Privacy Policy

Last updated: 2 April 2026

This Privacy Policy explains how Holden Grange Ltd ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit www.holdengrange.com (the "Site"), purchase from us, or otherwise interact with our services (the "Services").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)

Holden Grange Ltd is the data controller responsible for your personal data.

Registered address:
140 Norwood Road
Southport
PR8 6EH
United Kingdom

Email: marketing@holdengrange.com

2. Personal Data We Collect

a. Information You Provide

When you interact with us, we may collect:

  • Full name
  • Billing and delivery address
  • Email address and telephone number
  • Account login details
  • Order and transaction details
  • Customer service enquiries

b. Payment Information (Shopify Payments)

Payments are processed securely via Shopify Payments and third-party providers.

We do not store full card details. Payment providers collect:

  • Card or payment details
  • Billing address
  • Transaction data

These providers act as independent data controllers.

c. Automatically Collected Data

When you use our Site, we collect:

  • IP address
  • Device and browser type
  • Pages visited and time spent
  • Referral source

This is collected using cookies and tracking technologies.

d. Data from Third Parties

We may receive data from:

  • Shopify (website platform and hosting)
  • Payment processors
  • Analytics providers (e.g. Google Analytics)
  • Advertising platforms

3. How We Use Your Personal Data

We only process your data where we have a lawful basis under UK GDPR.

a. Contractual Necessity

To:

  • Process and fulfil orders
  • Manage your account
  • Provide customer support
  • Arrange delivery and returns

b. Legitimate Interests

To:

  • Improve our website and services
  • Prevent fraud and ensure security
  • Analyse user behaviour
  • Operate and grow our business

c. Consent

Where required, we rely on consent for:

  • Email marketing
  • SMS marketing
  • Non-essential cookies

You can withdraw consent at any time.

d. Legal Obligations

To comply with:

  • Tax and accounting requirements
  • Legal and regulatory obligations

4. Marketing Communications

You will only receive marketing communications if:

  • You have opted in, or
  • You are an existing customer and have not opted out

You can unsubscribe at any time by:

  • Clicking the unsubscribe link in emails
  • Contacting us directly

5. Cookies and Tracking Technologies

We use cookies to:

  • Enable website functionality
  • Remember your preferences
  • Analyse traffic and performance
  • Deliver personalised advertising

Shopify places essential cookies to ensure the site functions correctly.

Non-essential cookies (analytics and marketing) are only used with your consent via our cookie banner.

For more information:
https://www.shopify.com/legal/cookies

6. Sharing Your Personal Data

We may share your data with:

a. Shopify

Our website is hosted on Shopify Inc., which stores your data securely and processes it in accordance with its own privacy policy.

b. Service Providers

Including:

  • Payment processors
  • Delivery companies
  • IT and hosting providers
  • Marketing platforms

c. Legal Authorities

Where required by law or to protect our rights.

d. Business Transfers

In the event of a sale, merger, or restructuring.

7. International Data Transfers

Shopify and some of our service providers may process your data outside the UK.

Where this happens, we ensure appropriate safeguards are in place, including:

  • UK-approved Standard Contractual Clauses
  • Transfers to countries with adequacy decisions

8. Data Retention

We retain personal data only as long as necessary to:

  • Fulfil orders and provide services
  • Meet legal obligations (e.g. HMRC requirements)
  • Resolve disputes

Typically:

  • Order data: up to 6 years (legal requirement)
  • Marketing data: until you withdraw consent

9. Your Rights (UK GDPR)

You have the right to:

  1. Access your personal data
  2. Correct inaccurate data
  3. Request erasure ("right to be forgotten")
  4. Restrict processing
  5. Data portability
  6. Object to marketing
  7. Withdraw consent

To exercise your rights, contact us at:
marketing@holdengrange.com

We may request proof of identity before responding.

10. Data Security

We implement appropriate technical and organisational measures to protect your data.

However:

  • No system is completely secure
  • Data transmission over the internet is at your own risk

11. Third-Party Links

Our Site may contain links to third-party websites. We are not responsible for their privacy practices.

12. Children’s Privacy

Our Services are not intended for individuals under 16.

We do not knowingly collect personal data from children.

13. Complaints

If you are not satisfied with how we handle your data, you can contact us.

You also have the right to complain to the:

Information Commissioner’s Office (ICO)
https://www.ico.org.uk

14. Updates to This Policy

We may update this policy from time to time. Changes will be posted on this page with a revised date.