Skip to content

Privacy & Cookie Policy

Last updated: 08 October 2025

Welcome to Harper & Debbage (“we”, “us”, “our”).

We take your privacy seriously and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy & Cookie Policy explains how we collect, use, and protect your information when you visit www.harperdebbage.uk (“the Site”), place an order, or contact us.

By using this Site, you agree to this Policy. If you do not agree, please do not use the Site.

1. Who We Are

Name: Kristopher Harper-Allison
Trading name: Harper & Debbage
Business type: Sole Trader (Self-Employed)
Email: hello@harperdebbage.uk

For data protection purposes, Kristopher Harper-Allison, trading as Harper & Debbage, is the data controller, responsible for deciding how and why your personal data is processed.

2. The Personal Data We Collect

We collect and process the following information about you:

2.1 Information you provide directly

  • Your name
  • Postal / delivery address and billing address
  • Email address and phone number
  • Payment information (processed via PayPal – no card details are stored on our servers)
  • Any messages, queries, or communications you send us
  • Information when you create an account, leave a review, or subscribe to our newsletter
  • Information you provide via forms, surveys, or social media

2.2 Information collected automatically

When you browse our website, we automatically collect:

  • IP address, browser type, and version
  • Device and operating system
  • Pages visited, time spent, and referring URLs
  • Cookies and similar tracking technologies (see Section 10)
  • Analytics data (collected anonymously via Google Analytics)

2.3 Information from third parties

We may receive limited information about you from:

  • PayPal (payment confirmations)
  • Royal Mail / Courier services (delivery updates)
  • Mailchimp (newsletter subscriptions)
  • Google Analytics (anonymised usage data)

3. How We Use Your Information

We only use your personal data for legitimate purposes, including:

PurposeExampleLegal Basis
To fulfil your ordersProcessing and delivering your purchases, managing paymentsPerformance of a contract
To communicate with youResponding to queries, updates, order confirmationsPerformance of a contract / Legitimate interest
To manage your accountLogin, password resets, order historyPerformance of a contract
To improve our websiteAnalytics, usability testingLegitimate interest
To comply with lawTax, accounting, record-keepingLegal obligation
To send marketing emailsNewsletters, offers, product updatesConsent (you can withdraw anytime)

We do not sell or rent your personal data to anyone.

4. Marketing & Newsletters

You will only receive marketing emails if:

  • You have opted in via our website; or
  • You are an existing customer and did not opt out (the “soft opt-in” rule).

We use Mailchimp to manage our mailing list. Your name and email address are securely transferred to Mailchimp for this purpose. You can unsubscribe at any time by clicking the “unsubscribe” link in emails or contacting us directly.

We will never sell your data or share it for marketing by others.

5. Sharing Your Information

We share information only with trusted third-party service providers who help us operate the website and fulfil orders, including:

  • PayPal – for payment processing
  • Royal Mail / Courier Services – for order delivery
  • Mailchimp – for email newsletters (if you opt in)
  • Website host / IT provider – for hosting, backups, and technical maintenance
  • Google Analytics – to collect anonymous usage data

Each third party only receives the information necessary to perform its function and must handle it securely in line with data protection laws.

6. International Data Transfers

Some providers (like Mailchimp and PayPal) may transfer your data outside the UK or European Economic Area (EEA).
We ensure that these transfers are protected by appropriate safeguards, such as:

  • UK adequacy decisions; or
  • Standard Contractual Clauses approved by the ICO.

7. Data Retention

We retain personal data only as long as necessary for its purpose or as required by law:

  • Orders & tax records: 7 years
  • Customer accounts: While active (and deleted on request)
  • Mailing list data: Until you unsubscribe or withdraw consent
  • Analytics data: 26 months (Google’s standard retention)

After this, data is securely deleted or anonymised.

8. Your Rights

You have the right to:

  1. Access – request a copy of your personal data.
  2. Rectification – correct inaccurate or incomplete data.
  3. Erasure – request deletion of your data (“right to be forgotten”).
  4. Restriction – ask us to stop processing certain data.
  5. Portability – obtain your data in a usable format.
  6. Objection – object to processing (e.g. marketing).
  7. Withdraw consent – at any time (e.g. unsubscribe from emails).

To exercise your rights, email hello@harperdebbage.uk.
We’ll respond within one month as required by law.

If you’re unhappy with our response, you can contact the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk/
Telephone: 0303 123 1113

9. Security

We use appropriate technical and organisational measures to protect your data, including:

  • Secure (HTTPS) encryption
  • Strong password controls
  • Encrypted payment transactions (via PayPal)
  • Limited access to data on a “need-to-know” basis
  • Regular software and plugin updates

While we take every reasonable step, no website or transmission is completely secure.

10. Cookies & Tracking Technologies

10.1 What are cookies?

Cookies are small text files placed on your device to help the website function, improve user experience, and analyse traffic.

10.2 Types of cookies used

TypePurpose
EssentialEnable site functionality (shopping basket, login, checkout)
AnalyticsAnonymous visitor statistics via Google Analytics
FunctionalRemember preferences (e.g. login, language)
MarketingOnly if you consent (e.g. social sharing, remarketing pixels)

10.3 Managing cookies

You can:

  • Accept or reject non-essential cookies via the cookie banner on the site.
  • Adjust browser settings to block or delete cookies.
  • Opt out of Google Analytics using Google’s opt-out tool.

Rejecting cookies may affect certain website features.

11. Links to Other Websites

Our Site may contain links to external sites (e.g. publishers, marketplaces).
We are not responsible for their content or privacy practices.
Please review their privacy policies before sharing personal data.

12. Children’s Data

Our Site is not intended for anyone under 16 years old, and we do not knowingly collect their data.
If you believe a child has provided personal data, please contact us and we will delete it.

13. Changes to This Policy

We may update this Policy periodically.
The latest version will always be available at www.harperdebbage.uk/privacy-and-cookie-policy (or equivalent).
If there are significant changes, we’ll notify you via the website or email.

14. Contact Us

If you have questions about this Policy or your personal data, please contact:

Kristopher Harper-Allison, trading as Harper & Debbage
Email: hello@harperdebbage.uk