Wema UK Privacy Statement
1. Introduction
Wema UK ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website or make a purchase from our store.
We are the data controller for the personal data we process. We are registered in England and operate from Wema UK, Trimshayes Farm, Stockland, Honiton EX14 9LL, United Kingdom. Our VAT registration number is GB600913480. Our store is hosted on Shopify Inc.
This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Information We Collect
Information you provide to us
When you make a purchase or create an account, we collect:
- Your name, billing and shipping address
- Email address
- Phone number (if provided)
- Payment information (processed securely by Shopify — see Section 6)
- Order history and transaction details
Information collected automatically
When you browse our website, we automatically collect:
- Your IP address
- Browser type and operating system
- Pages visited, time spent, and referring URLs
- Device information
- Cookie data (see Section 8)
3. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
| Purpose | Lawful Basis |
|---|---|
| Processing your order and managing your account | Contract — necessary to fulfil our contract with you |
| Sending transactional emails (order confirmations, dispatch notifications) | Contract — necessary to fulfil our contract with you |
| Sending marketing emails about products and offers | Consent — you have opted in to receive marketing |
| Website analytics via Google Analytics | Consent — via cookie consent mechanism |
| Fraud prevention and security | Legitimate interest — protecting our business and customers |
| Complying with legal and tax obligations | Legal obligation |
4. How We Use Your Information
We use the personal information we collect to:
- Process and fulfil your orders
- Communicate with you about your order, including dispatch and delivery updates
- Provide customer support and handle returns or complaints
- Send marketing communications where you have given consent
- Analyse website usage to improve our store and user experience
- Detect and prevent fraud
- Comply with legal and regulatory requirements
5. Consent & Marketing
Where we rely on your consent to process personal data (such as marketing emails), you may withdraw that consent at any time. You can do this by clicking the unsubscribe link in any marketing email, or by contacting us directly at hello@wema.co.uk.
Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
6. Shopify & Payment Processing
Our store is hosted on Shopify Inc. Shopify provides the e-commerce platform that enables us to sell products and services to you. Your data is stored through Shopify's data storage, databases, and application on secure servers protected by firewalls.
Payment
If you use a direct payment gateway to complete your purchase, Shopify processes and stores your payment card data. This data is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Transaction data is retained only for as long as necessary to complete the transaction.
For more information, see Shopify's Privacy Policy and Terms of Service.
7. Third-Party Services
We use the following third-party services that may process your personal data:
| Service | Purpose | Data Processed |
|---|---|---|
| Shopify | E-commerce platform, hosting, payment processing | Order data, account data, payment data |
| Google Analytics | Website analytics and usage reporting | IP address (anonymised), browsing behaviour, device data |
| Shipping providers | Order delivery | Name, delivery address, phone number |
These providers only process your information to the extent necessary to perform the services they provide. Each provider has their own privacy policy governing their handling of your data.
When you click on links that take you away from our website, you are no longer governed by this Privacy Policy. We encourage you to read the privacy statements of any third-party websites you visit.
8. Cookies
Cookies are small text files placed on your device when you visit our website. We use the following types of cookies:
Essential Cookies (Shopify)
These are necessary for the website to function and cannot be switched off. They include:
| Cookie | Purpose | Duration |
|---|---|---|
| _session_id | Stores session information (referrer, landing page) | Session |
| _secure_session_id | Secure session management | Session |
| cart | Stores shopping cart contents | 2 weeks |
| storefront_digest | Verifies access if store is password-protected | Indefinite |
Analytics Cookies (Google Analytics)
These cookies help us understand how visitors use our website. Data is anonymised and used solely for analytics purposes. These cookies are only set with your consent.
| Cookie | Purpose | Duration |
|---|---|---|
| _ga | Distinguishes unique visitors | 2 years |
| _ga_[ID] | Maintains session state | 2 years |
You can manage your cookie preferences through the cookie consent banner on our website, or by adjusting your browser settings. Please note that disabling essential cookies may affect the functionality of our store.
9. International Data Transfers
As our store is hosted on Shopify and we use Google Analytics, your personal data may be transferred to and stored in countries outside the United Kingdom, including the United States and Canada.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including Shopify's compliance with recognised data protection frameworks and the use of Standard Contractual Clauses where applicable.
10. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Order and transaction data is retained for 6 years to comply with HMRC tax and accounting requirements.
- Marketing consent records are retained for as long as you remain subscribed, plus 12 months after unsubscribing.
- Website analytics data is retained in anonymised form in accordance with our Google Analytics configuration.
- Customer account data is retained until you request its deletion.
11. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can ask us to correct any inaccurate or incomplete data.
- Right to erasure — You can request that we delete your personal data, subject to our legal obligations.
- Right to restrict processing — You can ask us to limit how we use your data in certain circumstances.
- Right to data portability — You can request your data in a structured, machine-readable format.
- Right to object — You can object to processing based on legitimate interest or for direct marketing purposes.
- Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at hello@wema.co.uk. We will respond to your request within one month.
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113.
12. Security
We take reasonable precautions and follow industry best practices to protect your personal information from unauthorised access, loss, misuse, or alteration. Our website uses SSL encryption, and all payment data is handled in compliance with PCI-DSS standards.
While no method of transmission over the internet is completely secure, we continually review and improve our security measures to protect your data.
13. Children's Privacy
Our website and products are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can take appropriate action.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.