Privacy Policy

Effective date

22 December 2025

1. Who we are and how to contact us

WeenGrave operates the website weengrave.co.uk and is the data controller for the personal data described in this policy. If you have questions about this policy or how we use your data, contact us at privacy@weengrave.co.uk.

2. What this policy covers

This policy explains what personal data we collect when you visit weengrave.co.uk, create an account, place an order, contact us, subscribe to marketing, or interact with our services; why and how we process it; our legal bases; who we share it with; how long we keep it; your rights; our use of cookies and similar technologies; international data transfers; and how to contact our Data Protection Officer (DPO).

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where applicable, we also comply with the EU GDPR for individuals in the European Economic Area (EEA).

3. Personal data we collect

  • Identity and contact data: name, email address, phone number, billing and delivery addresses.
  • Account data: username, password (stored in hashed form), preferences, saved items.
  • Order and transaction data: items purchased, engraving or customisation details you provide, order notes, prices, currency, delivery instructions. We do not store full payment card numbers; payments are processed securely by payment providers.
  • Communications: inquiries, support requests, feedback, and correspondence (including metadata such as time and date).
  • Marketing preferences: your choices about receiving marketing emails or SMS and your opt-in/opt-out records.
  • Device and usage data: IP address, device identifiers, browser type and version, operating system, referring URLs, pages viewed, actions taken, session duration, and diagnostic logs.
  • Cookies and similar technologies: identifiers and preferences stored or read on your device (see section 5).
  • User-generated content: text, images, or files you upload for custom work (e.g., designs or engraving text). Please avoid sharing special category data (e.g., health, religion) in design files unless strictly necessary.
  • Approximate location: derived from your IP address for fraud prevention, localisation, and analytics.

4. Why we process your data and our legal bases

We only process personal data where a legal basis applies under UK GDPR:

  • To operate our website and provide our services:
    • Creating and managing your account; enabling browsing, basket, checkout, and order fulfilment.
    • Legal basis: performance of a contract or steps before entering into a contract; our legitimate interests in running an efficient, user-friendly service.
  • To process and deliver your orders:
    • Order confirmation, payment handling, production of customised items, shipping, returns, and refunds.
    • Legal basis: performance of a contract; legal obligations (consumer protection, tax, accounting); legitimate interests in quality control and customer experience.
  • Payments and fraud prevention:
    • Processing via secure payment providers; fraud checks and chargeback handling.
    • Legal basis: performance of a contract; legitimate interests in preventing fraud and securing our services; legal obligations.
  • Customer support and communications:
    • Responding to inquiries, providing after-sales support, and resolving issues.
    • Legal basis: performance of a contract; legitimate interests in providing support and improving services.
  • Marketing and personalisation:
    • Sending newsletters and offers; showing recommendations; measuring campaign performance.
    • Legal basis: your consent (e.g., email marketing to non-customers, non-essential cookies); legitimate interests for direct marketing to existing customers about similar products (soft opt-in), subject to your right to opt out at any time.
  • Analytics and service improvement:
    • Understanding site performance and user interactions to improve features and usability.
    • Legal basis: your consent for non-essential cookies/technologies; legitimate interests for aggregated, low-privacy-impact measurements where permitted.
  • Security and integrity:
    • Monitoring, detecting, and preventing security incidents and misuse; maintaining backups and logs.
    • Legal basis: legitimate interests in securing our systems and users; legal obligations.
  • Legal compliance and claims:
    • Complying with laws, responding to lawful requests, and establishing, exercising, or defending legal claims.
    • Legal basis: legal obligations; legitimate interests.

Where we rely on consent, you can withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

5. Cookies and similar technologies

Cookies are small files stored on your device that help our site function and improve your experience. We use:

  • Strictly necessary cookies: enable core functions such as security, network management, authentication, basket, and checkout. These are essential and do not require consent.
  • Performance and analytics cookies: help us understand how the site is used to improve performance and usability. These are used with your consent.
  • Functional cookies: remember choices (e.g., language, preferences). Used with your consent where not strictly necessary.
  • Advertising/marketing cookies: personalise offers and measure marketing effectiveness. Used with your consent.

Control: You can accept, reject, or change non-essential cookie preferences through our cookie banner at any time. You can also control cookies via your browser settings (e.g., to block or delete cookies). Blocking some cookies may affect site functionality. Non-essential cookies will not be set unless and until you consent.

Typical lifespans: session cookies last only while your browser is open; persistent cookies may last between 1 month and 24 months unless you delete them earlier. Similar technologies (such as local storage or pixels) may be used for the same purposes.

6. How long we keep your data

We keep personal data only for as long as needed for the purposes set out above, and to meet legal, accounting, or reporting requirements:

  • Customer accounts: active for as long as you use the account; if inactive, we may delete or anonymise after 24 months. Core transaction records linked to the account may be retained for legal obligations.
  • Orders and invoices: 6 years from the end of the financial year in which the transaction occurred (to comply with tax and accounting laws).
  • Customer support records: up to 2 years after the case is closed, unless needed longer for legal claims.
  • Marketing data: until you withdraw consent or object; we maintain suppression (opt-out) records to respect your choices.
  • Device logs and security logs: typically up to 12 months, longer if needed to investigate incidents.
  • Cookie data: per the lifespans described in section 5 or until you clear your browser storage or withdraw consent.
  • User-generated content for custom work: retained as necessary to fulfil your order and warranty/returns window, typically up to 24 months unless you request earlier deletion where feasible.

7. Who we share your data with

We do not sell your personal data. We share data with trusted recipients for the purposes described above, under contracts that protect your information:

  • Payment service providers to process payments securely and manage fraud/chargebacks.
  • Production and fulfilment partners to make and deliver customised items.
  • Couriers and postal services to deliver orders.
  • IT and cloud service providers for hosting, storage, email, content delivery, and security.
  • Analytics and marketing service providers (for consented activities).
  • Professional advisers (lawyers, accountants, auditors) and insurers.
  • Law enforcement, regulators, courts, or other third parties when required by law or to protect rights, safety, or property.
  • Successors in the event of a merger, acquisition, or business reorganisation, subject to continued protection of your data.

8. International transfers

Some recipients and service providers may be located outside the UK and the EEA. Where we transfer personal data internationally, we ensure an appropriate level of protection by using one or more of the following safeguards:

  • Adequacy regulations or decisions recognising that the destination country ensures an adequate level of protection.
  • Standard Contractual Clauses (SCCs) approved by the European Commission together with the UK Addendum, or the UK International Data Transfer Agreement (IDTA), as applicable.
  • The UK–US Data Bridge where applicable for transfers to certified US organisations.
  • Additional technical and organisational measures such as encryption, access controls, and data minimisation.

9. Your rights

Subject to the law and certain exceptions, you have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data (the “right to be forgotten”).
  • Restrict processing in certain circumstances.
  • Data portability: receive data you provided in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Object to processing based on legitimate interests, including profiling; and object at any time to direct marketing (including profiling related to direct marketing).
  • Withdraw consent where processing is based on your consent.
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects, unless permitted by law and subject to safeguards.

To exercise your rights, contact privacy@weengrave.co.uk. We may need to verify your identity. We aim to respond within one month, or as permitted by law. You can opt out of marketing at any time using the unsubscribe instructions in our messages or by contacting us.

10. How we protect your data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include TLS encryption in transit, strict access controls, password hashing, role-based permissions, data minimisation, staff training, secure development practices, regular backups, monitoring, and vendor due diligence. While no system is perfectly secure, we act promptly to address risks. If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals.

11. Children’s privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps.

12. Automated decision-making

We do not carry out solely automated decision-making that produces legal effects or similarly significant effects on you. If this changes, we will provide you with meaningful information about the logic involved and your rights.

13. Complaints and your right to contact the ICO

If you have concerns about how we handle your data, please contact us first at privacy@weengrave.co.uk and we will try to resolve them. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

  • ICO helpline: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are in the EEA, you may also complain to your local data protection authority.

14. Changes to this policy

We may update this privacy policy to reflect changes in our practices, technologies, or legal requirements. We will post the updated version here with a new effective date. Material changes may also be communicated by email or prominent notice on our website.

15. Data Protection Officer (DPO) contact

We have appointed a Data Protection Officer who oversees our data protection compliance. You can contact our DPO at privacy@weengrave.co.uk.

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 WeenGrave