Last Updated: November 12, 2025
Introduction
Mini Mabel Cornwall (“we,” “us,” or “our”) operates the website https://minimabelcornwall.co.uk/ (the “Website”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you purchase our products, including copies of the book ‘Grey Whiskers’ and cheese bookmarks, through our Website.
We are committed to protecting your privacy and ensuring the security of your personal information in accordance with the General Data Protection Regulation (GDPR) and the UK GDPR. By using our Website and making a purchase, you consent to the practices described in this Privacy Policy.
Information We Collect
Personal Information
When you make a purchase on our Website, we collect the following personal information:
Shipping Information:
- Full name
- Delivery address (including street address, city, county/state, postal code, and country)
- Telephone number
- Email address
Payment Information:
- Payment card details (credit or debit card number, expiration date, CVV/security code)
- Billing address (if different from shipping address)
- Payment transaction details
How We Use Your Information
We process your personal information on the following legal bases under GDPR:
Contractual Necessity:
- To process and complete your purchase
- To package and ship your order to the delivery address provided
- To communicate with you about your order status
Payment Processing:
- To process your payment securely
- To prevent fraudulent transactions
- To maintain financial records for accounting purposes
Legitimate Interests:
- To respond to your inquiries and requests
- To address any issues with your order
- To provide customer support
- To improve our products and services
Legal Compliance:
- To comply with applicable laws and regulations
- To maintain records required by law
- To respond to legal requests and prevent illegal activity
How We Share Your Information
We disclose your personal information to the following third parties as necessary to fulfill your order and operate our business:
Payment Processors
We share your payment information with trusted third-party payment processing services that handle credit and debit card transactions on our behalf. These payment processors are PCI DSS (Payment Card Industry Data Security Standard) compliant and maintain strict security measures to protect your financial information. We do not store complete payment card details on our servers.
Shipping and Delivery Partners
We share your shipping information (name, delivery address, telephone number, and email address) with courier and postal services to deliver your order. These partners are contractually obligated to use your information solely for the purpose of delivering your package.
Service Providers
We may share your information with service providers who assist us in operating our Website, conducting our business, or servicing you, provided those parties agree to keep this information confidential. This may include:
- Website hosting providers
- Email service providers
- Customer relationship management systems
Legal Requirements
We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, government agency, or law enforcement).
Method of Disclosure
Personal information is disclosed through the following secure methods:
- Encrypted data transmission via secure SSL/TLS protocols
- Secure API connections with third-party service providers
- Password-protected and encrypted databases
- Secure file transfer protocols where applicable
Data Security Practices
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:
Technical Safeguards:
- SSL/TLS encryption for all data transmitted through our Website
- Secure socket layer (HTTPS) protocol for all pages
- Regular security updates and patches to our systems
- Firewall protection and intrusion detection systems
- Secure, encrypted storage of personal data
Organizational Safeguards:
- Access to personal information is restricted to authorized personnel only on a need-to-know basis
- Regular staff training on data protection and privacy practices
- Written agreements with third-party service providers requiring them to maintain confidentiality and security
- Regular review and update of our security measures
Payment Security:
- We use PCI DSS compliant payment processors
- Payment card information is encrypted and tokenized
- We do not store complete payment card details on our servers
Despite our security measures, please be aware that no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
- Order and shipping information is retained for up to seven years for accounting and tax purposes
- Payment transaction records are retained as required by financial regulations
- Customer service correspondence is retained for up to three years
Once the retention period expires, we securely delete or anonymize your personal information.
Your Rights
Under GDPR and UK GDPR, you have the following rights regarding your personal information:
- Right to Access: You may request a copy of the personal information we hold about you
- Right to Rectification: You may request that we correct any inaccurate or incomplete information
- Right to Erasure: You may request that we delete your personal information, subject to legal retention requirements
- Right to Restrict Processing: You may request that we limit how we use your personal information
- Right to Data Portability: You may request a copy of your information in a structured, machine-readable format
- Right to Object: You may object to our processing of your personal information based on legitimate interests
- Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time
- Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated
To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.
Children’s Privacy
Our Website and products are not intended for purchase by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
International Data Transfers
If you are accessing our Website from outside the United Kingdom, please be aware that your information may be transferred to, stored, and processed in the United Kingdom. We ensure that any international transfers of personal data comply with GDPR requirements, including the use of appropriate safeguards such as Standard Contractual Clauses where necessary. By using our Website and providing your information, you consent to such transfers.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will post the updated Privacy Policy on this page with a new “Last Updated” date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us at:
Mini Mabel Cornwall
Website: https://minimabelcornwall.co.uk/
Email: mini.mabel.cornwall’gmail.com
We will respond to your inquiry within 30 days of receipt.
