top of page

Privacy Policy

A legal disclaimer

Privacy Policy for Memory Bears by Papillon

1. Who we are
Memory Bears by Papillon (“we”/“us”) is the data controller responsible for your personal data.

  • Address: 10 Gays Cottages. Tandridge Lane. Lingfield. Surrey. RH7 6 LW

  • Email: fell40622@gmail.com

2. Personal data we collect
We collect only what we need to provide and improve our service:

  • Identity data: name, title, date of birth (if provided for special orders).

  • Contact data: postal address, email, telephone number.

  • Transaction data: products ordered, payment method, order history.

  • Technical data: IP address, browser type, device identifiers (via cookies).

  • Marketing data: newsletter preferences, survey responses.

3. How we use your data
We use personal data to:

  • Process orders and handle payments and delivery.

  • Communicate about your order status or respond to enquiries.

  • Improve our website and tailor content (see cookies, below).

  • Send marketing (only if you’ve opted in; you can opt out at any time).

Legal basis:

  • Contract performance: to fulfil your orders (GDPR Art. 6(1)(b))

  • Consent: for marketing communications (GDPR Art. 6(1)(a))

  • Legitimate interests: to enhance and secure our service (GDPR Art. 6(1)(f))

4. Cookies and similar technologies
We use cookies to:

  • Remember your cart and site preferences.

  • Analyse traffic and site usage (via Google Analytics).

  • Provide personalised marketing.

You can manage or disable cookies via your browser settings; please note disabling may affect site functionality.

5. Sharing your data
We do not sell your data. We may share with trusted third parties:

  • Delivery partners (e.g. Royal Mail) to fulfil orders.

  • Payment processors (e.g. Stripe, PayPal) for secure payments.

  • IT service providers hosting our website and databases.

All partners are bound by confidentiality and GDPR obligations.

6. Data security
We implement appropriate technical and organisational measures (encryption, access controls) to protect against unauthorised access, disclosure, alteration or destruction of your data (Information Commissioner’s Office, n.d.).

7. Data retention

  • Order records: retained for 7 years for accounting and warranty purposes.

  • Marketing data: retained until you unsubscribe.

  • Support enquiries: retained for 2 years.

8. Your rights
Under the GDPR and UK Data Protection Act 2018, you have the right to:

  1. Access your personal data (subject access request).

  2. Rectify inaccurate or incomplete data.

  3. Erase data (“right to be forgotten”) where no lawful reason to retain.

  4. Restrict or object to processing.

  5. Port your data to another provider.

  6. Withdraw consent at any time (for marketing).

To exercise these rights, contact us at fell

9. Complaints
If you’re unhappy with our handling of your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/ (Information Commissioner’s Office, n.d.).

10. Changes to this policy
We may update this policy from time to time. Any changes will be posted on this page with an updated effective date.

Effective date: 29 July 2025

References

European Parliament. (2016). Regulation (EU) 2016/679 (General Data Protection Regulation). https://eur-lex.europa.eu/eli/reg/2016/679/oj

Information Commissioner’s Office. (n.d.). Privacy notice guidance: How to write privacy notices. https://ico.org.uk/for-organisations/privacy-notice-skeleton-template/

bottom of page