Privacy Policy

Last Updated: [Insert Date, e.g., 15 April 2025

Mandrake Miniatures (“we,” “us,” or “our”) operates www.mandrakeminiatures.com (the “Website”), built on the Squarespace platform. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit or interact with our Website, including our online store.

By using our Website, you agree to the practices described in this policy. If you have any questions, please contact us at mandrakeminiatures@gmail.com.

1. Information We Collect

We collect personal information to operate our Website, provide services, and improve your experience. The types of information we collect depend on how you interact with our Website.

a. Information You Provide

  • Contact Forms: When you submit a contact form, we collect your name, email address, and any other details you provide (e.g., phone number, message content).

  • Newsletter Signups: If you subscribe to our newsletter, we collect your email address and, optionally, your name.

  • Online Store:

    • Customer Information: When you make a purchase, we collect your name, billing address, shipping address, email address, and phone number.

    • Order Notes: Any additional information you provide during checkout (e.g., delivery instructions).

  • Comments or Blog Subscriptions: If you comment on our blog or subscribe to blog updates, we collect your name, email address, and optionally your website URL.

  • Memberships or Scheduling: If you sign up for memberships or book appointments, we collect your name, email address, and any relevant preferences or payment details.

b. Information Collected Automatically

When you visit our Website, Squarespace automatically collects certain information, including:

  • IP Address: Used for analytics and security.

  • Device and Browser Information: Includes device type, operating system, browser type, and screen resolution.

  • Geolocation Data: Approximate location derived from your IP address.

  • Browsing Behavior: Pages visited, time spent, referring sites, and search terms.

  • Cookies and Similar Technologies: Used to track user interactions and improve site functionality (see Section 5: Cookies).

c. Payment Information

If you make a purchase in our online store, our payment processors (e.g., Stripe, PayPal) collect your payment details, such as credit card numbers or PayPal account information. We do not store full payment details; only limited data (e.g., last four digits of your card) is retained for order management.

d. Abandoned Cart Recovery

If you add items to your cart but don’t complete checkout, we may collect your email address and cart contents to send you a reminder, provided you’ve opted in to such communications.

2. How We Use Your Information

We use your personal information for the following purposes:

  • To Provide Services:

    • Process and fulfill orders in our online store.

    • Respond to inquiries submitted via contact forms.

    • Manage newsletter subscriptions, blog comments, memberships, or appointments.

  • To Improve Our Website:

    • Analyze user behavior via Squarespace Analytics to optimize content and performance.

    • Monitor security and prevent fraudulent activity.

  • To Communicate:

    • Send order confirmations, shipping updates, or responses to your inquiries.

    • Deliver newsletters or promotional emails (with your consent).

    • Send abandoned cart reminders (if applicable).

  • To Comply with Legal Obligations:

    • Maintain records for tax and compliance purposes (e.g., VAT for UK/EU customers).

    • Respond to data protection requests.

3. Legal Basis for Processing

Under UK GDPR, we process your personal information based on the following legal grounds:

  • Contract: To fulfill orders, process payments, or provide services you’ve requested (e.g., responding to a contact form).

  • Consent: For non-essential cookies, newsletters, or abandoned cart emails (you can withdraw consent at any time; see Section 8).

  • Legitimate Interests: For analytics, security, and site optimization, where our interests don’t override your rights.

  • Legal Obligation: To comply with tax laws or data protection regulations.

4. Sharing Your Information

We share your personal information only as necessary to operate our Website and comply with legal requirements:

  • Squarespace: As our hosting platform, Squarespace processes data to provide website functionality, analytics, and security. Squarespace’s privacy practices are detailed at [squarespace.com/privacy].

  • Payment Processors: Stripe, PayPal, or Square process payment details securely for online store transactions. Their privacy policies apply.

  • Service Providers: We may use third-party services for shipping (e.g., couriers requiring your address) or email campaigns (e.g., Squarespace Email Campaigns).

  • Legal Compliance: We may disclose data if required by law, such as to comply with a court order or respond to a data protection authority.

We do not sell or rent your personal information to third parties for marketing purposes.

5. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to enhance your experience, analyze performance, and ensure security. Cookies are small text files stored on your device. The types of cookies we use include:

  • Essential Cookies: Necessary for Website functionality (e.g., maintaining your session).

  • Analytics Cookies: Track user behavior via Squarespace Analytics (e.g., page views, referral sources).

  • Marketing Cookies: Used for abandoned cart emails or promotional campaigns (if enabled).

You can manage cookie preferences via our Cookie Banner, displayed when you first visit the Website. You can also disable cookies in your browser settings, but this may affect Website functionality. For more details, see our [Cookie Policy, if applicable, or link to Cookie Banner settings].

6. Data Retention

We retain your personal information only as long as necessary:

  • Customer Data: Order information is kept for [specify period, e.g., 7 years] to comply with tax and accounting laws.

  • Form Submissions: Contact form data is retained until your inquiry is resolved or as agreed.

  • Analytics Data: Anonymized data may be retained indefinitely for statistical purposes.

  • Newsletter Subscriptions: Kept until you unsubscribe (via the “unsubscribe” link in emails).

When data is no longer needed, we securely delete or anonymize it.

7. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal information:

  • Access: Request a copy of the data we hold about you.

  • Rectification: Ask us to correct inaccurate or incomplete data.

  • Erasure: Request deletion of your data (subject to legal obligations, e.g., tax records).

  • Restriction: Ask us to limit how we process your data.

  • Portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interests (e.g., analytics).

  • Withdraw Consent: Opt out of newsletters or non-essential cookies at any time.

To exercise these rights, contact us at [Your Contact Email]. We will respond within one month, as required by UK GDPR. If you’re unsatisfied with our response, you can lodge a complaint with the UK Information Commissioner’s Office (ICO) at [ico.org.uk].

8. How to Manage Your Preferences

  • Newsletters: Unsubscribe via the link in any email or contact us at [Your Contact Email].

  • Cookies: Adjust settings via our Cookie Banner or your browser.

  • Data Requests: Email [Your Contact Email] to access, delete, or update your data.

9. Data Security

We use Squarespace’s security measures, including encryption and secure servers, to protect your data. However, no online platform is 100% secure. If you suspect a data breach, contact us immediately at mandrakeminiatures@gmail.com.

10. International Data Transfers

As Squarespace is based in the United States, your data may be transferred to the US or other countries. Squarespace complies with UK GDPR through Standard Contractual Clauses (SCCs) to ensure adequate protection. For details, see Squarespace’s Data Processing Addendum.

11. Third-Party Links

Our Website may contain links to external sites (e.g., social media). We are not responsible for their privacy practices. Review their policies before sharing personal information.

12. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via a Website notice or email (for newsletter subscribers). Check this page regularly for updates.

13. Contact Us

For questions, data requests, or concerns about this Privacy Policy, contact:

Mandrake Miniatures
mandrakeminiatures@gmail.com