Privacy Notice

Last updated: [Insert Date of Last Revision]

This Privacy Notice explains how [Your Company Name/Author Name, e.g., "An Hour in the Clouds" / Svetlana & Viktoriia] ("we," "us," or "our") collects, uses, protects, and discloses your personal information when you visit or make a purchase from our website, www.anhourintheclouds.com (the “Site”).

We are committed to protecting your privacy and handling your data in an open and transparent manner. We are the Data Controller responsible for your personal data.

​

1. Contact Details

If you have any questions about this Privacy Notice or wish to exercise your data rights, please contact us:

Name of Controller[Your Legal Business Name, e.g., Svetlana & Viktoriia]

Email Address[Your Dedicated Privacy/Customer Service Email Address]

Postal Address[Your Business or Correspondence Address]

 

2. The Data We Collect and How

​

​​

​

​

​

​

 

 

​

 

​

​

​

​

 

 

 

 

 

3. Our Lawful Basis for Processing Your Data

Under the GDPR, we must have a lawful basis to process your personal data. We rely on the following:

​

​

​

​

​

​

​

​

​

​

​

​

​​​​​​​4. Cookies and Tracking Technologies

Our website uses cookies to distinguish you from other users. We use:

• Strictly Necessary Cookies: Essential for the Site to function (e.g., enabling the shopping cart).

• Analytical/Performance Cookies: Help us recognize and count the number of visitors and see how they use the Site.

• Functionality Cookies: Used to recognize you when you return to our website (e.g., remembering your preferences).

We use a cookie banner/pop-up to gain your explicit consent before non-essential cookies are set. You have the right to accept or reject non-essential cookies.

​

5. Sharing Your Personal Data

We may share your data with the following categories of third parties to help us run our business:

• Payment Processors (e.g., PayPal, Stripe) for secure payment processing.

• Shipping/Fulfillment Partners (e.g., Post offices, couriers) to deliver your orders.

• IT and Hosting Providers who maintain our website infrastructure.

• Marketing Providers (e.g., Mailchimp, if used for newsletters) for sending emails (only with your consent).

• Analytics Providers (e.g., Google Analytics) to understand website usage.

We require all third parties to respect the security of your personal data and treat it in accordance with the law.

​

6. International Transfers

Your data may be transferred to and stored in countries outside the European Economic Area (EEA), such as the United States, by our third-party service providers (e.g., cloud hosting, email marketing).

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by relying on legally approved mechanisms, such as implementing the Standard Contractual Clauses (SCCs) adopted by the European Commission.

​

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Order Data: We generally keep customer order information for [Insert Time Period, e.g., six years] to satisfy tax and accounting requirements.

• Marketing Data: We keep email consent records until you unsubscribe.
   

8. Your Rights Under GDPR

Under the GDPR, you have the right to:

1. Request access to your personal data (commonly known as a "data subject access request").

2. Request rectification of the personal data that we hold about you.

3. Request erasure of your personal data (the 'right to be forgotten').

4. Object to processing of your personal data where we are relying on a legitimate interest.

5. Request restriction of processing of your personal data.

6. Request the transfer of your personal data to you or a third party (data portability).

7. Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of these rights, please contact us using the Contact Details provided above. We may need to verify your identity before responding.
 

9. Right to Lodge a Complaint

You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues. In the UK, this is the Information Commissioner’s Office (ICO).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.