The Grow Shop – Privacy Policy

Last Updated: 04/02/2026

The Grow Shop Ltd (“we”, “our”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal information when you visit or make a purchase from https://thegrowshop.co.uk.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

We may collect and process the following types of personal data:

a) Information You Provide

  • Name

  • Billing and delivery address

  • Email address

  • Phone number

  • Account login details (if applicable)

  • Order details and communications

b) Payment Information

Payments are processed securely by third-party payment providers. We do not store card details on our servers.

c) Technical & Usage Data

  • IP address

  • Browser type and device information

  • Pages viewed and site interactions

  • Cookies and similar tracking technologies

2. How We Use Your Information

We use your data to:

  • Process and fulfil your orders

  • Manage your account and customer support enquiries

  • Send service communications (order confirmations, delivery updates)

  • Send marketing emails (only where you have opted in)

  • Improve our website, services and customer experience

  • Prevent fraud and ensure site security

  • Meet legal and regulatory obligations

3. Lawful Bases for Processing

Under UK GDPR, we process your data on the following lawful bases:

  • Contract – to fulfil your orders and provide services

  • Consent – for marketing communications and optional cookies

  • Legal obligation – for accounting, tax and regulatory purposes

  • Legitimate interests – to improve our services and protect our business

4. Data Sharing and Disclosure

We do not sell your personal data.

We may share data with trusted third parties including:

  • Payment processors (e.g. Stripe, PayPal)

  • Shipping and courier companies

  • Website hosting and IT service providers

  • Email and marketing platforms

All third parties are required to process your data securely and in accordance with UK GDPR.

We may also disclose data if legally required to do so.

5. International Transfers

Some service providers may store data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy regulations or standard contractual clauses.

6. Data Retention

We retain personal data only as long as necessary:

  • Order and accounting data — up to 6 years for HMRC compliance

  • Marketing data — until consent is withdrawn

  • Customer account data — until account deletion request

7. Your Data Protection Rights

You have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion of your data

  • Restrict or object to processing

  • Withdraw consent at any time

  • Request data portability

  • You also have the right to raise a concern with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been breached (www.ico.org.uk)

8. Cookies

We use cookies and similar technologies to:

  • Enable core site functionality

  • Analyse website traffic

  • Improve performance and user experience

  • Support marketing activity (where consent is given)

You can manage cookie preferences via your browser or our cookie consent banner.

9. Data Security

We use appropriate technical and organisational measures to protect your personal data, including SSL encryption, secure servers, and access controls.

10. Changes to This Policy

We may update this policy from time to time. The latest version will always be published on this page with the updated date.

11. Contact Us

If you have any questions about this policy or your personal data, please contact:

The Grow Shop Ltd
Email: info@thegrowshop.co.uk
Website: https://thegrowshop.co.uk