners) to protect your data from unauthorised access, alteration, disclosure, or destruction.

However, no system is ever 100% secure. If we become aware of a data breach, we will notify you and the relevant regulator as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be posted on this page with the “Effective date” at the top. Continued use of our site after updates indicates your acceptance.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
Email: info@theflatfan.co.uk