Privacy policy

Last updated: January 14, 2026

Nicky Web Designs operates this store and website, including all related information, content, features, tools, products, and services (the “Services”), to provide you with a curated shopping experience. Nicky Web Designs is powered by Shopify, which enables us to provide the Services.

This Privacy Policy explains how Nicky Web Designs is the data controller under UK law, and how our processing also respects EU GDPR where applicable for customers in the European Economic Area (EEA), as well as other international data protection requirements where relevant.

Please read this Privacy Policy carefully. By using our Services, you acknowledge that you have read and understood how we collect, use, and disclose your personal information as described here.

1. Personal Information We Collect

“Personal information” refers to information that identifies you or can reasonably be linked to you. It does not include anonymized or de-identified information. Depending on how you interact with the Services, we may collect the following types of personal information:

  • Contact details: name, address, billing/shipping address, phone number, email address
  • Financial information: credit/debit card details, payment account information, transaction details
  • Account information: username, password, security questions, preferences, settings
  • Transaction information: items viewed, added to cart, purchased, returned, exchanged, or cancelled
  • Communications: messages or support inquiries sent to us
  • Device information: device, browser, network, IP address, and other unique identifiers
  • Usage information: interactions with the Services, including how and when you navigate or use features

2. Sources of Personal Information

We may collect personal information from:

  1. Directly from you – when you create an account, place an order, communicate with us, or provide information voluntarily
  2. Automatically – through cookies, analytics, or similar technologies when you use the Services
  3. From service providers – including Shopify, payment processors, and other technology providers
  4. From partners or third parties – where relevant and permitted by law

3. How We Use Your Personal Information

We use personal information for purposes including:

  1. Providing and improving the Services:
    • Fulfilling orders, processing payments, managing accounts
    • Personalizing your shopping experience and product recommendations
    • Facilitating returns, exchanges, and customer support
    • Performing our contract with you
  2. Marketing and Promotions:
    • Only if you have provided consent (where required by law)
    • Sending emails, texts, or postal communications about promotions
    • Showing targeted ads online based on prior interactions
  3. Security and Fraud Prevention:
    • Detecting and preventing fraud or illegal activity
    • Securing accounts and Services
  4. Legal Compliance:
    • Responding to legal requests, enforcing terms, or protecting rights

Lawful basis for processing (UK GDPR):

  • Contract performance: fulfilling your orders and account management
  • Consent: marketing communications (email, SMS)
  • Legitimate interests: fraud prevention, analytics, service improvements
  • Legal obligation: complying with applicable law

4. Sharing Personal Information

We may share personal information with:

  • Service providers: Shopify, payment processors, shipping partners, IT or cloud providers
  • Business partners: for marketing purposes where you have consented
  • Affiliates or corporate group members
  • Legal or business reasons: mergers, acquisitions, legal obligations, enforcing policies

All third parties are required to process your data in accordance with applicable UK data protection law.

5. Relationship with Shopify

Your personal information is processed by Shopify as a data processor on our behalf. Shopify may also process data in other contexts (e.g., analytics or enhanced features) in accordance with Shopify Consumer Privacy Policy. Customers may exercise their rights with Shopify via the Shopify Privacy Portal.

6. Children’s Privacy

The Services are not intended for children under 16. We do not knowingly collect personal information from anyone under 16 without parental consent. Parents or guardians who believe their child has provided information may contact us to request deletion.

7. Cookies and Tracking

We use cookies and similar technologies to operate the Services, improve your experience, and show targeted advertisements. Please refer to our Cookie Policy for details and to manage your preferences.

8. Security and Retention

We implement reasonable security measures to protect your data, but no method is completely secure.

We retain personal information only as long as necessary to:

  • Provide Services and manage your account
  • Comply with legal obligations
  • Resolve disputes or enforce agreements

Retention periods are regularly reviewed for compliance with UK law.

9. Your Rights (UK GDPR)

You have the following rights regarding your personal information:

  1. Access – request a copy of the information we hold about you
  2. Correction – request corrections to inaccurate or incomplete information
  3. Erasure – request deletion, where legally permitted
  4. Restriction – request restriction of processing in certain circumstances
  5. Objection – object to processing for marketing or legitimate interests
  6. Data Portability – request a copy in a structured, machine-readable format and transfer it
  7. Withdrawal of Consent – withdraw previously given consent (marketing, cookies, etc.)

You can exercise these rights by contacting nicky@nickywebdesigns.com. We may require proof of identity before processing requests. Exercising these rights does not affect the lawfulness of prior processing.

Customers in the EU/EEA and other international locations are also able to exercise similar rights where applicable, such as access, correction, erasure, restriction, objection, data portability, and withdrawal of consent, in accordance with local law.

10. Complaints

UK residents may lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/.

You may also contact us directly at nicky@nickywebdesigns.com.

11. International Customers

This is entirely new content added to address EU/EEA and global customers:

If you are located outside the UK:

  • Your personal information may be subject to the laws of your country.
  • By using our Services, you consent to the transfer of your data to the UK or other countries where we or our service providers operate.
  • These transfers are safeguarded using UK-approved Standard Contractual Clauses or to countries deemed to provide adequate protection under UK law.
  • Customers in the European Economic Area (EEA) are also protected by EU GDPR, and may exercise rights similar to UK GDPR.
  • We aim to respect privacy rights globally, and wherever possible, you can exercise your rights to access, correction, deletion, or restriction of personal information.

12. International Transfers

If you are outside the UK, including in the EU/EEA, personal information may be transferred to the UK or other countries. Transfers are safeguarded using UK-approved Standard Contractual Clauses or countries deemed adequate under UK law. Customers in the EEA are protected by EU GDPR.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The revised policy will be posted here with an updated “Last updated” date. Significant changes will be communicated as required by law.

14. Contact

For questions or to exercise your rights, contact us:

Nicky Web Designs
Email: nicky@nickywebdesigns.com