Privacy Policy

I am committed to processing personal information about customers in a way that is safe, secure and non-invasive. Under the EU General Data Protection Regulation (GDPR) 2018 this document sets out what data I collect and store when you buy from me, why I collect it, who the information is shared with and the rights of the customer to have the information changed or deleted.


What information is collected:

  • Name and address

  • Email

Debit/credit card information is collected separately by Paypal.


Who the information is shared with:

  • Paypal during payment at checkout (Paypal also complies with current GDPR legislation which you can read about here:

  • Royal Mail when buying postage (Royal Mail also complies with current GDPR legislation which you can read about here:

  • Indiemade, my web host (Indiemade, although US based, has robust privacy rules in place which you can read about here:

  • Mail Chimp, who also comply with GDPR, but only relevant if you sign up for my newsletter (


Why the information is collected:

  • Your name and address is collected in order to provide the products you have purchased from me.

  • Your email is collected so that I can contact you to let you know your order has been dispatched. It might also be used if I have any queries about your order.

The information is not used for direct marketing such as sales emails.


  • If you chose to sign up for my newsletter using the link at the top of the page then I will send email newsletters to that email address roughly four times a year with news of new products. Your information is shared only with Mail Chimp. You can unsubscribe at any time using the link at the bottom of any of the emails I send out.


How the information is collected:

  • Directly from customers via the online ordering system on the web site, or via Mail Chimp if signing up to receive the newsletter.


Who may see the information:

  • Myself, Gillian McMurray, sole owner of the business.

  • Select third parties, i.e. Paypal, Royal Mail, Indiemade.

  • Other third parties, i.e. law enforcement or tax authorities (only in unusual circumstances).


Transferring personal information outside of the UK:

The use of this website requires that personal information is transferred to the USA. I have checked that all third party partners have privacy policies in place that protect personal information to a level that complies with UK law.


Keeping personal information secure:

I am committed to keeping customer's personal information secure. It will not be sold, inappropriately shared or accidentally used. Customer's details are only used for direct communication about specific orders over email or through the messaging systems of the above platforms, i.e. Etsy, Folksy. All technology in use by me is kept up to date with current security software and is not made available for use by anyone else. The web site is HTTP Secure with a current SSL certificate. In the unusual event of a data security breach via Indiemade you will informed about it within 72 hours of becoming aware of the breach, as required under GDPR (2018) rules.


How long information is kept:

Under UK law, business records must be kept for seven years. In the case of invoices and receipts, customer information is also included. This information will be securely disposed of as soon as practical. Digital records of individual orders are held by myself for 60 days in order to make sure orders are fulfilled and received without any problems. However customers also have the right to be forgotten and personal information will be removed from my recording system if requested and it does not interfere with the obligations of the business, e.g. submitting taxes.


Accuracy of information:

This web site relies on customers keeping their information up to date and accurate if they want to order from me. Log in to your account using the 'log in' button at the bottom right hand side of any web page using the log in details given during your first order. You can then change your personal details from within your account.


Access to personal information:

Under GDPR legislation, customers should have access to their personal information and be given the opportunity to change or delete their details. In order to see what information is held about you either:


  • log in to your account using the 'log in' button at the bottom right hand side of any web page using the log in details given during your first order.


  • request to see what information is held by sending me a message with your request and including your name and address as used when shopping on this web site.

You can also request that I delete your information by sending me a message. I will then remove that information from my web site and systems as soon as I receive the request. If you live in the EU and have a complaint about my use of your information you have the right to do so with your local data protection authority.


Cookies are small files that are added to your computer to allow web sites to remember your preferences. The ones used on this web site do no harm and are necessary for you to use the shopping cart on the web site. They do not give me any personal information about you, other than what you share during the checkout process. You can change your browser settings to decline cookies if you prefer but it might prevent you from being able to use the web site properly.


Links to other web sites:

When I include links to other web site I do my best to ensure the sites are reputable with corresponding privacy policies. However I am not responsible for their privacy practices, content or services.


Changes to my privacy policy:

As privacy legislation is an ever changing landscape, I will update my privacy policies as required.


Contact details:

Gillian McMurray

2 Linton Cottages






(remember to change the (at) to @ in order to send the email)


Last updated: 3rd June 2023.

© 2023, Gillian McMurray. All rights reserved.