— PRIVACY NOTICE —

Privacy.

TL;DR

We collect what we need to ship your order. Stripe handles payment data. We don't sell, share, or trade your details.

Who we are

'ERITAGE is a trading name of Daniel F. Whitehouse, a sole trader based at 42A Penn Road, London, N7 9RE, United Kingdom. We are the data controller responsible for your personal data.

Get in touch about anything in this notice: orders@eritage.xyz.

What we collect

When you place an order, we collect:

Your name and email address
Your delivery and billing addresses
Your phone number (for delivery comms)
Order history

We never see or store your card details — payment is handled directly by Stripe, who are PCI DSS Level 1 certified. We only receive a transaction reference and the last 4 digits of the card used.

Why we collect it

To fulfil our contract with you when you order — processing payment, shipping your tee, dealing with returns and questions. This is the lawful basis under UK GDPR Article 6(1)(b).

If you've explicitly opted in to marketing emails (separate from order confirmations), we use your email to send drop announcements. You can opt out any time via the unsubscribe link in those emails. Lawful basis: consent, Article 6(1)(a).

Who we share it with

Stripe — payment processing. (Stripe's privacy notice)
Royal Mail — we share the delivery name, address, and phone number on the shipping label.
Cloudflare — hosts the website. They process some IP and request data for security and performance. (Cloudflare's privacy notice)

We do not sell, rent, or trade your personal data to anyone. Ever.

How long we keep it

Order records: 6 years from the date of the order. This is required for HMRC tax purposes.

Marketing emails: until you unsubscribe.

Stripe retains payment data separately under its own policy.

Your rights

Under UK GDPR you have the right to:

Request a copy of the personal data we hold about you
Ask us to correct anything that's wrong
Ask us to delete your data (subject to legal retention rules)
Object to or restrict how we process your data
Receive your data in a portable format
Withdraw consent for marketing emails at any time

Email orders@eritage.xyz with any request. We'll respond within 30 days.

If you're not happy with how we've handled your data, you have the right to complain to the UK Information Commissioner's Office — ico.org.uk.

Cookies

We don't currently use any tracking or advertising cookies. Stripe sets a small number of functional cookies when you check out, which are necessary for the payment process to work. Cloudflare uses cookies for security and bot detection.

If we add analytics or marketing tools later, we'll update this notice and ask for your consent first.