Privacy Policy

Last updated: 28/09/2025

Deck and Dagger (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under UK GDPR.

1. What information do we collect?

We may collect and process the following personal information:

  • Identity Data: Name, username, and account login details.

  • Contact Data: Email address, billing address, delivery address, and phone number.

  • Account Data: Order history, saved preferences, account settings.

  • Transaction Data: Payment details (processed securely by providers like Stripe, Apple Pay, Google Pay – we do not store full card details).

  • Technical Data: IP address, browser type, device type, and cookies.

  • Marketing and Communications Data: Your preferences for receiving emails, newsletters, and promotions.

  • Behavioural Data: Purchases, browsing activity, and interactions with our website or emails, which may be used for targeted marketing.

2. How do we process your information?

We process your data to:

  • Provide and deliver your orders.

  • Create and manage customer accounts.

  • Manage payments, fees, and charges.

  • Communicate with you about orders, bookings, or your account.

  • Send you newsletters, updates, and promotions (if you opt in).

  • Provide targeted marketing tailored to your interests.

  • Allow you to view your order history, saved items, and preferences.

  • Improve our website, café services, and customer experience.

  • Comply with legal and regulatory requirements.

3. What legal bases do we rely on to process your personal information?

Under UK GDPR we rely on the following:

  • Contractual necessity: To fulfil your orders, bookings, and manage your account.

  • Legitimate interests: To improve services, prevent fraud, and promote our business (including some targeted marketing).

  • Consent: For marketing communications and cookies used for advertising or tracking. You can withdraw consent at any time.

  • Legal obligation: To comply with law (e.g. tax and accounting records).

4. When and with whom do we share your personal information?

We may share your data with:

  • Payment providers (e.g. Stripe, Apple Pay, Google Pay).

  • Delivery companies to fulfil orders.

  • Marketing and advertising platforms (only where you have consented to targeted marketing).

  • Professional advisers (accountants, legal).

  • Service providers who support our website, accounts, bookings, and IT systems.

We do not sell your data to third parties.

5. Do we use cookies and other tracking technologies?

Yes. We use cookies and similar technologies to:

  • Enable login and account functionality.

  • Analyse website traffic and performance.

  • Improve your browsing experience.

  • Deliver personalised content and targeted advertising.

You can manage or disable cookies in your browser settings or via our cookie banner.

6. How long do we keep your information?

We only keep your data as long as necessary:

  • Orders and transactions: 6 years (for legal/tax purposes).

  • Account data: For as long as your account is active, or until you request deletion (unless law requires retention).

  • Marketing data: Until you unsubscribe or withdraw consent.

  • Booking and event data: Retained as long as reasonably needed for management and record keeping.

  • Behavioural/marketing data: Retained only as long as needed for campaigns, or until you opt out.

7. How do we keep your information safe?

We use a combination of technical and organisational measures to protect your data, including:

  • Encryption of payment data (via secure third-party providers).

  • Secure servers and firewalls for website hosting.

  • Access controls to limit who can see personal data.

  • Regular reviews of our data handling practices.

8. What are your privacy rights?

Under UK GDPR, you have the right to:

  • Access the data we hold about you.

  • Request correction of inaccurate data.

  • Request deletion of your data (where not legally required to retain it).

  • Object to processing based on legitimate interests (including targeted marketing).

  • Withdraw consent at any time (for marketing or tracking cookies).

  • Request data portability (transfer to another provider).

To exercise these rights, contact us at hello@deckanddagger.co.uk.

9. Controls for Do-Not-Track features

Most browsers and some mobile systems allow you to activate a Do-Not-Track (DNT) signal. At present, there is no uniform technology standard for recognising and responding to DNT signals. We do not currently respond to DNT browser signals. If standards are adopted, we will update this notice.

10. Do we make updates to this notice?

Yes. We may update this Privacy Policy from time to time. The latest version will always be available on our website.

11. How can you contact us about this notice?

If you have any questions or concerns, you can contact us at:

Email: hello@deckanddagger.co.uk
Address: 4 Palmer Street, Frome, Somerset, BA11 1DS

12. How can you review, update, or delete the data we collect from you?

You can:

  • Log into your account to update or delete some personal information.

  • Contact us directly at hello@deckanddagger.co.uk to request a review, update, or deletion of your data.

  • Unsubscribe from marketing emails by clicking the link at the bottom of any message.

If you are not satisfied with how we handle your request, you can lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.