Skip to content

Cart

Your cart is empty

Privacy Policy

Last updated: May 2026

At Harlow London, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and share your personal information when you visit our website at harlowlondon.uk or make a purchase from us.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Please read it carefully before using our website or placing an order.

If you have any questions about this policy, please contact us at support@harlowlondon.uk.


1. Who We Are

Harlow London is the data controller responsible for your personal data.

  • Trading name: Harlow London
  • Website: harlowlondon.uk
  • Email: support@harlowlondon.uk
  • Country of operation: United Kingdom

As the data controller, we determine the purposes and means by which your personal data is processed. Our website is hosted by Shopify Inc., who acts as a data processor on our behalf. Shopify's role in handling your data is governed by their Data Processing Addendum.


2. What Personal Data We Collect

When you visit our website or place an order, we may collect the following categories of personal data:

Identity & Contact Information

  • Full name
  • Email address
  • Telephone number (if provided)
  • Billing and delivery address

Order & Transaction Information

  • Products purchased
  • Order value and payment details (processed securely via Shopify Payments or PayPal — we do not store full card details)
  • Order history and correspondence

Technical & Browsing Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited on our website
  • Referring website
  • Cookies and tracking data (see Section 7)

Marketing Preferences

  • Whether you have opted in to receive marketing emails
  • Your communication preferences

3. How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you — when you place an order, create an account, contact us, or sign up to our mailing list
  • Automatically — through cookies and tracking technologies when you browse our website
  • From third parties — including Shopify (our platform provider), payment processors (PayPal, Shopify Payments), and advertising platforms (Meta/Facebook, Google) where you interact with our ads

4. Why We Use Your Data (Legal Basis)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Purpose Legal Basis
Processing and fulfilling your order Contract performance
Sending your order confirmation and dispatch notifications Contract performance
Sharing your delivery address with our fulfilment supplier Contract performance
Fraud prevention and security Legitimate interests
Improving our website and customer experience Legitimate interests
Sending marketing emails (if you opted in) Consent
Complying with legal obligations (e.g. tax records) Legal obligation
Personalised advertising on Meta and Google Consent

You may withdraw your consent at any time (see Section 9 — Your Rights).


5. How We Share Your Data

We do not sell your personal data. We may share it with the following categories of third parties, strictly for the purposes set out in this policy:

Shopify Inc. Our website is built and hosted on Shopify. Shopify processes your data to operate our store, process payments and manage orders. Shopify is certified under recognised data protection frameworks. More information: Shopify Privacy Policy.

Fulfilment Suppliers When you place an order, your name and delivery address are shared with our fulfilment partner(s) to process and ship your order. Our suppliers may be located outside the UK, including in countries such as China or the European Union. Where data is transferred internationally, appropriate safeguards are in place in accordance with UK GDPR requirements.

Payment Processors Payment transactions are processed by Shopify Payments and/or PayPal. These providers handle your payment details securely. We do not store your full card details. Please refer to their respective privacy policies for information on how they handle your payment data.

Marketing Platforms If you have consented to personalised advertising, limited data (such as hashed email addresses or browsing behaviour via the Meta Pixel or Google Tag) may be shared with Meta (Facebook/Instagram) and Google for advertising purposes. You can opt out at any time via your account settings or our cookie banner.

Legal Authorities We may disclose your data to law enforcement, regulatory bodies or courts where required by law or to protect our legal rights.

We do not share your data with any other third parties without your explicit consent.


6. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes set out in this policy:

Data Type Retention Period
Order and transaction records 7 years (required by HMRC for tax purposes)
Customer account data Until account deletion is requested
Marketing preferences Until you unsubscribe or withdraw consent
Technical/browsing data (cookies) As specified in our Cookie Policy (see Section 7)
Support correspondence 2 years from last contact

When data is no longer needed, we securely delete or anonymise it.


7. Cookies

Our website uses cookies — small text files placed on your device — to improve your experience, analyse traffic and deliver relevant advertising.

We use the following types of cookies:

Essential cookies — required for the website to function (e.g. shopping cart, checkout). These cannot be disabled.

Analytics cookies — help us understand how visitors use our website (e.g. Google Analytics). These are only placed with your consent.

Marketing cookies — used to deliver personalised ads on platforms such as Facebook and Google (e.g. Meta Pixel, Google Tag). These are only placed with your consent.

You can manage your cookie preferences at any time via the cookie banner displayed when you first visit our website, or through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

For more information, please see our full Cookie Policy.


8. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These include:

  • SSL/TLS encryption for all data transmitted to and from our website
  • Secure hosting via Shopify's PCI-DSS compliant infrastructure
  • Restricted access to personal data within our organisation
  • Regular review of our data handling practices

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals where required by law.


9. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectification — you can ask us to correct inaccurate or incomplete data.

Right to erasure — you can ask us to delete your personal data in certain circumstances (the "right to be forgotten").

Right to restriction — you can ask us to restrict how we use your data in certain circumstances.

Right to data portability — you can request your data in a structured, commonly used and machine-readable format.

Right to object — you can object to us processing your data for direct marketing purposes or where we rely on legitimate interests.

Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

Rights related to automated decision-making — you have the right not to be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, please contact us at support@harlowlondon.uk. We will respond within one calendar month of receiving your request, in accordance with UK GDPR requirements.

We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.


10. Marketing Communications

If you have opted in to receive marketing emails, we will send you information about new products, promotions and offers from Harlow London.

You can unsubscribe at any time by:

  • Clicking the "Unsubscribe" link at the bottom of any marketing email
  • Emailing us at support@harlowlondon.uk with the subject line "Unsubscribe"

We will process your unsubscribe request promptly. Please note that you may still receive transactional emails (such as order confirmations and dispatch notifications) after unsubscribing from marketing.


11. International Data Transfers

Some of our third-party service providers and fulfilment partners are located outside the United Kingdom. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved under UK data protection law
  • Transfers to countries with an adequacy decision from the UK Government

For more information on the safeguards in place for international transfers, please contact us at support@harlowlondon.uk.


12. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.


13. ICO Registration & Complaints

We are registered with the Information Commissioner's Office (ICO) as a data controller in accordance with the Data Protection Act 2018.

If you are unhappy with how we have handled your personal data or believe we have not complied with UK GDPR, you have the right to lodge a complaint with the ICO:

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 0303 123 1113 Website: www.ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us first at support@harlowlondon.uk.


14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will notify you by:

  • Updating the "Last updated" date at the top of this page
  • Sending an email notification to registered customers (for significant changes)

We encourage you to review this policy periodically. Continued use of our website after changes have been published constitutes your acceptance of the updated policy.


15. Contact Us

For any questions, requests or concerns relating to this Privacy Policy or how we handle your personal data, please contact us:

Email: support@harlowlondon.uk Response time: Within 1–2 business days, Monday to Friday


Harlow London is committed to full compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).