Welcome to Tattoo Art online Store!
    • My Cart0total £0.00

    Privacy Policy

    Privacy Policy

    Last updated: 25 April 2026

    This policy explains how Beenframed collects, uses and protects your personal data when you visit our website at www.beenframed.co.uk or place an order with us.

    1. Who we are

    Beenframed is a trading name of Patrina Bradshaw, a sole trader based in Greater Manchester, England. For the purposes of UK data protection law, Patrina Bradshaw trading as Beenframed is the data controller for personal information collected through this website.

    Contact: info@beenframed.co.uk
    Website: beenframed.co.uk

    2. What information we collect

    We may collect and process the following personal data:

    • Name and contact details (email address, phone number, delivery address) when you place an order or contact us
    • Personalisation details you supply for your frame (names, dates, photographs, custom text)
    • Payment information — processed securely through our payment providers; we do not see or store full card details
    • Order history and transaction details
    • Information you provide when you contact us by email or contact form
    • Technical data including your IP address, browser type and pages visited, where we have your consent to use cookies that collect this

    3. How we use your information

    We use your personal data to:

    • Process and fulfil your orders, including delivery
    • Send order confirmations, dispatch notifications and customer service communications
    • Respond to enquiries and provide customer support
    • Improve our website and services where you have given consent
    • Comply with legal obligations, including tax and accounting requirements

    4. Lawful basis for processing

    Under the UK General Data Protection Regulation (UK GDPR), we process your data on the following bases:

    • Contract: to fulfil orders you have placed with us and to provide the customer service that goes with them
    • Legal obligation: to comply with HMRC tax and accounting requirements (currently a 6-year retention period for transaction records)
    • Legitimate interest: to keep our website secure (for example, spam prevention) and to detect and prevent fraud
    • Consent: for non-essential cookies and analytics, where you have opted in via our cookie banner

    5. How we share your information

    We do not sell your personal data to anyone. We share information only with the service providers we need in order to run the business and fulfil your order. Our processors include:

    • Fasthosts — web hosting and email infrastructure (transactional email is sent through Fasthosts livemail)
    • PayPal — payment processing for orders paid via PayPal
    • WooPayments (operated by Automattic and its sub-processors, including Stripe) — payment processing for orders paid by card
    • Stripe — payment processing where used directly or as a sub-processor of WooPayments
    • ShipStation — shipping label generation and dispatch management
    • Royal Mail and other couriers — physical delivery of your order
    • Google Analytics — aggregated, anonymised usage statistics, only loaded where you have given consent
    • Google reCAPTCHA — spam and bot prevention on forms, only loaded where you have given consent
    • Complianz — cookie consent management (this runs on our own website but stores a small amount of consent data on your device)

    Each of these providers acts as a separate data controller or processor under their own privacy policies. For full details of the cookies and tracking technologies used by these services, please see our Cookie Policy.

    6. International transfers

    Some of our service providers (including PayPal, Stripe, Google and Automattic) are based in the United States or transfer data internationally as part of their global operations. Where personal data is transferred outside the UK, we rely on legally recognised safeguards:

    • The UK’s adequacy decision for the EU and EEA, where data is held within Europe
    • Standard Contractual Clauses approved under UK GDPR, where data is transferred to the United States or other third countries
    • Where applicable, the UK Extension to the EU–US Data Privacy Framework

    The privacy policies of our individual processors give the specific safeguard that applies to each transfer.

    7. Cookies

    Our website uses cookies and similar technologies. Strictly necessary cookies (for example, those that keep your shopping cart working) are loaded automatically. All other cookies, including analytics and spam-prevention cookies, are only loaded after you give consent through our cookie banner.

    Full details of the cookies we use, their purposes and how to manage your preferences are set out in our Cookie Policy.

    8. How long we keep your data

    We retain your personal data only for as long as we need it:

    • Order and transaction data: 6 years from the end of the relevant tax year (HMRC requirement)
    • Customer enquiries and email correspondence: up to 2 years after your last contact with us, unless we need to keep it longer for a specific reason
    • Personalisation files (photos, custom text): kept while your order is in production and for a short period afterwards in case of remakes; then deleted
    • Cookie consent records: as set in our cookie policy (typically 365 days)

    9. Your rights

    Under the UK GDPR, you have the right to:

    • Access the personal data we hold about you
    • Request correction of inaccurate or incomplete data
    • Request deletion of your data, where we have no legal reason to keep it
    • Object to or restrict our processing of your data
    • Receive a copy of your data in a portable, machine-readable format
    • Withdraw consent for any processing based on consent (such as analytics cookies), at any time

    To exercise any of these rights, please contact us at info@beenframed.co.uk. We will respond within one month of receiving your request.

    If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office at www.ico.org.uk or by calling 0303 123 1113. We’d appreciate the chance to put things right first, but you can go directly to the ICO if you prefer.

    10. Security

    We take appropriate technical and organisational measures to protect your personal data. Our website uses SSL encryption (HTTPS) for all data in transit. Payment processing is handled by PCI-compliant providers and we never see or store your full card details on our systems.

    11. Changes to this policy

    We may update this policy from time to time, for example if we add new payment providers or if the law changes. The version that applies is the version on this page on the date you visit. The “last updated” date at the top of this policy will reflect the date of the most recent change.

    12. Contact

    If you have any questions about this policy or how we handle your data, please contact us at info@beenframed.co.uk.