Jonathan Smithies — Wildlife & Woodwork

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Jonathan Smithies (“we”, “us”, “our”) collects, uses, and protects your personal information when you visit this website or place an order. We are committed to handling your data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The data controller is Jonathan Smithies, a sole trader based in the United Kingdom. If you have any questions about how we handle your data, please contact us.

2. What Data We Collect

When you place an order, we collect:

  • Your full name and email address
  • Your delivery address (for orders requiring delivery)
  • Your order details and payment confirmation (we do not store card numbers — payments are handled by Stripe)

When you use the contact form, we collect your name, email address, and the contents of your message.

We also automatically collect basic technical data such as your IP address for security and fraud-prevention purposes (stored in our audit logs).

3. How We Use Your Data

Fulfilling your order — We use your name, email, and address to process and dispatch your order and to send you an order confirmation. Legal basis: performance of a contract.

Customer service — We use your contact details to respond to enquiries and resolve any issues with your order. Legal basis: legitimate interests.

Legal and financial obligations — We retain order records to comply with UK tax law (HMRC). Legal basis: legal obligation.

Security and fraud prevention — We log IP addresses and certain actions to detect and prevent fraudulent activity. Legal basis: legitimate interests.

We do not use your data for marketing, profiling, or automated decision-making, and we will never sell your data to third parties.

4. Third Parties

We share your data with the following trusted service providers only to the extent necessary to operate the site:

  • Stripe — processes card payments securely. Stripe may transfer data outside the UK/EEA under appropriate safeguards. See Stripe's Privacy Policy.
  • Neon (database hosting) — stores order and customer data on secure cloud servers.
  • Cloudflare — provides CDN, image delivery, and DDoS protection.
  • Email provider — used to send order confirmations and contact form responses.

5. Cookies and Browser Storage

We do not use tracking cookies or advertising cookies. We use your browser's local storage solely to remember the contents of your shopping basket between visits. This is strictly functional and contains no personal information. It is not shared with any third party.

6. How Long We Keep Your Data

Order records (including your name, email, and address) are retained for 7 years from the date of the transaction to comply with HMRC financial record-keeping requirements. Contact form messages are retained only as long as necessary to resolve your enquiry. Audit log entries are retained for 12 months.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to our legal obligations to retain financial records)
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests

To exercise any of these rights, please contact us. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), secure database hosting, and access controls on all administrative systems. Payment card data is never stored on our servers — all card processing is handled directly by Stripe.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of the page reflects when it was last revised. Continued use of the site after any changes constitutes your acceptance of the updated policy.