Privacy Policy

Our Commitment to Your Privacy

Myst & Myrrh is a family-run business and we take your privacy seriously. We will never sell, rent or misuse your personal data. This policy explains clearly what information we collect, why we collect it and how we use it. We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Myst & Myrrh, United Kingdom
Contact: mystandmyrrh@gmail.com

What Information We Collect

Information You Provide to Us

• Order information: your name, delivery address, email address and payment details when you place an order
• Email sign-ups: your name and email address if you subscribe to our newsletter or harvest alerts
• Communications: any information you share when you contact us by email

Information Collected Automatically

• Usage data: pages visited, time on site, browser type and device — collected via cookies and analytics tools
• Technical data: IP address, referring website and general location (country/region level only)

How We Use Your Information

• To process and fulfil your orders and send order confirmations
• To send your delivery tracking information
• To respond to your enquiries and customer service requests
• To send you email newsletters and harvest alerts, where you have opted in
• To improve our website and understand how customers use it
• To comply with our legal obligations

Legal Basis for Processing

• Contract: processing your order and delivering your goods
• Legitimate interest: improving our website and preventing fraud
• Consent: sending marketing emails — you can withdraw this consent at any time
• Legal obligation: retaining financial records as required by UK law

Sharing Your Information

We do not sell or rent your personal data to any third party. We may share limited data with the following trusted partners solely to operate our business:

• Payment processors (e.g. Shopify Payments, Stripe) — to securely process your payment
• Royal Mail — your name and delivery address to fulfil your order
• Email service providers — to send order confirmations and newsletters
• Website analytics (e.g. Google Analytics) — anonymous usage data only

All third parties are required to handle your data securely and in accordance with UK GDPR.

Cookies

Our website uses cookies — small text files stored on your device — to help us understand how visitors use our site and to improve your experience. You can control cookie settings in your browser at any time. Refusing cookies may affect some website functionality.

How Long We Keep Your Data

• Order data: retained for 7 years as required by UK tax law
• Marketing email list: until you unsubscribe or request deletion
• General enquiries: deleted after 2 years of no contact

Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct any inaccurate data
• Request deletion of your data (the right to be forgotten)
• Object to us processing your data for marketing purposes
• Withdraw consent for marketing at any time by clicking unsubscribe in any email
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email us at mystandmyrrh@gmail.com and we will respond within 30 days.

Data Security

We take appropriate technical and organisational measures to protect your personal data. Payments are processed through encrypted, PCI-compliant payment systems. We never store your full card details on our servers.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at mystandmyrrh@gmail.com.