Privacy policy

Privacy Policy

Last updated: 24 November 2025

This Privacy Policy sets out how Handy Brand Ltd (trading as “Handy Tags”) uses and protects any information that you give us when you use this website or our online store (together, the “Services”).

Handy Tags operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience. Our store is powered by Shopify, which enables us to provide the Services to you.

Handy Tags is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using the Services, then you can be assured that it will only be used in accordance with this Privacy Policy.

Handy Tags may change this policy from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes. Where required by law, we will notify you of material changes.

By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described here.

Contact Details & Data Controller

Handy Tags is operated by:

Handy Brand Ltd
The Manager
Unit 6, Harbour Road Trading Estate
Portishead, Bristol, BS20 7BL
United Kingdom

Email: info@handytags.co.uk
Tel: 01275 460 517

For the purposes of applicable data protection laws (including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018), Handy Brand Ltd is the data controller of your personal information in connection with the Services we provide.

How Do We Collect Information?

We collect personal information about you in a number of ways:

1. Information you provide directly (“Directly Provided Data”)

For example, when you:

  • Create an account on our website
  • Place an order
  • Fill in forms (such as checkout, contact forms or account registration)
  • Sign up to our newsletter
  • Contact us by email, phone or post
  • Take part in promotions, surveys or competitions

All this information requires a direct action by you in order for us to receive it.

2. Information you allow us to obtain from other accounts (“User Authorised Data”)

Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your accounts with those services, such as social media platforms or review platforms.

3. Information collected automatically through the Services

When you visit or use our website or online store, we and our service providers (including Shopify) automatically collect certain information using cookies and similar technologies. This may include:

  • Device and browser details
  • IP address and approximate location
  • Pages viewed, links clicked, time spent on pages
  • Items viewed, added to basket or wishlist, and purchases made

For more information, see the Cookies section and our dedicated Cookies page.

4. Information from service providers and partners

We may receive information about you from:

  • Payment providers (e.g. confirmation that a payment was successful)
  • Delivery and logistics partners
  • Analytics and marketing platforms
  • Shopify and other technology providers that support the Services

Types of Personal Data Collected – What We Collect

Depending on how you interact with us and the Services, we may collect and process the following types of personal information:

  • Contact details: full name, email address, phone number
  • Addresses: billing and shipping addresses, including postcode
  • Account information: username, password, preferences, saved addresses and settings
  • Order / transaction information:
    • Items viewed, added to basket, wishlisted or purchased
    • Order history, transaction details, returns, exchanges and cancellations
    • Invoice values and payment status
  • Payment information:
    • Form of payment, payment confirmation and other payment details
    • We do not store full card details on our servers – these are processed securely by our payment gateway/Shopify Payments.
  • Marketing and communication preferences (e.g. newsletter opt-in status)
  • Demographic information and interests where provided (for example, via surveys or promotions)
  • Communications with us: emails, messages and phone call notes relating to customer support or order queries
  • Device and usage information: IP address, device identifiers, browser type and version, operating system, and log data on how you navigate and interact with our site (pages viewed, time on page, clicks, etc.)

We do not intentionally collect special categories of data (such as health data, political opinions, religious beliefs, etc.) through the Services.

Legal Basis and Purposes – What We Do With Your Information

We process your personal information under the UK GDPR on the following legal bases:

  • Performance of a contract: to process and fulfil your orders, manage your account, and provide customer service.
  • Legitimate interests: to run and improve our business, including analytics, fraud prevention, and certain direct marketing activities (where permitted by law).
  • Consent: where required for specific activities, such as email marketing via newsletter sign-up.
  • Compliance with legal obligations: to comply with tax, accounting and other legal or regulatory requirements.

In particular, we use your information for the following purposes:

1. Providing, tailoring and improving the Services

  • Processing your orders and payments
  • Fulfilling your purchases, including printing and dispatch of goods
  • Handling returns, exchanges and refunds
  • Managing your customer account and preferences
  • Providing a customised shopping experience (e.g. recommended products, saved basket items)
  • Improving our products, services and website based on usage data and feedback

2. Customer support and communication

  • Responding to your queries via email, phone or other channels
  • Providing order updates (e.g. order confirmation, shipping notifications)
  • Administering your account and resolving any issues

3. Marketing and promotional communications

  • Sending newsletters and promotional emails only where you have explicitly consented, for example by signing up to our email list (e.g. via Mailchimp).
  • Showing relevant ads or remarketing messages through online advertising platforms based on interactions with our site and products.

You can withdraw your consent to marketing at any time by clicking the “unsubscribe” link in our emails or contacting us directly.

4. Security and fraud prevention

  • Authenticating your account and preventing unauthorised access
  • Detecting and investigating fraud, abuse or other suspicious activity
  • Protecting the security and integrity of our website, systems and customers

5. Legal, regulatory and business reasons

  • Complying with applicable laws, regulations and court orders
  • Responding to lawful requests from public authorities
  • Exercising or defending legal claims
  • Managing business transfers (e.g. merger, acquisition or sale of assets)

Data Retention – How Long Do We Keep Your Data?

We will not retain your personal information longer than necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.

In general:

  • We keep account and order information for as long as your account remains active and for a period afterwards where required by tax and accounting rules (typically up to 6 years under UK law).
  • If you contact our customer care team, we may retain communications for as long as needed for support-related reporting and trend analysis.
  • Google Analytics and similar cookie-based data are retained in line with our analytics configuration; for Google Analytics we currently set data retention to 14 months.
  • Marketing consent and unsubscribe preferences are kept so that we can honour your choices.

If legally required, or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period after it is no longer needed to provide the Services.

Data Sharing and Third Parties

We only share your personal information with trusted third parties where necessary, and always under appropriate safeguards.

We may share your personal data with:

  • Shopify – which hosts our store and processes data to provide the ecommerce platform, payments (where Shopify Payments is used), order management and technical infrastructure.
  • Payment service providers – for secure processing of your payments (card providers, PayPal, etc.).
  • Delivery and logistics partners – to deliver your orders (e.g. couriers and postal services).
  • IT, hosting and security providers – including content delivery networks such as Cloudflare, to keep the site fast and secure.
  • Analytics and marketing partners – for example Google Analytics, Meta, or email marketing platforms (such as Mailchimp) who help us measure performance and send communications where you have consented.
  • Website development and digital marketing agencies – who provide development, SEO, PPC and related services and may access limited data (e.g. order or customer data segments) to improve the website and marketing performance.

We have appropriate Data Processing Agreements in place with our processors, including Shopify, Cloudflare and marketing/IT partners, to ensure they handle your personal data in line with UK GDPR and similar laws. They are not permitted to use your data for their own purposes without a separate lawful basis.

We may also disclose your information:

  • Where you have asked us or given consent to do so (e.g. social media or review widgets).
  • To our professional advisers (such as accountants or lawyers) where necessary.
  • If we are involved in a business transaction (e.g. merger, acquisition or sale of assets).
  • To law enforcement or regulatory bodies where required by law or to protect our rights, our customers or the public.

We do not sell your personal information to third parties.

Relationship with Shopify

Our store and checkout are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the ecommerce platform.

Information you submit to our store (for example, at checkout or when creating an account) will be transmitted to and processed by Shopify, and may be shared by Shopify with certain third parties in order to provide core platform services (for example, payment processing, fraud detection and infrastructure hosting).

To help protect, grow and improve the Shopify platform and merchants’ businesses, Shopify may also use data from interactions with our store together with data from other merchants and users. In those cases, Shopify is responsible for that processing and for responding to any rights requests that relate to Shopify’s own use of the data.

To learn more about how Shopify uses your personal information, and how to exercise your rights in relation to Shopify’s processing, please see the Shopify Consumer Privacy Policy and Shopify’s privacy portal at: https://privacy.shopify.com/en

International Data Transfers

Handy Tags is based in the United Kingdom, but some of our service providers operate globally.

This means that your personal information may be transferred to, stored or processed in countries outside of the UK and European Economic Area (EEA). In particular:

  • Shopify operates data centres and services in multiple locations.
  • Cloudflare, as a global Content Delivery Network (CDN), may route traffic through servers in various countries to provide performance and security services.

Where we transfer your personal information outside the UK or EEA, we will:

  • Rely on an adequacy decision (where the destination country has been officially recognised as providing an adequate level of protection); or
  • Use appropriate safeguards, such as the European Commission Standard Contractual Clauses or the equivalent UK International Data Transfer Agreement/Addendum; or
  • Ensure another legally recognised mechanism is in place to protect your data.

You can learn more about Cloudflare’s data protection commitments in their Data Processing Addendum and privacy documentation, and about Shopify’s data transfers in their privacy policy.

Your Rights as a Data Subject

Under the UK GDPR and, where applicable, EU GDPR or other local laws, you may have some or all of the following rights in relation to your personal information:

  • Right of access / right to know – to request confirmation of whether we process your personal information and to receive a copy of the personal data we hold about you.
  • Right to rectification – to have inaccurate or incomplete personal information corrected.
  • Right to erasure (“right to be forgotten”) – to request deletion of your personal data where there is no overriding reason for us to keep it (for example, where it is no longer necessary for the purpose collected, or where you withdraw consent and there is no other legal basis).
  • Right to restrict processing – to request that we suspend processing of your personal data in certain circumstances (for example, while the accuracy of the data is being checked).
  • Right to data portability – to receive your personal information in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller.
  • Right to object – to object to our processing of your personal data where we are relying on legitimate interests (including for certain direct marketing).
  • Right to withdraw consent – where we rely on consent (e.g. for email marketing), you can withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

You also have the right not to be discriminated against for exercising your data protection rights.

We may need to verify your identity before responding to certain requests. In some cases, we may be unable to fully comply with your request, for example where we have overriding legal obligations; if so, we will explain this to you.

To exercise any of these rights, please contact us at info@handytags.co.uk.

For information on how Shopify handles rights requests relating to its own use of your data (for example where Shopify aggregates or uses data cross-merchant), please see: https://privacy.shopify.com/en

Controlling Your Personal Information

In addition to your rights listed above:

  • You can access and update your details by logging into your account or by contacting our customer services team.
  • You can ask us to close your account by emailing info@handytags.co.uk. If you do so, your account will be deactivated. We may retain some information as required by law or for legitimate business purposes (for example, to help prevent fraud).
  • You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link at the bottom of our emails or contacting us directly.
  • We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

If you believe that any information we are holding about you is incorrect or incomplete, please write to or email us as soon as possible and we will promptly correct any errors.

Registration Forms

Any information you provide when completing registration or account forms is used only to manage your account and provide the Services. Handy Tags will not sell or rent your personally identifiable information gathered as a result of filling out site registration forms.

Children’s Data

Our Services are not intended for use by children, and we do not knowingly collect personal information from anyone under the age of majority in their jurisdiction (typically 18 in the UK).

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@handytags.co.uk so that we can delete such information where required.

As of the date of this Privacy Policy, we do not have actual knowledge that we process personal information of individuals under 16 for targeted advertising or similar activities governed by special rules in some jurisdictions.

Security Measures

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational measures, including:

  • Secure servers and firewalls
  • Encryption in transit where appropriate (e.g. HTTPS / TLS)
  • Access controls and authentication procedures
  • Regular review of our security practices and our processors’ security standards

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we work hard to protect your personal information, we cannot guarantee absolute security. We recommend that you keep your account credentials safe and do not share your password with anyone.

Cookies

A cookie is a small file which asks permission to be placed on your device. Cookies and similar technologies:

  • Help us analyse web traffic and usage patterns
  • Allow the web application to tailor operations to your needs and preferences
  • Are used by us and our partners (including Shopify and analytics/advertising providers) to understand performance and, where applicable, show more relevant ads

You can control cookies through:

  • Your browser settings (for example, blocking or deleting cookies)
  • Any consent or cookie-banner tools we provide on our site
  • Opt-out mechanisms provided by specific platforms (e.g. Google Ads settings)

For more detailed information about the cookies we use and how to manage them, please see our dedicated Cookies page.

Third-Party Websites and Links

Our website may contain links to other websites of interest or to third-party platforms (such as social networks or review sites). Once you use these links to leave our site, you should note that we do not have any control over those websites or how they handle your personal data.

We are not responsible for the privacy or security of any information you provide while visiting such sites, and such sites are not governed by this Privacy Policy. You should exercise caution and review the privacy policy applicable to the website or platform in question.

Information you post in public or semi-public areas (including third-party social networks) may also be visible to other users and can be used by us or third parties in ways beyond our control.

Changes to This Privacy Policy

This Privacy Policy replaces previous versions for Handy Tags.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other operational needs. When we do so, we will:

  • Update the “Last updated” date at the top of this page; and
  • Take any additional steps required by law (for example, providing a prominent notice on the website or seeking your consent again where necessary).

Your continued use of our website and Services following any updates constitutes your acceptance of the revised Privacy Policy.

Complaints and Contacting the Supervisory Authority

If you have any concerns or complaints about how we handle your personal data, please contact us first at info@handytags.co.uk so that we can try to resolve the issue informally. We aim to respond promptly and fairly to all complaints.

If you are not satisfied with our response or believe that we are processing your personal data in a manner that is not in accordance with the UK GDPR or the Data Protection Act 2018, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection.

Details on how to raise a concern can be found on the ICO’s website (www.ico.org.uk) or by contacting them directly.