top of page

Privacy Policy

Effective Date: March 2026

1. Who We Are

This Privacy Policy explains how your personal information is collected, used and protected when you interact with our website or purchase from us.

Victoria Waugh, trading as The Story Tailor (“we”, “us”, “our”) is the Data Controller for the personal data collected through this website.

If you have questions about this policy or how your data is handled, contact us at:
Email: hello@thestorytailor.co.uk

2. The Personal Information We Collect

We may collect, store and use the following types of personal information when you browse the website, place an order or contact us:

Information you provide directly

  • Your name

  • Email address

  • Postal address

  • Phone number

  • Order details

  • Messages and correspondence sent to us (e.g., contact forms, emails)

Information we collect automatically

When you visit our website we may collect technical information including:

  • IP address

  • Browser type and version

  • Operating system

  • Referral source

  • Page views and navigation paths

  • Time spent on the website

This helps us understand website usage patterns and improve performance.

Payment information

Payments for orders are processed securely by our third‑party provider (PayPal).
We never see or store your full payment card details.

3. How We Use Your Personal Information

We use your personal data for the following purposes:

To respond to enquiries

To answer questions, provide support and respond to messages you send to us.

To process and fulfil orders

This includes:

  • confirming orders

  • creating and sending invoices

  • dispatching items

  • sending updates about your order

To comply with our legal obligations

Such as maintaining financial and tax records required by HMRC.

To send occasional updates (optional)

If you choose to opt‑in, we may send you news, announcements or special offers.
You can opt out at any time.

4. Our Legal Bases for Processing

We process your personal data under the following UK GDPR lawful bases:

  • Performance of a Contract – processing orders, payments, invoices and dispatch.

  • Legitimate Interests – responding to enquiries and ensuring website security and functionality.

  • Legal Obligation – retaining financial records for tax compliance.

  • Consent – sending marketing communications (only if you explicitly opt in).

5. Sharing Your Information

We will never sell your personal data.
We may share limited data with trusted third parties only when necessary:

  • PayPal – to process payments securely.

  • Wix.com – our website provider, which hosts data on secure servers.

  • Legal authorities – if we are required to do so by law or in connection with legal proceedings.

We do not share your information for external marketing or research.

6. International Data Transfers

Because Wix.com and PayPal operate globally, your data may be transferred outside the UK.
Whenever this happens, we ensure your data is protected by appropriate safeguards such as:

  • UK adequacy regulations, or

  • Standard Contractual Clauses (SCCs)

These measures ensure your data receives an equivalent level of protection.

7. Data Retention

We only keep your data for as long as necessary for the purposes described above.

Typical retention periods include:

  • Order records & financial information: 6 years (legal requirement)

  • Customer enquiries: up to 12 months unless they relate to an order

  • Marketing preferences: until you withdraw consent

After these periods, data is deleted.

8. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you

  • Correct inaccurate or incomplete data

  • Request deletion of your data in certain circumstances

  • Restrict the processing of your data

  • Object to processing based on legitimate interests

  • Withdraw consent at any time (for marketing)

  • Request data portability

  • Complain to the ICO if you believe your rights are not being respected
    www.ico.org.uk

To exercise these rights, please contact us using the details at the top of this policy.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your browsing experience and analyse website performance.

You can manage or disable cookies through your browser settings.

See out separate Website Usage Policy with further detail.

10. Security of Your Information

We take appropriate technical and organisational measures to protect your data, including:

  • Secure servers and firewalls

  • SSL encryption

  • Restricted access to personal data

  • Using reputable third‑party processors for secure payments

However, no internet transmission is completely secure and we cannot guarantee absolute security.

11. Third‑Party Links

Our website may contain links to external websites.
We are not responsible for their privacy practices and encourage you to read their policies.

12. Updates to This Policy

We may update this Privacy Policy from time to time.
Any changes will be posted on this page with an updated effective date.
Your continued use of the website means you accept the updated policy.

bottom of page