Lash Patisserie

Legal

Privacy Policy

Last updated · June 2026

Data controller

Lash Patisserie Ltd is the data controller for personal data processed through this site. Our trader identity and contact details are on the Contact page.

This policy explains how we comply with the UK GDPR, the UK Data Protection Act 2018, and the EU General Data Protection Regulation (Regulation (EU) 2016/679) for visitors in the European Economic Area.

What we collect

  • Order & contact details — name, email, shipping address, phone number when you order through this site or via TikTok Shop.
  • Payment information — handled directly by our payment processors (Shopify Payments, TikTok Shop). We never see or store full card details.
  • Account & marketing data — email address and consent record if you sign up to our newsletter.
  • Cookie & consent data — your cookie choice and a timestamped consent log (with a hashed IP address, never your raw IP).
  • Communications — emails and messages you send us.
  • Technical data — basic, aggregated usage data (pages visited, device type) only after you accept analytics cookies.

Lawful bases

  • Contract — to process and deliver your orders, handle returns and respond to support requests.
  • Consent — for marketing emails, non-essential cookies and any optional communications. You can withdraw consent at any time.
  • Legitimate interests — to run, secure and improve our site, prevent fraud, and keep records of consent. We balance this against your rights.
  • Legal obligation — to keep order, tax and consumer-rights records as required by law.

How long we keep it

  • Order records — 6 years (UK tax and consumer-rights requirements).
  • Marketing list — until you unsubscribe.
  • Consent logs — 3 years after the consent ends, for audit purposes.
  • Support correspondence — 2 years from last contact.

Who we share data with

We share the minimum data needed with trusted processors who help us run the business:

  • Shopify Inc. — storefront, payments and international order fulfilment.
  • TikTok Shop (TikTok Information Technologies UK Ltd) — UK order fulfilment.
  • Shipping carriers — Royal Mail and international couriers used for delivery.
  • Email infrastructure — our hosting and email-sending provider for transactional and marketing emails.
  • Hosting & backend — Cloudflare and Supabase, used to host the site and database.

We never sell your personal data.

International transfers

Some of our processors are based outside the UK and EEA. Where personal data is transferred internationally we rely on adequacy decisions or Standard Contractual Clauses (UK IDTA / EU SCCs) to protect your information.

Your rights

Under UK and EU GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • request erasure of your data;
  • restrict or object to our processing;
  • data portability;
  • withdraw consent at any time (without affecting prior processing);
  • lodge a complaint with a supervisory authority.

See the Data Requests page to exercise any of these rights. We will respond within one month.

Cookies

See our Cookie Policy. You can change your cookie choices any time using the Cookie Settings link in the footer.

Children

Our products are intended for users aged 16 and over. We do not knowingly collect personal data from children under 16.

Complaints

UK visitors can complain to the Information Commissioner's Office at ico.org.uk. EEA visitors can contact their local supervisory authority.

Contact

Privacy questions: info@lashpatisserie.com.

Back to home