Privacy Policy

Last updated: 1 April 2025 ยท UK GDPR Compliant

Moonpize Ltd ("Moonpize", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Moonpize Ltd is the data controller for the personal data you provide to us. We are registered in England and Wales (Company No. 07123456). Our registered office is 47 Carnaby Street, Soho, London, W1F 9PT.

Our Data Protection Officer can be contacted at: [email protected]

2. What Personal Data We Collect

We collect the following categories of personal data:

  • Identity data: First name, last name, username, or similar identifier.
  • Contact data: Email address, telephone number, delivery address.
  • Transaction data: Details about payments to and from you, and details of orders you have placed.
  • Technical data: Internet Protocol (IP) address, browser type and version, device type, operating system, time zone setting and location.
  • Usage data: Information about how you use our website and services.
  • Marketing and communications data: Your preferences in receiving marketing from us and your communication preferences.

3. How We Collect Your Personal Data

We collect personal data through the following means:

  • Direct interactions โ€“ when you create an account, place an order, contact us, or subscribe to our newsletter.
  • Automated technologies โ€“ cookies, server logs, and similar technologies as you interact with our website.
  • Third parties โ€“ payment processors (Stripe, PayPal), delivery partners, and analytics providers.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. The legal bases we rely on include:

  • Performance of a contract โ€“ to process your orders and manage your account.
  • Legitimate interests โ€“ to improve our services, prevent fraud, and for direct marketing (where you have a reasonable expectation of receiving such communications).
  • Compliance with a legal obligation โ€“ to comply with legal requirements such as tax obligations.
  • Consent โ€“ where you have given explicit consent to receive marketing communications.

5. Marketing Communications

We will only send you marketing communications if you have opted in to receive them. You can opt out of receiving marketing communications at any time by clicking the unsubscribe link in any email we send, updating your account preferences, or contacting us at [email protected].

6. Sharing Your Personal Data

We may share your personal data with:

  • Payment processors: Stripe and PayPal for secure payment processing.
  • Delivery partners: Third-party couriers to fulfil your delivery orders.
  • IT service providers: Cloud hosting, analytics, and customer service platforms.
  • Regulators and authorities: Where required by law.

We do not sell your personal data to third parties.

7. International Transfers

Some of our third-party service providers may be located outside the UK. Where we transfer personal data outside the UK, we ensure a similar degree of protection by using approved transfer mechanisms, such as Standard Contractual Clauses (SCCs).

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Transaction and order data is retained for 7 years for tax and legal compliance purposes. Marketing data is retained until you withdraw consent.

9. Your Legal Rights

Under UK GDPR, you have the following rights:

  • Right of access โ€“ to request a copy of the personal data we hold about you.
  • Right to rectification โ€“ to request correction of inaccurate data.
  • Right to erasure โ€“ to request deletion of your personal data (the "right to be forgotten").
  • Right to restrict processing โ€“ to request limitation of how we process your data.
  • Right to data portability โ€“ to receive your data in a structured, machine-readable format.
  • Right to object โ€“ to object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making โ€“ not to be subject to solely automated decisions that have a significant impact on you.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

10. Cookies

We use cookies and similar tracking technologies on our website. Please see our Cookie Policy for full details.

11. Security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These include SSL/TLS encryption for all data transmission, access controls, regular security testing, and staff training on data protection.

12. Complaints

If you have concerns about how we handle your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Visit ico.org.uk or call 0303 123 1113.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. This policy was last updated on 1 April 2025.

14. Contact Us

For any questions about this Privacy Policy or how we handle your data, please contact us: