Skip to main content

Privacy Policy

Last updated: 23 May 2026

1. Introduction

This Privacy Policy explains how Colourstead (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you visit our website, make a purchase, create an account, or interact with us.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Colourstead is the data controller responsible for your personal data under UK data protection law.

2. Information We Collect

We may collect and process the following information:

Information You Provide Directly

  • Name
  • Billing and delivery address
  • Email address
  • Telephone number
  • Account login details (if applicable)
  • Order details and purchase history
  • Customer service enquiries and communications

Information Collected Automatically

  • IP address
  • Browser type and device information
  • Pages visited and browsing behaviour
  • Referral source
  • Cookies and similar tracking technologies

Payment Information

  • Payments are processed securely by third-party payment providers such as PayPal and card payment processors.
  • We do not store full payment card details on our systems.

3. How We Use Your Information

We use your personal data to:

  • Process and fulfil orders
  • Manage customer accounts
  • Provide customer support
  • Send order confirmations and updates
  • Prevent fraud and unauthorised transactions
  • Improve our website, products, and services
  • Comply with legal, tax, and regulatory obligations

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: To process and fulfil your orders
  • Legal obligation: For accounting, tax, and regulatory requirements
  • Legitimate interests: For fraud prevention, website security, and improving our services
  • Consent: For marketing communications where you have opted in

5. Third-Party Services and Infrastructure

We use trusted third-party hosted infrastructure and service providers to operate our website and business. These providers support services such as:

  • Website hosting and infrastructure
  • Ecommerce functionality
  • Payment processing
  • Fraud prevention and security monitoring
  • Email and communications
  • Analytics and performance monitoring
  • Delivery and logistics services

These providers only receive the information necessary to perform their services and are required to handle data securely and in compliance with applicable data protection laws.

6. International Data Transfers

Some of our third-party service providers (such as hosting, analytics, or email communication tools) may be located outside the UK or European Economic Area (EEA).

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented. This includes using specific Standard Contractual Clauses (SCCs) or the International Data Transfer Agreement (IDTA) approved for use in the UK.

7. Fraud Prevention and Security

We use security and fraud prevention measures to protect our customers and business, including:

  • Secure payment processing and 3D Secure authentication where supported
  • CAPTCHA and bot protection systems
  • Fraud detection and transaction monitoring
  • Account security controls and password protection
  • Email security and anti-phishing protections

Orders may be automatically screened for fraud indicators. If an order is flagged as high-risk or blocked automatically, you have the right to request a human review of the decision by contacting us directly.

We do not process or store full payment card details; these are handled securely by our payment providers.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our website. These include:

  • Strictly necessary cookies: Required for core website functions such as checkout, login, and security
  • Performance cookies: Used to analyse website traffic and performance
  • Functional cookies: Used to remember preferences and improve user experience

Our website infrastructure and hosting services may use cookies as part of the systems required for functionality, security, and performance. Third-party services such as payment providers, fraud prevention tools, and analytics providers may also place cookies when you interact with our website.

Where required, we request your consent before placing non-essential cookies. You may withdraw consent at any time via your browser settings. Please note that some website features may not function correctly if cookies are disabled.

9. Marketing Communications

If you opt in to marketing, we may send you:

  • Offers and promotions
  • Product updates
  • News and announcements

You can opt out at any time by using the unsubscribe link found at the bottom of our emails or by contacting us directly.

10. Children's Privacy

Our website is not intended for use by children, and we do not knowingly collect personal data relating to children under the age of 13.

If you are under 13, please do not provide any information on this website.

11. Data Retention

We retain personal data only for as long as necessary to fulfil orders, provide customer support, and meet legal, tax, or accounting obligations.

  • Order history and customer data: Retained for up to 6 years following the end of the financial year of your purchase to comply with UK tax law (HMRC) requirements
  • Marketing data: Retained until you withdraw your consent or unsubscribe

12. Sharing Your Information

We do not sell your personal data. We may share your data with trusted third parties where necessary, including:

  • Payment processors (e.g. PayPal)
  • Delivery and courier services
  • Website infrastructure and hosting providers
  • Fraud prevention and security services
  • Analytics providers
  • Professional advisers or regulatory authorities where required

13. Your Rights

Under UK data protection law, you have the following rights regarding your personal data:

  • Access: The right to request copies of your personal data
  • Rectification: The right to ask us to correct inaccurate or incomplete data
  • Erasure: The right to request that we delete your data under certain conditions
  • Restriction: The right to request that we restrict the processing of your data
  • Objection: The right to object to our processing of your data (including marketing)
  • Data Portability: The right to request the transfer of your data to another organization
  • Withdraw Consent: The right to withdraw your consent at any time where we rely on it to process your data

To exercise any of these rights, please contact us using the details below.

If you are unhappy with how we handle your data, you also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO).

You can contact them via their website at www.ico.org.uk or by calling 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.

14. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, alteration, or disclosure.

While we take reasonable steps to protect your data, no system can be guaranteed 100% secure.

15. Third-Party Links

Our website may contain links to external websites.

We are not responsible for the privacy practices, cookie compliance, or content of those third-party sites.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations.

We will notify you of any significant changes by posting the updated policy on this page with a revised “Last updated” date.

17. Company Details and Contact Information

If you have any questions about this Privacy Policy or your personal data, please contact us:

  • Business Name: Colourstead
  • Legal Entity Type: Limited
  • Company Registration Number: 17160530
  • Email: contact@colourstead.co.uk

!