Privacy policy

Christmas Makery

Here at The Christmas Makery, we understand that privacy is important to you. We care about how your data is used, and we respect our customers privacy. We only collect and use personal data as is described here and in a way that is consistent with the General Data Protection Regulation (GDPR) and your rights under the law.

Information About Us

Limited Company Name: Penny Creative Media Limited T/A Christmas Makery registered in England (Company Number 09624378).

Postal and Trading Address: The Old Rectory, Littleham, Nr Bideford, Devon EX395HW. UK

Directors: Susan and Martin Penny

Email Address: info@christmasmakery.com

Telephone Number: 01237 237171

If you are not happy with any aspect of our data protection, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

How does the Policy Work?
This policy explains your rights under the law, how we hold you date, use your date, collect your date, how long we hold it for, and how we can use it, the legal basis for using it and it also explains your rights under the law relating to your personal data.

Personal Data
Personal data is defined by the GDPR EU Regulation 2016/679 as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Simply put, personal data is data about you that enables you to be identified. Personal data can be your name, gender, date of birth and contact details but it also covers other information such as financial, transactional, useage, marketing and communications or technical data. The personal data we hold is covered below.

Your Rights
Under the GDPR, you have certain rights which we always work to uphold.

  1. The right to be informed about the collection and use of your data. You can ask any questions about this using the contact details above.
  2. The right to access and correct the data we hold about you.
  3. The right to have your personal data erased.
  4. The right to object to the processing of your personal data.
  5. The right to restrict the processing your personal data.
  6. The right to request the transfer of your personal data.
  7. The right to withdraw consent.

Please visit for more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

We do not collect any Sensitive Data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Where we are required to collect personal data by law, or under the terms of the contract between us, and you do not provide us with the data needed to perform the contract (to deliver goods or services), we may have to cancel the order or service.

How We Collect Data?
Direct Collection - by filling in forms on our website, in a magazine or by communicating with us by post, phone, email, including when you order, create an account, subscribe to our newsletters, request materials are sent to you, or by entering a competition or giving feedback.

Automated Technologies - we may automatically collect technical data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive this data about you if you visit other websites that use our cookies.

Our website is hosted by Shopify and they store your data on a secure server.

We may receive personal data about you from various third parties and public sources for example Google based outside the EU, data from providers of technical, payment and delivery services for example PayPal based outside the EU, identity and contact data from sources such as Companies House and the Electoral Register based inside the EU and contact information from Mailchimp, an automated marketing service provider based in the USA.

​How We Use Data
When you have provided us with your data, we may use this data to provide you with products, to notify you of any changes, to ensure effective presentation of the content within our products and site for you and for your device and to obtain your feedback.

Where you have indicated to us that you are happy for us to do so, we may also use this data to provide you with information about our other products by post, email orby other electronic means. 

We will only use your personal data when legally permitted for example, where we need to perform the contract between us, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests or where we need to comply with a legal or regulatory obligation.

We do not generally rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email. You have the right to withdraw your consent to marketing at any time by contacting us using the details above.

We will get your express consent before we share your personal data with any third party for marketing purposes. You can request at any time that we stop sending you marketing emails (by contacting us using the details above).

Where you opt out of receiving marketing emails, this does not apply to personal data we hold, provided to us as a result of a purchase or other transactions. We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required by law.

Where We Store Data
Your personal data may be transferred to, and stored in the US and within the European Economic Area ("EEA"). By providing us with your personal data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All data you provide to us is stored on our secure servers or on secure servers operated by a third party. Unfortunately, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot completely guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.

Data Retention
If you are a user of our services, then your data will be held for as long as you continue to use our services. 

We need to keep basic information about our customers (including Contact information, Identity, Financial and Transaction Data) for six years after they cease being a customer for Tax and VAT purposes. 

To help us confirm your identity, we may need to request specific information from you. 

Disclosure
Occasionally, we may share your personal data with our suppliers or sub-contractors to allow us to fulfil your order. We may also share your data with third parties that assist us in the improvement and optimisation of our site.

We use third party processors and as such may share some or all of the data we hold about you with them. We have to ensure third parties we use comply with the law. 

We will disclose your personal data to any third parties if we buy or sell sell any business or assets.

To protect the rights or property, our customers, or the safety of people we will exchange information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Security Measures
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data only to those employees, agents, contractors and third parties who have a business need to access the data. They will only process your personal data in accordance with our instructions and they are subject to a duty of confidentiality.

If we have a suspected data breach, we will notify you and the regulator of a breach where we are legally required to do so.

Third Parties
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

Policy Changes
Any changes we may make to our privacy policy in the future will be listed on this page.

By visiting our website, you agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. The currency will be stored in a session cookie ( a temporary cookie that will go when you close your browser). We do this so that the currency will remain selected while you are using our website so that the prices can convert to your currency.