Privacy Policy

Letters from Grandma

1. Introduction

Welcome to Letters from Grandma (“we”, “us”, “our”).

We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, and protect your personal data when you use our services or visit our website.

2. Data Controller

Letters from Grandma is the data controller responsible for your personal data.

3. The Personal Data We Collect

We may collect, use, store, and transfer the following types of personal data:

a. Identity Data

  • Full name (customer and recipient)

b. Contact Data

  • Billing address

  • Delivery address

  • Email address

c. Order & Personalisation Data

  • Names and details of letter recipients (e.g. children)

  • Personal messages, preferences, and custom content provided by you

  • Occasion details (e.g. birthdays, holidays)

d. Financial Data

  • Payment details (processed securely via third-party payment providers; we do not store full card details)

e. Technical Data

  • IP address

  • Browser type and version

  • Device and usage information

f. Marketing Data

  • Preferences for receiving marketing communications

4. How We Collect Your Data

We collect data through:

  • Direct interactions (placing orders, filling forms, contacting us)

  • Automated technologies (cookies and analytics tools)

  • Third-party providers (e.g. payment processors)

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and deliver your orders

  • To personalise letters and fulfil your requests

  • To communicate with you about your order

  • To manage payments and refunds

  • To improve our services and website

  • To send marketing communications (only where permitted)

6. Lawful Basis for Processing

We rely on the following legal bases under UK GDPR:

  • Contract – to fulfil your order and provide our services

  • Legitimate Interests – to operate and improve our business

  • Consent – for marketing communications and optional data

  • Legal Obligation – to comply with applicable laws

7. Children’s Data

Our services may involve personal data relating to children (e.g. names and preferences for personalised letters).

We only process this data where it is provided by a parent or guardian and solely for the purpose of delivering our services.

8. Data Sharing

We may share your personal data with:

  • Payment service providers (e.g. Stripe, PayPal)

  • Delivery and postal services

  • IT and website service providers

  • Professional advisers (e.g. accountants, legal advisors)

All third parties are required to respect the security of your personal data and process it lawfully.

9. International Transfers

Some of our service providers may be based outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations

  • Standard contractual clauses

10. Data Security

We implement appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

These measures include secure systems, restricted access, and encryption where appropriate.

11. Data Retention

We retain personal data only as long as necessary to:

Fulfil your order

  • Meet legal, tax, and accounting requirements

  • Resolve disputes and enforce agreements

Order-related data is typically retained for up to 6 years to comply with UK legal obligations.

12. Your Legal Rights

Under UK GDPR, you have rights including:

  • Access to your personal data

  • Correction of inaccurate data

  • Erasure of your data

  • Restriction or objection to processing

  • Data portability

  • Withdrawal of consent at any time

To exercise your rights, contact us in above form

13. Cookies

We use cookies and similar technologies to:

  • Ensure website functionality

  • Analyse website traffic

  • Improve user experience

You can manage cookie preferences through your browser settings.

A separate Cookie Policy may be provided where required.

14. Marketing Communications

You will only receive marketing communications from us if:

  • You have requested information or made a purchase, and/or

  • You have opted in to receive marketing

You can opt out at any time by:

  • Clicking “unsubscribe” in emails

  • Contacting us directly

15. Complaints

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)

Website: https://www.ico.org.uk

We would appreciate the chance to address your concerns before you approach the ICO.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Any changes will be posted on this page with an updated revision date.

17. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us via the form above.