Privacy Policy

Shedora is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website shedora.co.uk or make a purchase from us. We adhere to the UK General Data Protection Regulation (UK GDPR) and other relevant data protection laws. By using our services, you agree to the collection and use of information in accordance with this policy.

Last updated: May 17, 2025.

1. Information We Collect

We only collect information that is necessary to fulfill your orders and improve your experience. This includes:

  • Personal Information: When you place an order or create an account, we collect information such as your name, billing and shipping address, email address, phone number, and payment details. For example, during checkout you will provide your address and contact info so we can deliver your products and update you on your order status. If you contact us or fill out a form, we collect whatever information you choose to provide (such as your query details).
  • Payment Information: We use secure payment processors to handle transactions. When you enter credit/debit card details or PayPal information, that data is processed by our payment provider. We do not store your full card numbers or security codes on our servers. We may retain a record of the transaction (e.g., last four digits of your card, the amount, and date) for reference and accounting, but sensitive payment data is handled securely by the payment gateway.
  • Automatically Collected Data: When you visit shedora.co.uk, certain data is collected automatically:
    • Cookies: Our site uses cookies (small text files placed on your device) to enhance your browsing experience. For instance, cookies keep you logged in to your account, remember what’s in your shopping cart, and help us understand how you navigate our site. We use both necessary cookies (for site functionality) and analytics cookies (like Google Analytics) to gather information on site traffic, popular pages, and how users engage with our site. You can control cookies through your browser settings and opt out of analytics cookies if you wish (see “Cookies & Tracking” below).
    • Device and Usage Data: We may collect information about your browser type, IP address, time zone, and some of the cookies installed on your device. As you browse, we also collect information about the pages or products you view, search terms, and how you interact with the site. This data helps us improve the website and troubleshoot issues. It is generally aggregated and not directly tied to your identity, except possibly your IP which in some cases could be considered personal data.
    • Log Files: Our server automatically logs certain data when you visit, such as your IP address, the pages you visited, and the time and date of access. We use this for security monitoring and performance analysis.
  • Third-Party Data: If you log in via a social media account or interact with us on social media (for example, if we had a Facebook or Instagram page and you messaged us), we may receive basic information from your profile that you choose to share with us. However, as of now, Shedora primarily collects data directly through our website and not through third-party logins.

We do not collect any sensitive personal data such as race, ethnicity, health information, or biometric data. Our site is not intended for children under 16, and we do not knowingly collect personal information from children.

2. How We Use Your Information

We use the collected information for various purposes, primarily to operate our business and provide you with services. Here’s a breakdown:

  • To Fulfill Orders: The main reason we collect information is to process and deliver your orders. Name and address are used for shipping, your email is used for order confirmations and updates, and your phone number may be used by us or the courier for delivery issues. Payment information is used to charge you for your purchase.
  • Customer Service: If you contact us with a question, concern, or return request, we will use your provided information to respond and resolve the issue. For example, your contact details and order history help us verify your order and assist you efficiently.
  • Account Management: If you create an account on shedora.co.uk, we use your information to maintain your account, allow you to log in, view order history, and save preferences like your saved addresses or wishlist.
  • Marketing Communications: With your consent, we may use your email address to send you newsletters, promotions, or product updates. We will only send you marketing emails if you have opted in (for example, by subscribing on our website or checking a box at checkout to receive news and deals). You can opt out of marketing communications at any time – every marketing email will include an “unsubscribe” link, or you can contact us to be removed from the list. We do not spam; typically, any newsletter would be occasional and focused on Shedora product news or special offers.
  • Personalization: We might use data about your past interactions to personalize your experience. For instance, we could suggest products similar to ones you viewed or purchased, or show you relevant content on our site. This typically uses cookies or similar tracking technologies to recognize repeat visitors.
  • Analytics and Improvement: We use analytics tools (like Google Analytics) to understand how users find and use our site. This helps us improve site navigation, product offerings, and overall user experience. For instance, analyzing which pages are most visited or where users drop off in the checkout process helps us optimize those areas.
  • Legal Obligations: In some cases, we need to use your information to comply with laws and regulations. For example, we retain transaction records to meet tax and accounting requirements. We may also use or disclose data when necessary to handle disputes or legal claims, prevent fraud, comply with a legal request from authorities, or enforce our Terms & Conditions.
  • Security: We may process data (like IP addresses or site activity) to protect our website and customers from malicious activity, fraud, or other security issues. Unusual patterns that suggest misuse (like repeated failed login attempts) might be analyzed and addressed to keep our platform safe.

We will not use your personal information for any purpose that is incompatible with the purposes described above without your consent. We do not sell your personal data to third parties for their own marketing or any other purposes.

3. Legal Basis for Processing (GDPR)

Under data protection laws, we need to have a valid legal basis for each use of your personal data. Shedora relies on the following bases:

  • Contractual Necessity: When you make a purchase or otherwise enter into a contract with us, we process your personal data to fulfill that contract. For example, using your address to ship your order, or processing your payment. Without this data, we cannot complete the transaction.
  • Legitimate Interests: We process certain data for our legitimate business interests in ways that are not overridden by your rights. This includes using data to improve our website’s performance, preventing fraud, securing our site, and sending marketing to existing customers about similar products (this is allowed as a legitimate interest often called “soft opt-in” under e-privacy rules, but you always have the opportunity to opt-out). When we rely on legitimate interests, we consider and balance any potential impact on you and your rights.
  • Consent: For some activities, we rely on your consent. For example, sending promotional emails to someone who is not an existing customer, or using certain non-essential cookies, would require consent. If we ask for your consent, you have the right to withdraw it at any time. Withdrawing consent will not affect the lawfulness of processing done before the withdrawal.
  • Legal Obligation: We will process data when necessary to comply with a legal obligation – such as retaining records for tax purposes or providing information to law enforcement if required by law.

4. Cookies & Tracking Technologies

Cookies are small files stored on your browser or device that enable website features and us to collect information. On shedora.co.uk, we use several types of cookies:

  • Essential Cookies: These are necessary for the website to function. For example, they keep your shopping cart active, allow page navigation, and enable secure checkout. Without these cookies, the site may not perform properly. Because they are essential, they are always active when you use our site (you could disable them via your browser, but then key functions may break).
  • Analytics Cookies: We use these to understand how visitors use our site. For instance, Google Analytics may set cookies to track page views, duration on site, etc. The information from these cookies is aggregated and anonymous – it does not directly identify you. It helps us analyze trends and improve our website’s usability and content. We respect “Do Not Track” signals and cookie consent settings; if you opt out of analytics via our cookie banner (if provided) or via your browser, these cookies will not be active.
  • Functionality Cookies: These remember choices you make to personalize your experience (like your login, region or language preferences). For example, a cookie might save your email for faster login if you choose “remember me,” or keep track of items you last viewed.
  • Advertising Cookies: Currently, Shedora does not host third-party ads nor do we heavily profile users for advertising. We do not have third-party ad banners on our site. If in future we engage in re-marketing (showing Shedora ads on other platforms to people who visited our site), cookies might be used for that. If so, we will update this policy and ensure appropriate consent for any advertising cookies.

Managing Cookies: On your first visit, you might see a cookie notice (if required by applicable law) giving you the option to accept or adjust settings for non-essential cookies. Additionally, most web browsers allow you to control and delete cookies through their settings. You can usually find these settings under “Options” or “Preferences” in your browser menu. Keep in mind, disabling cookies may affect site functionality (for example, you might not be able to add items to cart or checkout if cookies are off).

For more details on cookies and how we use them, you can refer to our detailed Cookies Policy (if available) or contact us with questions.

5. How We Share Your Information

We treat your personal information with care and confidentiality. We do not sell your personal data. We only share it with third parties in certain circumstances, as outlined below:

  • Service Providers (Processors): We use trusted third-party companies to perform functions on our behalf and help us run our business. These include:
    • Payment Processors: (e.g., Stripe, PayPal) – they handle payment transactions. They receive your payment information to process payments securely.
    • Shipping Partners: We provide your name, address, and sometimes phone/email to delivery companies (like Royal Mail, DPD, etc.) so they can deliver your order and send you tracking updates.
    • Website Hosting and IT: Our website might be hosted on a platform or server provided by a third-party company. They could technically have access to data stored on the server, but they are bound by confidentiality and data security obligations.
    • Email Service Providers: If we send newsletters or order confirmations, they may be sent through an email service platform. That platform will handle your email address and the content of the email on our behalf.
    • Analytics/Marketing Tools: As mentioned, Google Analytics might process data about site usage. If we use any marketing or review platforms (for example, Trustpilot for reviews or Mailchimp for newsletters), they will handle relevant data (like your email for Mailchimp, or order ID and email for Trustpilot to invite a review).
    These service providers are given access only to the information necessary for them to perform their specific services. They are contractually obligated to keep your information secure and use it only for the purposes we specify. We carefully select our partners to ensure they comply with data protection standards.
  • Business Transfers: In the unlikely event that Shedora undergoes a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, user information (including personal data) might be among the assets transferred. If such a transfer happens, we will ensure that the new owner is aware of the commitments we’ve made in this Privacy Policy and that you are notified of any changes or new choices you may need to make.
  • Legal Requirements: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (for example, for fraud investigation, tax audits, or to comply with a court order). We may also share information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • With Your Consent: Apart from the scenarios above, if we ever need to share your information for something else, we will ask for your consent. For example, if we wanted to use a customer testimonial including your name or wanted to share your info with a partner company for a joint promotion, we would only do so if you agree.
  • Aggregated or Anonymized Data: We may also share aggregated information (data that has been combined and stripped of personal identifiers) or otherwise anonymized data that cannot be used to identify you. For instance, we might publish trends about how many percentage of our customers buy certain types of products, or average site usage statistics, but this would not contain any personal data.

Rest assured, when we share information with service providers, we do so under strict agreements that protect your data. We only work with partners that meet high data protection standards.

6. International Data Transfers

Shedora is a UK-based business and we primarily store and process data within the UK or the European Economic Area (EEA). However, some of our third-party service providers may be located or use servers outside of the UK/EEA (for example, a cloud service or email provider might operate in the United States or other countries).

When we transfer personal data out of the UK/EEA, we take steps to ensure it remains protected to the standards required by UK/EU law:

  • We may rely on adequacy decisions (if the country is deemed by the UK to have adequate data protection laws).
  • We may use Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement/Addendum in our contracts with the service provider, which are legal tools approved to safeguard personal data leaving the UK/EU.
  • We also assess whether additional technical or organizational measures are needed to protect the data during transfer.

For example, if our website is hosted on a US-based cloud server, that provider would either be part of an approved framework (if one exists) or we’d have SCCs in place and ensure encryption of data, etc.

You can contact us if you would like more information about the specific mechanisms we use to transfer and protect personal data internationally.

7. Data Retention

We keep your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements:

  • Order and Account Information: If you make a purchase, we will retain your order information (such as invoices, order details, and your contact/shipping info related to the order) in our records. Typically, we retain these records for at least six (6) years, as this may be required for tax and accounting purposes, and also to assist with any warranty or returns issues that could arise after purchase. If you have an account with us, we will keep your account information as long as the account is active. You can choose to close your account, in which case we will either delete or anonymize your personal data associated with the account, except for data we are required to keep for legal reasons.
  • Contact and Support Queries: If you contacted us via email or contact form, we may keep that correspondence for a certain period (typically 1-2 years) to ensure we have context for any follow-up. We try not to keep unnecessary data indefinitely, so such communications will be periodically reviewed and deleted if no longer needed.
  • Marketing Data: If you have subscribed to our newsletter, we will keep your email on our mailing list until you unsubscribe or until we determine that our emails are consistently not being delivered. If you unsubscribe, we will remove you from the list promptly (and keep a record that you opted out, so we don’t accidentally email you again).
  • Analytics Data: Data collected via Google Analytics or similar tools may be retained as per Google’s policies (for instance, Google Analytics allows setting retention periods; we typically use standard retention settings which might be 26 months for user-level data, but much of the data is aggregated).

When we no longer have a legitimate need to retain your personal information, we will securely delete or anonymize it. For example, if you request your data to be erased and we have no legal basis to keep it, we will take steps to delete it from our systems and instruct any service providers to do the same.

8. Your Rights Over Your Data

Under UK data protection laws, you have several rights regarding your personal data. Shedora is committed to upholding these rights:

  • Right to Access: You have the right to request a copy of the personal data we hold about you, along with information on what we use it for, who we share it with, and how long we intend to keep it. This is commonly known as a “Subject Access Request.” We will provide you with a copy of the information in a commonly used electronic format (or paper if requested) within the legally required timeframe (typically one month).
  • Right to Rectification: If any of the personal data we hold about you is incorrect or incomplete, you have the right to have it corrected. For instance, if you notice we have misspelled your name or have an outdated address, please let us know and we will update it.
  • Right to Erasure: Also known as “the right to be forgotten.” In certain circumstances, you can ask us to delete or remove personal data. For example, if you withdraw your consent from marketing and want all your data removed, or if you believe we no longer need your data for its original purpose. Please note this right is not absolute – if we are required by law to keep certain data (e.g., purchase records for tax) or have a compelling legitimate interest, we may deny the request but will let you know why.
  • Right to Restrict Processing: You can request that we ‘pause’ the processing of your data in certain situations. For instance, if you contest the accuracy of the data or object to our processing, you might ask us to restrict use while we address your concern. During restriction, we can still store the data but not use it (except, for example, to establish legal claims or if you consent).
  • Right to Data Portability: You have the right to request that the personal data you provided to us be given back to you or transmitted to another controller in a structured, commonly used, and machine-readable format. This right applies only to data processed by automated means, which you provided, and where processing is based on your consent or the performance of a contract (e.g., your order history you provided for contract fulfilment). We will assist in transferring such data upon your request, where feasible.
  • Right to Object: You have the right to object to certain types of processing:
    • Direct Marketing: You can object at any time to your personal data being used for direct marketing (including any profiling related to marketing). If you object, we will stop using your data for marketing purposes immediately. (Remember, you can always simply unsubscribe from emails, which is a quick way to exercise this right.)
    • Legitimate Interests Processing: If we are processing your data under the lawful basis of “legitimate interests,” you can object to that processing if you feel it impacts your rights. We will then reconsider our reasons for processing your data. We will comply unless we have a compelling legitimate ground to continue that overrides your interests, or if the processing is needed for legal claims.
  • Rights related to Automated Decision-Making: We do not currently make any decisions that would produce legal effects or similarly significant effects on you solely by automated means (no profiling that decisively affects you without human involvement). If we ever do, you have rights to obtain human intervention, to express your point of view, and to contest the decision.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive marketing emails, you can opt-out later. Withdrawing consent does not affect the lawfulness of any processing we did while relying on consent before withdrawal.

To exercise any of these rights, simply contact us at contact@shedora.co.uk with your request. We may need to verify your identity before fulfilling certain requests (to ensure we don’t give your data to someone else by mistake). We will respond to your request as soon as possible, and at least within one month (or inform you if we need more time for complex requests, which can be extended by two further months).

If you feel that we have not addressed your data rights concerns adequately, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues. You can contact the ICO at www.ico.org.uk or call their helpline at 0303 123 1113. We would, however, appreciate the chance to address your concerns first, so please consider reaching out to us to see if we can help.

9. Data Security

We take the security of your personal information seriously. Shedora has implemented a variety of security measures to protect your data from unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Our website is secured via SSL (Secure Socket Layer) encryption. This means that when you enter personal information (like payment details or your address) on our site, that data is encrypted during transmission and cannot be easily intercepted by third parties. You can usually see a padlock symbol in your browser’s address bar, indicating a secure connection.
  • Secure Payment Processing: We only work with reputable payment gateways that are PCI-DSS compliant (Payment Card Industry Data Security Standard). These providers handle your payment information securely. We do not see or store your full card numbers or security codes on our end.
  • Access Controls: Personal data stored in our systems is accessible only by those in our team who need it to perform their duties (for example, our order fulfillment and customer service staff). We restrict admin access to our database and employ authentication measures (passwords, 2-factor authentication where possible) to prevent unauthorized access.
  • Secure Hosting: Our website and databases are hosted on servers with strong security protocols. We ensure that our hosting provider maintains up-to-date security patches and monitors for intrusions. Firewalls and other protective measures are in place to guard against external attacks.
  • Regular Monitoring: We periodically review our security practices and update them in line with technological advancements. We also keep our software, plugins, and systems updated to protect against known vulnerabilities.
  • Employee Training: We educate our staff about the importance of confidentiality and privacy. All employees and contractors who handle personal data are bound by confidentiality obligations and trained on data protection procedures.
  • Data Breach Procedures: Despite best efforts, no system can be 100% secure. We have a procedure in place to deal with any suspected personal data breach. If a breach occurs that poses a significant risk to your rights and freedoms, we will inform you and the relevant authorities (like the ICO) as required by law.

Please note that while we strive to protect your personal information, there is always some risk inherent in transmitting information over the internet. We urge you to take precautions as well, such as using strong passwords for your account and not sharing your login details with others. If you believe your interaction with us is no longer secure (for example, if you feel your account has been compromised), please contact us immediately.

10. Third-Party Websites

Our website may contain links to external websites or embedded content (like YouTube videos, social media features, etc.). This Privacy Policy does not cover how those third-party sites or services process your data. If you click on a link to a third-party site (for example, a gardening blog article or a tool supplier’s site), or interact with a social media widget on our site, you will be subject to that third party’s privacy policy.

We encourage you to read the privacy policies of any site you visit via links from Shedora, especially if you intend to provide personal information to them. Shedora is not responsible for the privacy practices or content of external websites. However, if you have concerns about a site we link to (for example, if a link is broken or the site seems suspicious), please let us know and we will consider removing or updating the link.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, ensure compliance with legal requirements, or improve clarity. When we make changes, we will revise the “Last updated” date at the top of this policy.

If the changes are significant, we may also provide a more prominent notice, such as a banner on our website or an email notification, to inform you of the update.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of shedora.co.uk and our services after any changes to this policy will signify your acceptance of the changes, provided that we have obtained any necessary consents required under applicable law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us. We are here to help and value transparency and trust with our customers.

Privacy Contact:
Email: contact@shedora.co.uk
Phone: +44 7429 920478
Address: 28 Alexandra Terrace, Exmouth, Devon, EX8 1BD, United Kingdom

When contacting us about your data, please provide as much detail as possible about your inquiry or request to help us assist you efficiently. For example, if you are requesting a copy of your data, it helps to mention the email or account you used on our site, and the context (orders, etc.) so we can locate your records.

Thank you for taking the time to read our Privacy Policy. Your trust is important to us, and we are dedicated to keeping your information safe and respecting your privacy.