Privacy Policy – Grace Amber


1. Introduction

This Privacy Policy explains how Grace Golf (“we”, “us” or “our”) collects, uses and protects your personal information when you visit The Phoenix Journey landing page (XXXXXX), or sign-up for our marketing communications.​

We are the data controller for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.​

2. Who we are and contact details

  • Legal entity: Grace Golf trading as Grace Golf
  • Postal address: 7 Strode Road, Clevedon, UK, BS21 6QB
  • Email: grace@phoenixseason.co.uk

If you have questions about this policy or how we handle your data, please contact us using these details.​

3. What personal data we collect

We may collect and process the following information:​

  • Identity data: name, title.
  • Contact data: email address, phone number, billing and delivery address.
  • Order and shipping data: details of the prints or products you are interested in or have ordered, shipping preferences and any notes you provide in the enquiry or order form.
  • Transaction data: purchase details, payment status and Stripe payment reference (we do not see your full card details; Stripe processes payments securely on our behalf).
  • Technical and usage data: IP address, device and browser information, time zone settings, pages visited, referral sources and other analytics data (if we use analytics tools).
  • Marketing and communications data: your preferences about receiving news, updates and offers from us.

We do not intentionally collect any special‑category (sensitive) data such as information about your health, ethnicity, political or religious beliefs, nor do we collect data about criminal convictions and offences.​
We do not carry out automated decision‑making or profiling that has legal or similarly significant effects on you.​

4. How we collect your data

We collect data in the following ways:​

  • When you complete the shipping‑quote, order or contact form on our website.
  • When you email, message or call us about a product.
  • When we email you a Stripe payment link and you complete a purchase.
  • When you sign up to our mailing list.
  • Automatically, when you browse our website, through cookies and similar technologies (see section 7).

5. How and why we use your data (lawful bases)

We use your personal data only where we have a lawful basis under UK GDPR:​

  • Enquiries and shipping quotes
    • To respond to your enquiries and provide shipping quotes.
    • Lawful bases: our legitimate interests in responding to potential customers and running our business.
  • Orders and purchases
    • To process and deliver your orders, including sending Stripe payment links, arranging shipping and communicating with you about your purchase.
    • Lawful bases: legal obligations for tax and accounting.
  • Records, accounts and complaints
    • To maintain our records, manage accounts, handle returns, queries or complaints and keep evidence of our relationship with you.
    • Lawful bases: legitimate interests in responsible business operations and in establishing or defending legal claims; legal obligations for record‑keeping.
  • Marketing communications
    • To send you emails about new artwork, offers or events where you have opted in, or where the law otherwise permits us to contact you (for example, the “soft opt‑in” for existing customers).​
    • Lawful bases: your consent and/or our legitimate interests in promoting and growing our business. You can withdraw consent or object to marketing at any time.
  • Website operation and improvement
    • To operate, maintain and improve our website.
    • Lawful basis: our legitimate interests in running an effective website and improving our customer experience.
  • Legal and regulatory obligations
    • To meet legal, tax and regulatory obligations, such as accounting rules and responding to lawful requests from authorities.
    • Lawful basis: compliance with a legal obligation.

Where we rely on consent (for example, email marketing), you can withdraw it at any time by clicking “unsubscribe” or contacting us using the details in section 2.​

6. Stripe and other third‑party services

Payments are processed by Stripe (or any other provider we may specify), which will collect and process your payment information directly.​
These providers act as independent controllers of your payment data, and their processing is governed by their own privacy policies. We receive only limited information such as confirmation of payment, the last four digits of your card, and your contact details for order fulfilment.​

7. Cookies and website analytics

Our landing pages use only essential cookies necessary for their operation to:

  • Make the site function properly.
  • Support marketing or social media features, if enabled.

If we change this policy, where required, we will ask for your consent for non‑essential cookies through a cookie banner or settings tool, and you can change your choices at any time. You can also control cookies via your browser settings, although disabling some cookies may affect how the site functions.​

8. Sharing your data

We do not sell your personal data. We may share it with:​

  • Service providers who help operate our business, such as website hosting, email service providers, analytics tools (if enabled), couriers and payment processors like Stripe.
  • Professional advisers such as accountants or legal advisers where necessary.
  • Government bodies, regulators or law‑enforcement agencies where the law requires us to share information.

These third parties are only permitted to use your data to provide services to us and must keep it secure and act in accordance with data‑protection law.​

9. International data transfers

Because customers may be based outside the UK, some of our service providers may receive personal data from a range of countries. When we transfer data in this way, we rely on adequacy regulations, the UK‑US Data Bridge where applicable, or standard contractual clauses/IDTAs or similar safeguards required under UK GDPR.​

10. How long we keep your data

We keep your personal data only as long as necessary for the purposes set out in this policy, including legal and accounting requirements.​

In general, this means:

  • Enquiries and quote information: up to 24 months after our last contact if no purchase is made.
  • Order and transaction records: up to 6 years from the end of the financial year in which the transaction took place, to comply with tax and accounting rules.
  • Marketing contact details: until you unsubscribe or we determine that your details are no longer up to date or engaged.

When data is no longer needed, we will securely delete or anonymise it.​

11. Your rights

Under UK data protection law, you have rights including:​

  • Right to be informed about how we use your data (this policy).
  • Right of access to your personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure in certain circumstances.
  • Right to restrict processing in certain circumstances.
  • Right to object to certain processing, including direct marketing.
  • Right to data portability in some circumstances.

You can exercise these rights by contacting us using the details in section 2. We may need to request proof of identity and additional information to confirm your request and keep your data secure.​
We aim to respond within one month, but complex or multiple requests may take longer; if so, we will let you know. We do not usually charge a fee, but we may charge a reasonable fee or refuse a request that is clearly unfounded, repetitive or excessive.​

12. Marketing emails

If you choose to join our mailing list or consent to receive updates, we will send you information about new artwork, promotions and events.​
You can opt out at any time by clicking the “unsubscribe” link in our emails or by contacting us directly, and we will update your preferences promptly. Opting out of marketing does not affect service emails about existing orders.​

13. How we protect your data

We use appropriate technical and organisational measures to protect your personal information, including secure devices and accounts, strong passwords, limited access to customer data and using reputable third‑party providers with strong security practices.​
Access to your personal data is restricted to people who need it for legitimate business purposes and who are subject to duties of confidentiality. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.​

14. Complaints

If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue.​
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection: www.ico.org.uk, telephone 0303 123 1113.​

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.​
When we do, we will update the “last updated” date below and may notify you via our website or email where appropriate.

Last updated: January 2026