Privacy Policy
1. Who We Are
Isaac's Bazaar is a UK-based surface pattern design studio selling fabric, wallpaper, and homeware products online. We are the data controller responsible for your personal information.
Business name: Isaac's Bazaar
Address: Merseyside, UK
Email: [email protected]
ICO Registration: 00013507980
This policy explains how we collect, use, and protect your personal data when you visit our website, place an order, or interact with us in any way. It applies to all visitors and customers of https://www.isaacsbazaar.com.
We are committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Information We Collect
We collect different types of information depending on how you interact with us:
Information you give us directly
- Name, email address, delivery address, and phone number when you place an order
- Payment information (processed securely by Stripe / WooPayments — we do not store card details)
- Messages and enquiries submitted via our contact form or email
- Your email address if you subscribe to our newsletter
- Account details if you create a customer account
Information collected automatically
- IP address, browser type, device type, and operating system
- Pages visited, time spent on site, and referring URLs
- Clicks, scroll depth, and interactions via analytics tools
- Cookie identifiers and advertising IDs (see Cookies)
- Google Click IDs (GCLID) and Meta Click IDs (FBCLID) when you arrive via an advert
Information from third parties
- Aggregated audience data from Google and Meta to improve our advertising
- Order and transaction data from payment processors
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your order | Contract performance |
| Sending order confirmations and despatch notifications | Contract performance |
| Responding to customer enquiries | Legitimate interests |
| Preventing fraud and verifying payments | Legitimate interests / Legal obligation |
| Sending marketing emails (with your consent) | Consent |
| Improving our website and understanding visitor behaviour | Legitimate interests |
| Serving personalised adverts on Google and Meta platforms | Consent |
| Measuring the effectiveness of our advertising campaigns | Legitimate interests / Consent |
| Complying with legal and regulatory obligations | Legal obligation |
| Accounting and tax record keeping | Legal obligation |
4. Cookies & Tracking Technologies
We use cookies and similar tracking technologies on our website. A cookie is a small text file placed on your device. You can control cookies through your browser settings and our cookie consent tool.
Essential cookies
These are required for the website to function and cannot be switched off. They include cookies that manage your shopping cart, remember your login session, and process payments.
Analytics cookies
We use Google Analytics 4 (GA4) to understand how visitors use our website. This includes pages visited, time on site, and conversion events. GA4 uses anonymised identifiers and is configured to respect your consent preferences. Google's Privacy Policy →
Advertising & remarketing cookies
We use the following advertising tools which set cookies on your device to track visits and show relevant adverts after you leave our site:
- Google Ads — conversion tracking and remarketing via Google Tag Manager. Google Ads Privacy →
- Meta Pixel (Facebook/Instagram) — tracks visits and conversions to enable retargeting on Facebook and Instagram. Meta Privacy Policy →
- Google Tag Manager — manages and deploys all tracking tags on our site without directly collecting personal data itself.
Marketing & preference cookies
If you subscribe to our newsletter, we may set cookies to personalise your experience on future visits.
Managing your cookie preferences
When you first visit our site, you will be asked to consent to non-essential cookies. You can change your preferences at any time by clicking the "Cookie Settings" link in our website footer. You can also opt out of personalised advertising directly:
5. Third Parties We Share Data With
We do not sell your personal data. We share it only where necessary with the following trusted third parties:
| Third Party | Purpose | Location |
|---|---|---|
| Stripe / WooPayments | Payment processing | USA (SCCs in place) |
| Royal Mail / [Carrier] | Order fulfilment and delivery | UK |
| Google LLC | Analytics, advertising, and tag management | USA (SCCs in place) |
| Meta Platforms Inc. | Advertising and retargeting | USA (SCCs in place) |
| Mailchimp / [Email provider] | Newsletter delivery | USA (SCCs in place) |
| Cloudways / [Hosting provider] | Website hosting and data storage | EU/UK |
| WooCommerce / Automattic | E-commerce platform | USA (SCCs in place) |
SCCs = Standard Contractual Clauses, the approved legal mechanism for transferring personal data from the UK to non-adequate third countries.
We may also disclose your personal data to law enforcement or regulatory bodies if required by law.
6. Advertising & Remarketing
We run paid advertising campaigns on Google and Meta (Facebook/Instagram). These involve:
- Remarketing: Showing adverts to people who have previously visited our website, based on cookie data
- Customer Match: Uploading hashed customer email lists to Google and Meta to target or exclude existing customers from campaigns
- Enhanced Conversions: Sending hashed first-party data (email, name, address) to Google at the point of purchase to improve conversion measurement accuracy
- Lookalike Audiences: Meta and Google may use your data to find new potential customers with similar characteristics
- Offline Conversions: We may upload order data to Google Ads to track the impact of campaigns on sales
All of the above is only performed with your consent, given via our cookie consent tool. You can withdraw consent at any time.
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification
Ask us to correct inaccurate or incomplete data we hold about you.
Right to Erasure
Ask us to delete your personal data where there is no lawful reason to continue processing it.
Right to Restrict Processing
Ask us to limit how we use your data while a dispute is resolved.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests, including direct marketing.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time without affecting prior processing.
Right to Complain
Lodge a complaint with the Information Commissioner's Office (ICO) if you are unhappy with how we handle your data.
To exercise any of these rights, please email us at [email protected]. We will respond within 30 days.
8. Data Retention
We retain your personal data only for as long as necessary:
- Order data — retained for 7 years to comply with HMRC requirements
- Customer accounts — retained while your account is active, or until you request deletion
- Marketing consent — retained until you unsubscribe or withdraw consent
- Contact enquiries — retained for 2 years after resolution
- Analytics data — retained in accordance with Google Analytics default retention settings (up to 14 months)
- Advertising data — hashed data shared with Google and Meta for Customer Match is deleted after campaign use in accordance with their respective data retention policies
9. Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:
- SSL/TLS encryption on all data transmitted to and from our website
- Secure, access-controlled web hosting
- Payment data handled exclusively by PCI-DSS compliant processors (Stripe/WooPayments)
- Regular software and security updates
No method of transmission over the internet is 100% secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and the ICO as required by law.
10. Children's Privacy
Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
Isaac's Bazaar
Merseyside, UK
[email protected]
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):
ICO
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk · 0303 123 1113