top of page

PRIVACY POLICY · LAST UPDATED 18 MAY 2026

How we look after your data.

Plain English explanations of what we collect, why, and what you can do about it.

This policy explains how Fired Paint a Pot Cafe ("we", "us", "our") collects, uses and protects your personal information when you visit https://www.firedpaintapotcafe.co.uk or buy from us. It is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

If you have any questions, please contact us at info@firedpaintapotcafe.co.uk.

 

1. Who we are

Fired Paint a Pot Cafe is the "data controller" of the personal information you provide through this website. That means we are responsible for deciding how and why your information is used.

  • Trading name: Fired Paint a Pot Cafe

  • Registered address: 5–7 Peter Street, Bury, BL8 3AB

  • Company number: 11508620

  • Contact: info@firedpaintapotcafe.co.uk

 

2. The information we collect

Depending on how you use the site, we may collect:

  • Identity and contact data – your name, billing and delivery address, email address, phone number.

  • Account data – your username, password (stored encrypted by Wix), order history and preferences.

  • Transaction data – details of products or sessions you've bought, payment amounts, and partial card details (we never see or store your full card number — see Section 5).

  • Communications data – messages you send us through contact forms, email, or in person at the cafe.

  • Marketing preferences – whether you've opted in to our newsletter, and your engagement with our emails (opens, clicks).

  • Technical data – IP address, browser type and version, device type, operating system, time zone, and the pages you view on our site.

  • Cookie data – see our Cookies section (Section 10).

We do not intentionally collect special category data (such as health or biometric information) or information about children under 13 without parental consent.

 

3. How we collect it

We collect information when you:

  • Create an account or place an order

  • Book a session or buy a product online

  • Fill in a contact or enquiry form

  • Sign up for our newsletter

  • Browse the site (via cookies and analytics)

  • Contact our customer support

4. Why we use your information, and our legal basis

Under UK GDPR, we must have a lawful basis for processing your data. Here's how that breaks down:

  • Process and fulfil your orders or bookings — to deliver the products or sessions you've paid for. Legal basis: performance of a contract.

  • Take payment — to complete your purchase. Legal basis: performance of a contract.

  • Manage your account — so you can log in, track orders, and save your details. Legal basis: performance of a contract.

  • Respond to enquiries — to answer your questions. Legal basis: legitimate interests / performance of a contract.

  • Send order updates — to keep you informed about your purchase or booking. Legal basis: performance of a contract.

  • Send marketing emails — to tell you about new products, sessions and offers. Legal basis: consent (which you can withdraw at any time).

  • Analytics and site improvement — to understand how the site is used and improve it. Legal basis: consent (for non-essential cookies) / legitimate interests.

  • Fraud prevention — to protect our business and customers. Legal basis: legitimate interests / legal obligation.

  • Keep accounting records — to meet HMRC and company law requirements. Legal basis: legal obligation.

5. Payments

Payments are processed by Square and Lightspeed. Your full card details are entered directly with them and are never stored on our servers. We only receive a confirmation that payment has succeeded, along with limited information such as the last four digits of your card and the billing name.

You can read their privacy policies here:

 

6. Who we share your information with

We don't sell your data. We share it only with trusted third parties who help us run the business:

  • Website hosting and infrastructure: Wix

  • Payment processors: Square and Lightspeed

  • Email marketing platform: Wix (Wix Email Marketing / Ascend)

  • Analytics providers: Google Analytics and Wix Analytics

  • Delivery and fulfilment partners (if you order items for delivery)

  • Professional advisers – accountants, lawyers, auditors where necessary

  • Regulators and authorities – where we're legally required to disclose

All of these providers are bound by data-processing agreements that require them to handle your data securely and only on our instructions. You can read Wix's privacy policy here: wix.com/about/privacy.

 

7. International transfers

Some of the providers above (including Wix and Google) are based outside the UK. Whenever we transfer your data outside the UK, we make sure it's protected by appropriate safeguards, such as:

  • The UK Government's "adequacy" decisions for countries with equivalent data protection laws (including the EU)

  • The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses

  • The UK extension to the EU–US Data Privacy Framework, where applicable

 

8. How long we keep your information

We only keep your data for as long as we need it:

  • Order and transaction records: 7 years (to meet HMRC requirements)

  • Account data: while your account is active, plus a reasonable period after closure

  • Marketing data: until you unsubscribe, then we retain a minimal record of your opt-out so we don't contact you again

  • Enquiry / support messages: typically up to 2 years

  • Analytics data: up to 14 months in Google Analytics

When we no longer need your data, we delete or anonymise it.

9. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you

  • Correct inaccurate or incomplete data

  • Erase your data ("right to be forgotten") in certain circumstances

  • Restrict how we use your data

  • Object to processing based on legitimate interests, including direct marketing

  • Data portability – receive your data in a structured, machine-readable format

  • Withdraw consent at any time, where we rely on consent

  • Not be subject to automated decisions that have a significant effect on you

To exercise any of these, please email info@firedpaintapotcafe.co.uk. We'll respond within one month.

If you're unhappy with how we've handled your data, you can complain to the Information Commissioner's Office (ICO):

We'd appreciate the chance to address your concerns first, so do get in touch with us before contacting the ICO if possible.

 

10. Cookies and tracking

We use cookies and similar technologies to make the site work, understand how it's used, and (where you've agreed) deliver relevant marketing.

There are broadly four categories:

  • Strictly necessary – essential for the site to work (e.g. your shopping basket, login). These don't require consent.

  • Performance / analytics – help us understand visitor behaviour (Google Analytics, Wix Analytics).

  • Functional – remember your preferences.

  • Marketing / advertising – used to deliver relevant ads and measure their effectiveness.

We ask for your consent through our cookie banner before setting any non-essential cookies, and you can change your preferences at any time. You can also block cookies through your browser settings, though some parts of the site may not work properly as a result.

 

11. Marketing

If you've opted in, we'll send you emails about new products, painting sessions, events and offers through Wix's email marketing tools. You can unsubscribe at any time by:

  • Clicking the "unsubscribe" link in any marketing email

  • Updating your preferences in your account

  • Emailing us at info@firedpaintapotcafe.co.uk

Unsubscribing from marketing won't stop you from receiving essential transactional emails (e.g. booking confirmations and order updates).

 

12. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), access controls, and secure hosting through Wix. No system is 100% secure, but we work hard to minimise risk and respond promptly to any incidents.

 

13. Children

This website isn't intended for children under 13, and we don't knowingly collect their data online. If a child wants to attend a painting session, bookings should be made by a parent or guardian. If you believe a child has provided us with personal information online, please contact us and we'll delete it.

 

14. Links to other sites

Our website may contain links to other sites we don't control. If you click through, we're not responsible for their privacy practices — we'd encourage you to read their own privacy policies before sharing any information with them.

15. Changes to this policy

We may update this policy from time to time. When we make significant changes, we'll let you know via email or a notice on the site. The "last updated" date at the top will always reflect the most recent version.

 

16. Contact us

If you have any questions about this policy or how we use your data, please get in touch:

bottom of page