1. Who We Are
Our website address is: http://www.mralexsir.co.uk. We are MrAlexSir Makes Stuff, a small business specializing in custom-engraved products. We are the Data Controller responsible for the personal data you provide to us.
2. Data We Collect and Why We Collect It
We collect and process your personal data under the lawful basis of Contractual Necessity (to fulfill your order) and Legal Obligation (for tax and accounting records).
| Data Collected | When It’s Collected | Purpose and Legal Basis |
| Order Data (Name, Billing/Shipping Address, Email, Phone Number) | When you place an order. | Purpose: To process your payment, manufacture your custom item, ship your order, and send order confirmations. Legal Basis: Contractual Necessity. |
| Payment Data | When you complete checkout. | Purpose: To process your transaction. We do not store your full credit card details; this information is handled securely by our payment processor (e.g., PayPal, WooCommerce Payments, etc.). Legal Basis: Contractual Necessity. |
| Comments Data (Name, Email, IP Address, Browser Agent) | When visitors leave comments on the site. | Purpose: To help with spam detection and to display your public comment. Legal Basis: Legitimate Interest. |
| Technical Data (IP address, browser type) | When you browse the site. | Purpose: To provide site security and for general website analytics. Legal Basis: Legitimate Interest. |
3. Cookies
-
Shopping Cart: If you add items to your basket, we use temporary cookies to track your selection. These cookies are essential for the functionality of the checkout process and contain no personal data.
-
Comments: If you leave a comment on our site you may opt in to saving your name, email address, and website in cookies for convenience. These cookies will last for one year.
-
Login: If you visit our login page or log in, we set up temporary and persistent cookies to manage your login state and screen display choices.
4. Who We Share Your Data With
We only share data strictly necessary to fulfill the services you have requested:
-
Payment Processors: We share payment details with secure third-party processors (e.g., PayPal, Stripe) to validate and process your payment.
-
Shipping Carriers: We share your Name, Shipping Address, and Phone Number with Royal Mail to ensure your order can be delivered.
-
Spam Detection: Visitor comments may be checked through an automated spam detection service.
5. How Long We Retain Your Data
We retain your personal data only for as long as necessary for the purpose it was collected, or to meet our legal obligations:
-
Order Data: We retain order data (Name, Address, Items Purchased) for a minimum of 6 years from the end of the relevant tax year. This is required by HMRC (His Majesty’s Revenue and Customs) for tax and accounting audits.
-
Comments: If you leave a comment, the comment and its metadata are retained indefinitely so we can recognize and approve any follow-up comments automatically.
-
Marketing Data: If you sign up for our mailing list, we retain your email until you unsubscribe.
6. Your Rights Over Your Data (UK GDPR)
Under UK GDPR, you have the right to request:
-
Access: You can request a copy of the personal data we hold about you.
-
Rectification: You can ask us to correct any inaccurate or incomplete data we hold about you.
-
Erasure (Right to be Forgotten): You can ask us to erase any personal data we hold about you. Note that this right does not include data we are obliged to keep for administrative, legal, or security purposes (such as the 6-year tax record).
-
Restriction or Objection to processing your data for certain purposes.
To exercise any of these rights, please contact us at me@mralexsir.co.uk.