Privacy policy

Effective Date: 25 August 2025

This Privacy Policy explains how Honest Scoop (“we”, “our”, “us”) collects, uses, discloses and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to safeguarding the privacy and rights of our customers, visitors and users of our website and services.

 

1. DATA CONTROLLER

Honest Scoop is the data controller of the personal data we process about you. This means that we decide how your personal data is collected, used and stored.

You may contact us regarding this Privacy Policy or your data protection rights at:
hello@honestscoop.com

 

2. PERSONAL DATA WE COLLECT

We may collect and process the following categories of personal data:

  • Identity and Contact Data: name, billing address, shipping address, email address, telephone number
  • Payment Data: payment card details and related transaction information (processed securely via our payment providers – we do not store full card details)
  • Account Data: login credentials, preferences, saved settings, order history.
  • Transaction Data: purchase records, returns, refunds, exchanges
  • Communication Data: information contained in correspondence with us, including email, telephone or live chat records
  • Technical Data: IP address, device identifiers, browser type, operating system, login data, time zone setting
  • Usage Data: information about how you use our website, including pages viewed, items added to basket, navigation paths, and interactions
  • Marketing and Communications Data: preferences in receiving marketing from us and your communication preferences

We do not intentionally collect special category data (such as health, political opinions, religious beliefs) or criminal offence data.

 

3. HOW WE COLLECT YOUR DATA

We collect your personal data from the following sources:

  • Directly from you when you create an account, place an order, sign up for marketing, or contact us
  • Automatically through cookies and similar technologies when you interact with our website
  • From service providers (including Shopify, payment processors, delivery partners) who support our operations
  • From publicly available sources where appropriate and lawful


4. PURPOSES AND LAWFUL BASES FOR PROCESSING

We process your personal data only where we have a lawful basis under UK GDPR. The purposes and corresponding lawful bases are:

Purpose of Processing

Lawful Basis

To register you as a customer, manage your account and fulfil your orders

Contractual necessity

To process payments, refunds and fraud prevention

Contractual necessity; Legitimate interests

To deliver your purchases, arrange returns and handle customer support

Contractual necessity

To send you service messages (e.g. order updates)

Contractual necessity

To send you marketing communications

Consent (where required); Legitimate interests

To personalise your shopping experience and improve our website

Legitimate interests

To comply with legal obligations (e.g. tax, accounting, regulatory compliance)

Legal obligation

To secure our website and prevent fraud or misuse

Legitimate interests

 

Where we rely on consent (e.g. for marketing emails or cookies), you may withdraw your consent at any time.


5. SHARING OF PERSONAL DATA

We may share your personal data with:

  • Shopify, our e-commerce platform provider, which processes data on our behalf
  • Payment processors and financial institutions
  • Delivery and fulfilment providers to deliver your orders
  • IT and cloud service providers who host and maintain our systems
  • Marketing service providers for email campaigns and analytics
  • Professional advisers including accountants, auditors and legal advisers
  • Regulators, authorities or law enforcement where required by law

We will never sell your personal data.


6. INTERNATIONAL TRANSFERS

Your personal data may be transferred outside the United Kingdom, including to Canada and the United States where Shopify and certain service providers are located.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • The UK International Data Transfer Agreement (IDTA); or
  • Standard Contractual Clauses (SCCs) approved by the European Commission and recognised by the UK Government; or
  • Transfers to countries with an adequacy decision from the UK Government


7. DATA RETENTION

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including to satisfy legal, accounting and reporting requirements.

In general:

  • Order and transaction records: 6 years from the end of the financial year of the transaction
  • Account data: until your account is closed or becomes inactive for more than 3 years
  • Marketing data: until you withdraw consent or unsubscribe


8. DATA SECURITY

We use appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration or destruction.

While we take reasonable steps to secure your information, no transmission over the internet can be guaranteed to be fully secure.


9. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to operate our website, analyse traffic, personalise content, and deliver relevant advertising.

  • Strictly necessary cookies – required for website functionality (e.g. checkout)
  • Functional cookies – to provide enhanced functionality and personalisation
  • Performance cookies – to understand how visitors use our website
  • Targeting cookies – to deliver personalised marketing

You can manage your cookie preferences through our cookie banner or browser settings.


10. YOUR DATA PROTECTION RIGHTS

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access – to obtain a copy of your personal data
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – to request deletion of your data where lawful
  • Right to restriction – to restrict our processing in certain circumstances
  • Right to data portability – to receive your data in a structured, commonly used format
  • Right to object – to object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent – where processing is based on your consent

You may exercise these rights by contacting us at hello@honestscoop.com. We may need to verify your identity before processing your request


11. COMPLAINTS

If you are concerned about how we process your personal data, please contact us in the first instance at hello@honestscoop.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113
www.ico.org.uk


12. CHILDREN'S DATA

Our services are not directed at, nor intended for, children under the age of 18. We do not knowingly collect personal data relating to children. If you believe a child has provided us with personal data, please contact us and we will delete it.


13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The updated version will be posted on our website with a revised “Effective Date.”


14. CONTACT US

If you have any questions about this Privacy Policy or your rights, please contact:

Honest Scoop
hello@honestscoop.com