Privacy policy

Last updated: 11/12/2025

At Holly & Moss, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, make a purchase, or interact with us.

By using our website, you agree to the practices described below.

1. Who We Are

Holly & Moss
Harrogate, UK
Company number: 16769359
Email: hello@hollyandmoss.co.uk

We are the “data controller” responsible for your personal information under UK GDPR.

2. Information We Collect

We collect personal data in the following ways:

a) Information you provide directly

• Name
• Billing and delivery address
• Email address
• Phone number
• Payment information (processed securely by third-party providers; we do not store card details)
• Order history and communications

b) Information collected automatically

When you visit our website, we may collect:

• IP address
• Browser type and device data
• Pages visited and time spent
• Cookies and tracking technologies (see Section 10)

c) Information from third parties

• Payment processors: Stripe
• Website platforms: WooCommerce
• Analytics tools: Google Analytics

3. How We Use Your Information

We use your personal data to:

• Process and deliver your orders
• Send order confirmations and shipping updates
• Respond to your enquiries
• Improve our website and customer experience
• Manage customer accounts
• Detect fraud or security issues
• Send marketing communications (only with your consent)
• Comply with legal obligations

4. Legal Bases for Using Your Data (UK GDPR)

We rely on the following lawful bases:

• Contract → to process your orders and provide customer service
• Legitimate interests → to improve our website, prevent fraud, and run our business efficiently
• Consent → when you sign up for newsletters or marketing
• Legal obligation → for accounting and regulatory compliance

5. How We Share Your Information

We do not sell your data.

We may share your information with trusted service providers who help us operate our business, such as:

• Payment processors
• Delivery couriers (e.g., Royal Mail, DPD)
• Website hosting providers
• Analytics and marketing platforms
• Email service providers

All third parties are required to protect your data and comply with GDPR.

6. International Transfers

Some providers we use (such as email or cloud services) may store data outside the UK.
When this happens, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place.

7. Data Retention

We retain your personal information only as long as necessary:

• Order records: 6 years
• Marketing data: until you unsubscribe
• Website analytics: typically 14–38 months, depending on provider settings

You may request deletion of your data at any time (see Section 9).

8. How We Protect Your Data

We use appropriate technical and organisational measures, including:

• Encrypted website (HTTPS)
• Secure payment gateways
• Restricted access to data
• Regular monitoring for vulnerabilities

However, no online system is 100% secure, so we encourage you to take reasonable precautions.

9. Your Rights (UK GDPR)

You have rights over your personal data, including:

• Right to access – request a copy of your data
• Right to rectification – correct inaccurate information
• Right to erasure – ask us to delete your data
• Right to restrict processing
• Right to object – particularly to marketing
• Right to data portability
• Right to withdraw consent

To exercise your rights, email us at [your email].

10. Cookies

Our website uses cookies to:

• Improve site performance
• Understand browsing behaviour
• Enable checkout functionality
• Personalise user experience

You can control cookies through your browser or through any cookie banner installed on the site.

A full Cookie Policy can be provided if you need one.

11. Marketing Communications

You will only receive marketing emails if you have provided us with your email address.

You can unsubscribe at any time by clicking the link in our emails or by contacting us directly.

12. Changes to This Policy

We may update this Privacy Policy occasionally.
The updated version will always be available on this page with a new “Last updated” date.

13. Contact Us

If you have any questions about this policy or how we use your data, contact us at:

hello@hollyandmoss.co.uk

We’re always happy to help.