Last updated: 14 December 2025

It is important to us that we look after your privacy and that you can trust us to do so. Any personal data we collect is used to provide and improve our services and to ensure we deliver the best possible experience when you shop with us. If you have any questions about this policy, please do not hesitate to contact us.

1. About Us
   This website, https://cairncandles.co.uk (“Our Site”), is operated by Cairn Candle Company Ltd (Company No. SC607798), trading as Cairn Candle Co.
   For the purposes of data protection law, we are the data controller.
   Contact details:
   • Email: info@cairncandles.co.uk
   
2. What This Policy Covers
   This Privacy Policy explains how we collect, use, store, and protect your personal data when you:
   • Visit or browse Our Site
   • Create an account
   • Place an order
   • Contact us
   • Sign up to marketing communications
   
   Our Site may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data.
   
3. Your Rights
   Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to:
   • Be informed about how we use your personal data
   • Access the personal data we hold about you
   • Request correction of inaccurate or incomplete data
   • Request deletion of your personal data (“right to be forgotten”)
   • Restrict processing of your personal data
   • Receive a copy of your data in a portable format
   • Object to certain uses of your personal data
   • Withdraw consent at any time where processing is based on consent
   You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your data properly.
   
4. What Personal Data We Collect
   Depending on how you use Our Site, we may collect the following personal data:
   Information you provide to us
   • Name
   • Billing and delivery address
   • Email address
   • Telephone number
   • Account login details
   • Order details and purchase history
   • Communications you send to us (e.g. emails or contact forms)
   Information collected automatically
   • IP address
   • Browser type and version
   • Device and operating system information
   • Pages visited and actions taken on Our Site
   
5. How We Use Your Personal Data
   We only use your personal data where we have a lawful basis to do so. These include:
   Contract
   • Processing and fulfilling your orders
   • Managing your customer account
   • Handling returns, refunds, and customer service enquiries
   Legal obligation
   • Keeping records for accounting and tax purposes
   Legitimate interests
   • Improving Our Site, products, and services
   • Website analytics and performance monitoring
   • Preventing fraud and ensuring website security
   Consent
   • Sending marketing emails and newsletters (where you have opted in)
   You can withdraw your consent to marketing at any time by using the unsubscribe link in our emails or by contacting us.
   
6. Payments
   Payments on Our Site are processed securely by Stripe. We do not store or have access to your full card details.
   Stripe processes payment data in accordance with their own privacy policy and is compliant with PCI-DSS standards.
   
7. Who We Share Your Data With
   We only share your personal data where necessary to operate our business, including with:
   • Payment processors: Stripe
   • E-commerce platform: WooCommerce
   • Website hosting and IT providers
   • Delivery and courier services (to deliver your orders)
   • Analytics providers (such as Google Analytics)
   All third parties are required to handle your data securely and in accordance with data protection law.
   We do not sell your personal data to third parties.
   
8. How Long We Keep Your Data
   We only retain your personal data for as long as necessary, including:
   • Order and transaction records: up to 6 years (for tax and legal obligations)
   • Customer account data: until you close your account or request deletion
   • Marketing data: until you withdraw your consent
   
9. How We Store and Protect Your Data
   Your personal data is stored securely using appropriate technical and organisational measures, including:
   • Secure servers
   • SSL encryption
   • Restricted access to personal data
   We regularly review our security practices to ensure your data remains protected.
   
10. Cookies
    Our Site uses cookies and similar technologies to:
    • Ensure the website functions correctly
    • Analyse website traffic and performance
    • Improve your browsing experience
    We use both necessary cookies and optional analytics cookies. Where required by law, we will ask for your consent before placing non-essential cookies on your device.
    For more detailed information, please see our Cookie Policy.
    
11. Children’s Data
    Our Site is not intended for children under the age of 16, and we do not knowingly collect personal data from children.
    
12. Accessing Your Data
    You may request a copy of the personal data we hold about you at any time. Requests are free of charge and can be made by contacting us using the details below.
    
13. Contact Us
    If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:
    Email: info@cairncandles.co.uk