GDPR Privacy policy

This privacy policy sets out how Crafts Forever uses and protects any information that you give Crafts Forever when you use this website. Crafts Forever is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Crafts Forever may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25/05/2018.

Credit: This document was created using a template from SEQ Legal (

What we collect

We may collect the following information:

  • IP address, geographical location, browser type / version and operating system as well as a timestamp.
  • name and postal address
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers

  What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services if you have accepted for us to do so.
  • We will not send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided. Unless you have selected the box to agree to receive these.
  • we process personal data in order to comply with our legal obligations for HMRC. This includes internal record keeping such as diaries, mileage logs, customer accounts, invoices and purchases.
  • IP addresses are logged when visiting the website for monitoring and security of our website
  • General correspondence data including emails, text messages, social media posts / messages or any other communication method may include meta data and any information you choose to share with us for the purposes of general business communication, internal record keeping and the establishment, exercise or defence of legal claims
  • Where necessary, the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights

What we do with the information we gather – The Legal Bases

EU Members – Please see below the legal grounds for collecting and using your information under the EU data protection regulation. The legal bases could be a combination of the points below or just one.

  1. It is imperative so we can satisfy our obligation to you outlined in out terms and conditions as our customer or website visitor. For example enabling us to post out your items within our dispatch time.


  1. It is imperative for compliance with legal obligations.


  1. It is imperative to guard the vital interests of yourself or other people.


  1. If we have a legitimate interest to use your data to help improve our services for example to help us offer a better customer experience or safeguard our services.


  1. If consent has been given to allow us to use your information for further analysis for example the use of cookies.

Your personal data, your choice…

Providing us with your personal data for the purposes above is a contractual requirement (unless we obtain it from a third party), and you are obliged to provide this information. It is your choice on whether to provide personal data, but please be aware that without the required personal data, we may not be able to take steps to enter into a contract or provide further details.

Providing your personal data to third parties Emails:

We do not authorise any third parties to access our emails without our permission.

Professional advisors or insurance:

We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.


We may disclose personal data including name, address, email address, telephone number and invoice data to our accountant who’s acting on our behalf, insofar as reasonably necessary for completing our accounts and tax reporting obligations to HMRC.

Suppliers or subcontractors:

We may disclose personal data including name, address, email address, and telephone number to our suppliers or subcontractors insofar as reasonably necessary for providing a service or product on our behalf. The supplier or subcontractor is only permitted to use your data to perform the required business function necessary in providing the service or product on our behalf.

Legal obligation: In addition to the specific disclosures of personal data set out in Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Retaining and deleting personal data

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Contractual necessity: we may keep written contracts and personal data required to provide service(s) and / or good(s) for up to 7 years after termination or fulfilment. Quotes (and personal data relating to them) may be retained for up to 6 months.

Legal obligation: personal data will be kept for 7 years to comply with HMRC tax reporting and record keeping obligations.

Legitimate Interests: where the lawful basis of our processing is based on legitimate interests we will retain your personal data for:

  1. Up to 24 hours from the time of last visiting our website (deleted automatically)
  2. Correspondence data may be kept for as long as only necessary for responding to enquiries, internal records or defence of legal claims
  3. Personal data in relation to recovering debts and payments will be kept as long as necessary (and will be retained under legal obligation for 7 years)

 Security We use an SSL (secure socket layer) certificate on our website (you can see this by the “green padlock” in your browser). This encrypts the link between the website server and the end user. Our emails and quotation form are sent using SSL connection over SMTP. However emails cannot be 100% secure, this is due to the way the internet works. We cannot accept responsibility as it’s out of our control. We ensure physical and technical security measures are in place for business systems we use and the storage of personal data. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Amendments to this policy We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.

Your rights In this Section 7, we have summarised the rights that you have under data protection law.

The right to access your personal data: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

The right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

The right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

The right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

The right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

The right to complain to a supervisory authority: If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority. In the UK it is the Information Commissioners Office – who are responsible for data protection enforcement. You may exercise any of your rights in relation to your personal data by written notice to us – either by our mailing address or emailing


A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree by accepting our cookie statement drop down on our site, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

To keep track of your cart data, we makes use of 3 cookies:

  • woocommerce_cart_hash
  • woocommerce_items_in_cart
  • wp_woocommerce_session_

The first two cookies contain information about the cart as a whole and helps us know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.

We use Google analytics and the cookies it entails in conjunction with our website to help us improve the performance of our site and provide a better exspirence for our users.

Our details This website is owned and operated by Crafts Forever. You can contact Crafts Forever, using the following details;

Address (no visitors please):

Crafts Forever,

51 High Haden Road

Cradley Heath

West Midlands

B64 7PJ

Email address: