Privacy Policy

 

UK GDPR & DATA PROTECTION ACT 2018 COMPLIANT FRAMEWORK 

Effective Date: May 31, 2026  |  Last Updated: May 31, 2026  |  Applicability: United Kingdom & International Consumers  

​

This Privacy Policy describes how Astral Threads (referred to as "we", "us", "our", or the "Data Controller") collects, uses, protects, and shares your personal data when you visit, use, or make a purchase from our e-commerce website (the "Site"). 

​

We are fully committed to protecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). 

​

1. Information About Us (The Data Controller) 

Under the UK GDPR, we operate as the "Data Controller" for the personal information processed via this website.

•  Full Legal Company Name: Astral Threads

•  Registered Office Address: Cheshire UK . Company Registration Number: Sole Trader

•  ICO Registration Number: [Insert Information Commissioner's Office registration number if registered]

•  Data Protection Contact Email: info@astralthreads.co.uk

​

2. The Types of Personal Data We Collect 

We may collect, use, store, and transfer different kinds of personal data about you, categorised as follows: 

•  Identity Data: First name, last name, username or similar identifier, and title. 

•  Contact Data: Billing address, delivery address, email address, and telephone numbers. 

•  Financial Data: Payment card details and bank account numbers (processed directly by our secure third-party payment gateways; we do not store raw card numbers). 

•  Transaction Data: Details about payments to and from you, and other details of products and services you have purchased from us. 

•  Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting, browser plug-in types, operating system, and platform. 

•  Usage Data: Information about how you navigate and interact with our website, products, and marketing links. 

•  Marketing & Communications Data: Your preferences in receiving marketing from us and our third parties, and your specific communication preferences. 

 

3. How We Collect Your Personal Data 

We collect information using the following primary methods: 

•  Direct Interactions: You give us your Identity, Contact, and Financial data by filling in checkout fields, creating accounts, subscribing to newsletters, or contacting customer support directly. 

•  Automated Technologies: As you interact with our website, we automatically collect Technical and Usage Data through cookies, server logs, and similar tracking codes. 

•  Third Parties: We may receive analytical data from providers like Google, or payment verification data from processing partners (e.g.PayPal, Shopify Payments).

 

 

4. Our Lawful Basis for Processing Your Personal Data 

We will only use your personal data when the law allows us to. Under the UK GDPR, we rely on the following legal bases to process your information: 

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​​

​

​

 

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​​​​​​​​​​

 

 

 

 

​
 

5. Sharing Your Personal Data with Third Parties 

We do not sell, rent, or trade your personal data. We share your information only with trusted third-party service providers essential to fulfilling our contract with you and running our operations: 

•  Delivery & Logistics Partners: To dispatch and deliver your physical purchases (e.g., Royal Mail, DPD, DHL, Evri). 

•  Payment Processors: Secure payment gateways to manage transaction security safely (e.g., Stripe, PayPal, Apple Pay). 

•  IT & Infrastructure Service Providers: Cloud hosting companies, website platforms (e.g., Shopify, WooCommerce), and backend customer service software providers. 

•  Marketing & Analytics Tools: Third-party applications to distribute newsletters or optimize marketing structures (e.g., Klaviyo, Google Analytics). 

•  Professional Advisors & Regulators: Lawyers, bankers, auditors, insurers, or HMRC, when required by legal frameworks. 

 

6. International Data Transfers 

Some of our third-party service providers may be located or operate outside the United Kingdom (UK) and the European Economic Area (EEA). Whenever your personal data is transferred outside the UK, we ensure a similar degree of data security is upheld by implementing at least one of the following legal safeguards: 

•  We transfer your personal data only to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government. 

•  Where we use certain service providers, we may use specific standard contractual clauses approved for use in the UK (the International Data Transfer Agreement or Addendum) which give personal data the same protection it has in the UK. 

 

7. Data Security and Retention 

Data Security 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

Data Retention 

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By UK law, we must keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for **six years** after they cease being customers for tax and financial regulatory purposes. 

 

8. Your Legal Rights Under the UK GDPR 

Under certain circumstances, you have comprehensive rights under UK data protection laws in relation to your personal data. You have the right to: 

•  Request Access (Subject Access Request): This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it. 

•  Request Correction: This enables you to have any incomplete or inaccurate data we hold about you corrected. 

•  Request Erasure (The Right to be Forgotten): This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

•  Object to Processing: You have the right to object where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. 

•  Request Restriction of Processing: This enables you to ask us to suspend the processing of your personal data in certain scenarios. 

•  Request Data Portability: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. 

•  Withdraw Consent at Any Time: Where we are relying on consent to process your personal data (e.g., email newsletters). 

 

If you wish to exercise any of the rights set out above, please contact our team via email at info@astralthreads.co.uk. We aim to respond to all legitimate requests within one calendar month. 

Right to Complain: You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.  

 

 

9. Cookie Policy (How We Use Cookies) 

Our website uses cookies and similar tracking technologies to distinguish you from other users of our website. This helps us to provide you with a smooth shopping experience and allows us to continuously improve our platform. 

​

What is a Cookie? 

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile device if you agree. Cookies contain information that is transferred to your device's storage infrastructure. 

 

The Types of Cookies We Use 

We use the following classifications of cookies on our storefront: 

•  Strictly Necessary Cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart, or make use of e-billing services. Without these cookies, the site cannot function normally. 

•  Analytical or Performance Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. 

•  Functionality Cookies: These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferred settings (for example, your choice of language or region). 

•  Targeting / Advertising Cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your core consumer interests. We may also share this information with third parties for this purpose. 

 

Managing Your Cookie Preferences 

When you visit our website for the first time, you will see a cookie consent banner that prompts you to accept or decline cookies. Strictly necessary cookies do not require your prior consent as they are required to render the site operational. 

You can block cookies entirely by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our e-commerce platform, and features like the shopping basket may fail to retain items. 

 

10. Changes to This Privacy and Cookie Policy 

We keep our Privacy and Cookie Policy under regular review. Any updates or changes we make will be posted directly on this page, and where appropriate, notified to you via email. Please check back frequently to see any modifications or additions to our legal standards.