Privacy Policy

At belveracircle, your privacy is of the utmost importance to us. This Privacy Policy (“Policy”) explains how belveracircle.shop (“we”, “us”, “our”) collects, uses, discloses, stores, transfers, and protects the personal information you provide when you visit, browse, register, or make a purchase on belveracircle.shop (“Website”). By accessing or using our Website, you consent to the data practices described in this Policy. If you do not agree, please discontinue use of the Website.

This Policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and other applicable data protection laws of the United Kingdom. Our processing of personal data is overseen by the Information Commissioner’s Office (ICO).

1. About Us

belveracircle.shop is a United Kingdom-based individual online retail store (sole trader) selling a curated range of products — exclusively within the territory of the United Kingdom. For the purposes of the UK GDPR and the Data Protection Act 2018, we act as the “Data Controller” responsible for determining the purposes and means of processing your personal data.

2. Scope and Applicability

This Policy applies to:

  • All visitors and users of belveracircle.shop;
  • All customers who place an order through the Website;
  • All persons who subscribe to our newsletter, contact us by email, or engage with us in any manner online;
  • Personal data collected through cookies, analytics, and tracking technologies used on the Website.

It does not apply to third-party websites, services, or applications linked from our Website. Please review their respective privacy policies separately.

3. Information We Collect

3.1 Personal Information

  • Contact Details: Full name, email address, mobile/telephone number, shipping address, billing address, town/city, county, and postcode within the United Kingdom.
  • Account Information: Username, password (stored in encrypted form), account preferences, wishlists, and order history.
  • Payment Information: Credit/debit card details and other payment data. Payment transactions are processed by secure third-party payment gateways; we do not store complete card numbers or CVV on our servers.
  • Demographic Information: Gender, date of birth (where provided), and other optional demographic data.
  • Communication Records: Email correspondence between you and our customer support team, including return requests, complaints, and feedback.

3.2 Non-Personal Information

  • IP address, approximate geographic location (country, region, city);
  • Device identifiers, browser type and version, operating system, screen resolution;
  • Website usage data: pages visited, time spent, click patterns, referral URLs, search queries on the Website;
  • Aggregated and anonymised analytics data that cannot be used to identify you personally.

3.3 Sensitive & Special Category Data

We do not knowingly collect “special category data” as defined in Article 9 of the UK GDPR (such as data revealing racial or ethnic origin, health, religious or philosophical beliefs, or biometric data). We apply heightened security measures to data that is sensitive in nature, including:

  • Passwords;
  • Financial information such as bank or payment-instrument details;
  • Any other information that requires additional protection under applicable law.

Such data is collected only where necessary and is used strictly for the purpose for which it was provided.

4. How We Collect Information

  • Direct Collection: When you register an account, place an order, complete a checkout form, subscribe to our newsletter, or email us.
  • Automated Tracking Tools: Cookies, web beacons, pixels, web analytics, and similar technologies that track your activity on the Website.
  • Third-Party Sources: Information obtained from secure payment gateways, courier partners, fulfilment partners, and analytics providers, in accordance with their respective privacy policies.
  • Email Communications: Information you share when contacting our customer support at [email protected] — our exclusive support channel.

5. Purpose of Data Processing

We process your personal data for the following lawful purposes:

  • Order Fulfilment: Processing, packaging, dispatching, and delivering your orders across the United Kingdom.
  • Payment Processing: Facilitating secure payment through third-party gateways and processing refunds where applicable.
  • Order Communications: Sending order confirmations, dispatch alerts, tracking information, delivery updates, and post-purchase follow-ups.
  • Customer Support: Responding to your queries, complaints, return requests, exchange requests, and warranty claims received by email.
  • Fraud Prevention & Security: Verifying your identity, detecting suspicious transactions, and protecting the Website from unauthorised access.
  • Personalisation: Recommending products based on your preferences, browsing history, and past purchases.
  • Marketing & Promotions: Sending promotional emails about new collections, offers, and brand updates (with the option to unsubscribe at any time).
  • Analytics & Improvement: Analysing Website performance, user behaviour, and conversion metrics to improve our products and services.
  • Legal Compliance: Complying with applicable UK laws, regulations, court orders, and statutory requirements.

6. Legal Basis for Processing

Under the UK GDPR, we process your personal data on one or more of the following lawful bases (Article 6):

  • Consent (Article 6(1)(a)) — You provide free, specific, informed, and unambiguous consent (e.g., by ticking the consent box at registration or checkout, or accepting non-essential cookies).
  • Performance of a Contract (Article 6(1)(b)) — Processing necessary to fulfil our agreement with you, such as delivering products you have ordered.
  • Legitimate Interests (Article 6(1)(f)) — Including fraud prevention, network and information security, and improving our products and services, balanced against your rights and interests.
  • Legal Obligation (Article 6(1)(c)) — Compliance with applicable UK tax, accounting, and regulatory requirements.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on belveracircle.shop in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR. Non-essential cookies are only placed with your consent, which you provide through our cookie banner:

  • Essential Cookies: Required for the Website to function — login, shopping cart, security. These do not require consent.
  • Functional Cookies: Remember your preferences such as language, currency, and saved form preferences.
  • Analytics Cookies: Help us understand how visitors use the Website (e.g., Google Analytics).
  • Advertising Cookies: Deliver personalised advertisements and measure marketing effectiveness across third-party platforms (e.g., Meta Pixel, Google Ads).

You can manage, withdraw, or disable cookies at any time through our cookie banner or your browser settings. Please note that disabling essential cookies may limit Website functionality.

8. Sharing of Information with Third Parties

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your information only with trusted partners, strictly to fulfil the purposes set out in this Policy:

  • Fulfilment & Service Partners: Trusted partners who help us process, prepare, or assemble your order receive only the data necessary to perform their function.
  • Payment Gateways: Authorised PCI-DSS-compliant payment processors handle your payment securely.
  • Courier and Logistics Partners: Reputable UK courier partners (Royal Mail, Evri, DPD, Parcelforce, Yodel, DHL, etc.) receive your shipping address and contact number to deliver your order.
  • Email and Marketing Service Providers: Email service providers used to send order updates and promotional content.
  • Analytics Providers: Google Analytics, Meta Pixel, and similar tools for understanding Website usage (data shared in anonymised or pseudonymised form where possible).
  • Legal & Regulatory Authorities: Government agencies, regulators, or law enforcement bodies when required by law, court order, or to protect our legal rights.
  • Business Transfers: In the event of a sale, merger, or restructuring of the business, personal data may be transferred to the successor entity, subject to the same privacy obligations.
  • With Your Explicit Consent: In any situation where you have given us specific permission to share your data.

9. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your personal data from unauthorised access, use, alteration, disclosure, or destruction. These include:

  • SSL/TLS encryption during data transmission between your browser and our Website;
  • Encrypted password storage using industry-standard hashing algorithms;
  • Secure third-party payment gateways with PCI-DSS compliance for all financial transactions;
  • Restricted access to personal data on a need-to-know basis only;
  • Periodic review of our security practices in line with our obligations under Article 32 of the UK GDPR (ISO/IEC 27001 framework where applicable).

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security against unauthorised intrusion. You acknowledge and accept this inherent risk when providing information through the Website.

10. Data Retention

We retain your personal data only for as long as necessary to:

  • Fulfil the purposes set out in this Policy;
  • Maintain your account and provide ongoing services;
  • Comply with applicable UK legal, tax, accounting, and regulatory obligations (typically 6 years for transactional and accounting records under UK tax law / HMRC requirements);
  • Resolve disputes, enforce our agreements, and prevent fraud.

Upon deletion of your account, we may retain certain residual information in our backups and archives for the period required by law, after which it shall be securely deleted or anonymised.

11. Your Rights as a Data Subject

Under the UK GDPR and the Data Protection Act 2018, you have the following rights with respect to your personal data:

  • Right of Access: Request a copy of the personal data we hold about you and information about how it is processed (a “subject access request”).
  • Right to Rectification: Request that we correct any inaccurate, misleading, or incomplete data.
  • Right to Erasure: Request the deletion of your personal data where retention is no longer necessary, subject to legal retention obligations (“right to be forgotten”).
  • Right to Restrict Processing: Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: Request your data in a structured, commonly used, machine-readable format, or have it transferred to another controller where technically feasible.
  • Right to Object: Object to processing based on legitimate interests or to direct marketing at any time.
  • Right to Withdraw Consent: Withdraw your consent for processing at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to Complain: Lodge a complaint with us or directly with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

To exercise any of these rights, please email [email protected] with subject line “Data Rights Request — [Your Name]”. We will respond within one month, as required by the UK GDPR.

12. Children’s Privacy

Our Website and services are intended for individuals aged 18 years and above. We do not knowingly collect personal data from children under the age of 13 (the age at which a child can consent to online services under the Data Protection Act 2018) without verifiable parental or guardian consent. If you are a parent or guardian and believe that your child has provided personal data to us without your consent, please email [email protected] and we will promptly delete such information.

13. International Data Transfers

As a primarily UK-only e-commerce operation, your personal data is generally stored and processed within the United Kingdom or the European Economic Area (EEA). However, certain service providers (such as cloud hosting, email service providers, or analytics tools) may store or process data on servers located outside the UK. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with Chapter V of the UK GDPR — such as transfers to countries covered by UK adequacy regulations, or the use of the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.

14. Third-Party Links

Our Website may contain links to third-party websites, plug-ins, or applications (e.g., social media icons, payment partner sites). Clicking on these links may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. Please review the privacy policy of each third-party site you visit.

15. Marketing Communications

Where you have given your consent — or where you are an existing customer and we rely on the “soft opt-in” permitted under PECR for similar products — we may send you marketing communications regarding new collections, style guides, exclusive offers, and brand updates. You may withdraw consent at any time by:

  • Clicking the “unsubscribe” link in any marketing email;
  • Updating your communication preferences in your account settings; or
  • Emailing us at [email protected] with subject line “Unsubscribe — [Your Email]”.

Please note that even after opting out of marketing communications, you may continue to receive transactional emails related to your orders (e.g., order confirmations, shipping updates).

16. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by Article 33 of the UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly.

17. Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) signal feature. As industry standards are not yet harmonised on the proper response to DNT signals, the Website does not currently respond to DNT browser signals. You can, however, exercise control over cookies through our cookie banner or your browser settings, as described in Section 7.

18. Changes to This Privacy Policy

belveracircle.shop reserves the right to modify, amend, or update this Privacy Policy at any time to reflect changes in our data practices, technology, legal requirements, or other factors. Any updates will be posted on this page with a revised “Last Updated” date. Where the changes are material, we may notify you via email or a prominent notice on the Website. Your continued use of the Website following the posting of changes constitutes your acceptance of the updated Policy.

19. Data Protection Contact

In accordance with the UK GDPR and the Data Protection Act 2018, we have designated a contact to address concerns related to the collection, processing, or storage of your personal data. The designated contact’s details are as follows:

  • Name: William Carter
  • Designation: Data Protection Contact / Sole Trader
  • Email: [email protected]
  • Address: 40 Northgate, Dewsbury WF13 1DX, UK
  • Working Hours: Monday – Saturday, 8:00 AM – 5:00 PM BST Closed on Sundays and Public Holidays.

All data-protection-related complaints, grievances, or rights-exercise requests must be submitted exclusively by email. We will acknowledge receipt of your request within 24 hours and shall respond within one month from the date of receipt, in accordance with the UK GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) — www.ico.org.uk, helpline 0303 123 1113.

20. Contact Us

For any questions, concerns, complaints, or requests regarding this Privacy Policy or our handling of your personal information, please contact us using the details below. Email is our only supported channel for privacy-related communications.

  • Seller Name: William Carter
  • Website: belveracircle.shop
  • Privacy Email (only channel): [email protected]
  • Address: 40 Northgate, Dewsbury WF13 1DX, UK
  • Email Response Time: Monday – Saturday, 8:00 AM – 5:00 PM BST Closed on Sundays and Public Holidays.

By using belveracircle.shop, you confirm that you have read, understood, and consented to the collection, use, and disclosure of your information as described in this Privacy Policy.

Last Updated: June 2026