Privacy Policy

Your Data Protection Rights

Your principle rights under data protection law are:

  • The right to access – You have the right to request us for copies of your personal data.

  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.

  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting the Information Commissioners Office - Individual Rights .

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights in relation to your personal data, please contact us.

About our Privacy Policy

This Privacy Policy (which includes other important hyper-linked sections such as our Terms and Conditions, Shipping, Cancellation and Returns and Cookie Policies) apply to use of the website and any purchase of products through and/or direct from It's From The Shed over the telephone. At It's From The Shed we are committed to protecting your privacy and to gaining and maintaining the confidence and trust of all visitors to our website. We will only use the information that we collect about you lawfully in accordance with the EU General Data Protection Regulation (GDPR). In this Privacy Policy we’ve provided guidance on how It's From The Shed uses your personal data when you visit our website, interact with us online or by phone, or buy our goods and services. It contains detailed information about when and why we collect your personal information, how we use it, what third-party service providers we might share your information with and under what circumstances, and how we keep your information secure. It is important that you read this privacy policy, together with our Cookie Policy so that you are fully aware of how and why we are using your data and of your privacy rights and how the law protects you. We may update this policy from time to time. Any such changes will take effect when posted on the website and it is your responsibility to ensure you are aware of the most updated version. This Privacy Policy was last updated on 30/09/2020 For any queries in relation to this Privacy Policy, or if you would like to exercise your privacy rights please contact us providing as much detail as possible about your concern, question, or request.

What personal data do we collect about you?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (Anonymous data).

We collect a variety of personal information about our customers and visitors to which fall into the follow categories:

Transactional Data

When you place an order with us, the personal information we collect includes:

  • full name;
  • billing and delivery address;
  • telephone number;
  • e-mail address;
  • a record of your order and details of the products purchased; and
  • credit/debit card details (all sensitive details are inaccessible even to us from moment of purchase and are securely encrypted)

This information is necessary for us to process your order, receive payment and deliver your goods to you.

Contact/Account Data

When you create an account with us, we collect the following personal information:

  • full Name;
  • e-mail address;
  • telephone number;
  • username or similar identifier;
  • encrypted version of your login/password;
  • profile data including preferences and cookie consent (opt in/out) ;
  • newsletter subscription status; (We will not send you marketing emails unless you consent i.e. sign up to our newsletter. You can unsubscribe at any point, by clicking on the unsubscribe links in our emails, or by contacting us.)
  • feedback and survey responses;
  • billing and shipping addresses (if saved in account);
  • list of products you added to your “wish list”; and
  • Debit or credit card details (If saved, these details are stored securely and encrypted, and cannot be seen by us)

You can quickly and easily log into your account and change or edit any of your personal data by clicking on “My Account” either in the header of our website. If you’d like to delete your account please contact us .

You do not have to register for an account with us to place orders on our websites, but many returning customers find it helpful to have one.

Communications Data

If you contact us via phone, email or via the form on our contact us page we may collect the following data in order to deal with your query;

  • full Name;
  • e-mail address;
  • telephone number;

We will also note the date and nature of your query or complaint, and details of any actions taken.

Technical Data

When you visit our website, we may also collect the following information related to the device used:

  • internet protocol (IP) address,
  • browser type and version,
  • device (PC, tablet or mobile)
  • operating system and platform.

We gather this information to analyse our site’s performance on different devices and look for areas for improvement.

Marketing Data

To collect this data we require your consent, and will only collect this data if you subscribe to our newsletter or agree to our use of marketing cookies. See our Cookie Policy for more detail.

  • information regarding what pages are accessed and when;
  • demographic information;
  • general product preferences and interests based on your browsing history on our website.

This data also allows us to give you customised product recommendations based on best-sellers and product views.

Analytics Data

To collect this data we require your consent, and will only collect this data if you agree to our use of analytics cookies. See our Cookie Policy for more detail.

Analytics data, also known as tracking data, includes information about how you use our website, along with information we or others collect about you from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers, and is used to improve our website and the content we provide.

To analyse engagement and performance of our website we use Google Analytics (GA). Google Analytics data is aggregated data. Aggregated data may be derived from your personal data but is not considered personal data in law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature.

Using Google Analytics we are able to record visitors engagement with our website, such as page visits, bounce rates, time on site and traffic sources i.e whether you arrived at direct, through a search engine, social media site, or by clicking on an advert.

We can also track basic interaction with website forms, and eCommerce transactions. The transaction data in GA contains information such as order ids, products purchased and revenue , it does not contain any personal information.

If, however, we combine or connect this aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this privacy policy.

Please note: We do not collect any Personal Data about you regarding your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you choose not to share personal data with us, or refuse certain contact permissions, we might not be able to provide the products and services you’ve asked for.

How do we collect your personal data?

We use different methods to collect data from and about you through:

Direct interactions

You may provide us with your transactional, contact/account and communications data by:

  • placing an order for any of our products;
  • creating an account on our website;
  • signing up to our mailing list;
  • filling in our contact form to make enquiries;
  • corresponding with us via email or phone;
  • engaging with us on social media;
  • entering a competition, promotion or survey;
  • providing feedback on our website or social media pages; or
  • leaving comments or reviews on our products.

Automated technologies or interactions.

As you interact with us, we may automatically collect technical data about your technical data equipment, browsing actions and patterns.

If you have provided consent we may also collect marketing and analytics data when you use our website, or when you click on one of our adverts (including those shown on third party websites).

Third parties or publicly available sources.

We may receive personal data about you from various types of third parties, including:

  • Technical data and/or tracking data from analytics providers, advertising networks and search information providers;
  • Contact and financial data from providers of payment and fraud prevention services; and
  • Identity and contact data from external sites such as Google or Facebook if you choose to login to your account via these options.

Legal basis for collecting your personal data

Your privacy is protected by law. According to Data Protection Laws, we are allowed to use personal information only if we have an acceptable reason to do so. There are several different reasons why we might collect and process your personal data.

Most commonly, we will use your personal data in the following circumstances:

1. When we have your consent

In certain circumstances, we will only process your personal data with your clear consent. For example, we will add you to our mailing list only if you sign up to our newsletter or tick the relevant box at the checkout.

2. To fulfil a contract we have with you

Where we need to form a contract with you, for example when you place an order, purchase our products, and to process and deliver your order. These details will be then passed on to our courier company to deliver the goods to you.

  • We will use your e-mail address to provide you with updates regarding your order, such as order confirmation, despatch & tracking information.
  • We will also collect your phone number to be able to contact you in case of any problems with your order.
  • Depending on which delivery option you choose, your phone number and/or e-mail address might be passed on to our courier so that they can keep you updated when your goods will be delivered (whenever applicable).

3. When it is in our legitimate interest

In certain situations, we will use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running an e-commerce business.

We will process personal data for the following legitimate interests:

  • to better understand how people interact with our website in order to improve the website and our customers general shopping experrience
  • to provide you with the best possible service, including a personalised browsing experience, tailored to your preferences.
  • to improve our product selection and service based shopping trends and any post-purchase feedback.
  • to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  • to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  • to define types of customers for our products and services, to keep our website updated and relevant, and to inform our marketing strategy

4. To comply with legal or regulatory obligations

This includes;

  • keeping records of our sales for tax compliance.
  • to identify and prevent fraud and keep our services safe and secure

Who do we share/disclosure your personal data with?

All information that you provide to us is for the sole purpose of providing you with the best shopping experience and customer service. We follow the requirements of the UK Data Protection Legislation (the Data Protection Act 2018) in order to protect the information you provide us with from unauthorised access. We will never give away, pass on or sell any of the information that you provide us and wiill only share your personal data with the third parties listed below for the purposes set out in this privacy policy.

  • Suppliers and service providers (such as technology service providers, payment processing and fraud prevention providers, delivery and courier services);
  • Makers and artists selling their products through our site, for the purposes of shipping any products you have ordered from them;
  • Auditors and professional advisers like bankers, lawyers, accountants and insurers; and
  • government, regulators and law enforcement.
  • We may also share data (with your consent) with third parties connected to marketing, advertising and analytics.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

How do we store your personal information? is hosted on the platform, which allows us to sell our products and services securely online. Your personal data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. Payment Iinformation
It's From The Shed uses third party payment processors provided by and PayPal to process payments made for products and services via the website. All direct payment gateways offered by and used by us adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

  • If you choose to pay by Debit or Credit card at the checkout, your credit card details are communicated directly from your browser to these third party payment processors.
    • In accordance with Payment Card Industry (PCI) data security standards your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them.
    • Unless you request your card details are remembered It's From the Shed will also not have access to your billing or bank account details.
    • If you choose to remember your card details on checkout It's From The Shed stores the card type, a Masked PAN (only the first 6 and last 4 digits) and the card’s expiry date as well as an associated token, used to identify and remember your stored card for you to use for future purchases from .
    • Please note: This stored information can be updated or deleted at any by logging onto your account on It's From the Shed and clicking on "My Wallet"
  • If you use PayPal to check out your order It's From The Shed does not have access to your payment or bank account details, these are stored within your Paypal account.
    • It's From The Shed only store the tokens required to identify the transaction with PayPal and issue refunds through Paypal.

Links to External Third-party websites

It's From The Shed include links to third-party websites, plug-ins and applications (for example, the ability to sign in with Facebook or Google). Clicking on these links or enabling these connections may allow third parties to collect or share data about you. Our privacy policy applies only to our website, we do not control these third-party websites and are not responsible for their privacy statements, the data thy collect and how they use that data. When clicking on a link to another website, please ensure you also read their privacy policy.

How long do we retain your personal data for?

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider

  • the amount, nature, and sensitivity of the personal data;
  • the potential risk of harm from unauthorised use or disclosure of your personal data;
  • the purposes for which we process your personal data whether we can achieve those purposes through other means; and
  • the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers for tax purposes. In some circumstances you can ask us to delete your data; see Your Data Protecttion Rights below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.