top of page

Privacy Policy

Effective date: 20 February 2026
Last updated: 20 February 2026

1. Who We Are

Embers After Ltd (“we”, “us”, “our”) operates this online record shop.

We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR).

Contact details:
Business name: Embers After Ltd
Email: embersafter.records@gmail.com
Registered address: 90 Westland Drive, Hampshire, UK, PO13 8GJ

If you have any questions about this Privacy Policy or your personal data, please contact us using the details above.

2. What Personal Data We Collect

We may collect and process the following personal data:

Information you provide directly

  • Name

  • Email address

  • Phone number

  • Billing and shipping address

  • Account login details (if you create an account)

  • Any information you include in messages or enquiries

Order and transaction information

The personal data you provide to us through website forms (such as your name, email address, phone number), or when placing an order, will be used solely for the purposes of:

  • Responding to enquiries

  • Processing and fulfilling orders

  • Delivering goods to your address

  • Providing customer service related to your purchase

  • Complying with legal obligations (e.g., tax and accounting requirements)

We do NOT collect or store full payment card details. All payments are processed securely by our third-party payment providers.

We may have access only to limited transaction details, including:

  • Last four digits of the card number

  • Card expiry date

  • Card type (e.g., Visa, Mastercard)

  • Transaction ID and payment status (e.g., failed, successful)

  • Payment date and amount

  • Billing and shipping details

This information is used solely to confirm and manage orders and deliveries.

Technical information

When you visit our website, we may automatically collect:

  • IP address

  • Browser type and version

  • Device information

  • Pages visited and time spent

  • Referring website

This information is collected via cookies and similar technologies (see Section 9).

3. Lawful Bases for Processing (UK GDPR)

Under UK data protection law, we must have a lawful basis for processing your personal data. We rely on the following:

  • Contract – To process and fulfil your orders.

  • Legal obligation – To comply with tax, accounting and regulatory requirements.

  • Legitimate interests – To run and improve our business, prevent fraud, and maintain website security.

  • Consent – Where required (e.g., for marketing emails or certain cookies).

You may withdraw consent at any time where processing is based on consent.

4. How We Use Your Information

We use your personal data to:

  • Process and deliver orders

  • Provide customer support

  • Send order confirmations and service updates

  • Prevent fraud and maintain website security

  • Comply with legal and regulatory obligations

  • Improve our website and services

If you opt in to marketing communications, we may send you updates about new releases / preorders, restocks, or promotions. You can unsubscribe at any time.

5. Sharing Your Data

We ONLY share necessary personal data with trusted third parties required to operate our business, such as:

  • Payment processors

  • Delivery and courier services

  • IT and website service provider (Wix) to display orders in our admin panel, store customer accounts, send order confirmations, prevent fraud, maintain backups, and keep the site secure

These parties process data only on our instructions and in compliance with UK data protection laws.

We do NOT sell or rent your personal data to third parties.

6. International Data Transfers

Some of our service providers (such as Wix or our payment providers) may process data outside the UK.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTAs)

  • Standard Contractual Clauses (SCCs)

  • Transfers to countries deemed adequate by the UK Government

7. Data Retention

We retain personal data only as long as necessary to:

  • Fulfil the purposes we collected it for

  • Comply with legal obligations (e.g., tax records retained for at least 6 years in the UK)

  • Resolve disputes and enforce agreements

When data is no longer required, it is securely deleted or anonymised.

8. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request erasure (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent (where applicable)

To exercise your rights, contact us at embersafter@gmail.com 

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to resolve your concerns before you approach the ICO.

9. Cookies

Our website uses cookies and similar technologies to:

  • Ensure the website functions properly

  • Remember your preferences

  • Analyse website traffic

  • Improve user experience

Where required by law (under PECR), we will request your consent before placing non-essential cookies on your device.

You can control or disable cookies through your browser settings.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting

  • SSL encryption

  • Restricted access to customer data

  • Secure payment processing via third-party providers

While we take reasonable steps to protect your data, no internet transmission is completely secure.

11. Children’s Data

Our website and products are not directed at children under the age of 16.

We do NOT knowingly collect personal data from children under 16 without parental consent.

By placing an order on our website, you confirm that you are at least 18 years old or are using the website with the involvement and consent of a parent or guardian.

If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information and, where appropriate, cancel and refund any related order.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal or operational changes. The updated version will be posted on this page with a revised “Last updated” date.

bottom of page