Privacy policy

PRIVACY POLICY

Last updated: June 3, 2026

Still & Held operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services").

Still & Held is powered by Shopify, which enables us to provide the Services to you. Shopify acts as a separate data controller for certain personal data processed through the Shopify platform. Still & Held is the data controller for personal data processed in connection with orders placed through this website.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

1. Personal Information We Collect or Process

When we use the term "personal information," we refer to information that identifies or can reasonably be linked to an individual. This does not include anonymised or de-identified data.

We may collect or process the following categories of personal information:

Contact details

  • Name
  • Billing address
  • Shipping address
  • Email address
  • Phone number (if provided)

Financial and payment information

Payment information is processed by third-party payment processors (including PayPal, Apple Pay, and Shopify Payments where applicable). We do not receive or store full payment card numbers.

We may receive limited information such as payment confirmation, transaction status, currency, and order reference.

Account information

  • Username (if applicable)
  • Password (encrypted via platform provider)
  • Preferences and settings

Transaction information

  • Items purchased, returned, exchanged, or cancelled
  • Items viewed, added to cart, or wish list
  • Order history

Communications

  • Information included in customer support communications or enquiries

Device and usage information

  • IP address
  • Browser type and version
  • Device identifiers
  • Pages viewed and interactions with the Services
  • Referring website and browsing activity

2. Sources of Personal Information

We may collect personal information from:

  • Directly from you (e.g. orders, enquiries, account creation)
  • Automatically through your use of the Services (e.g. cookies, analytics tools)
  • From service providers (e.g. Shopify, Printify, payment processors)
  • From third-party partners where legally permitted

3. How We Use Personal Information

We use personal information for the following purposes:

Order and service fulfilment

  • Processing payments (contract)
  • Fulfilling and delivering orders (contract)
  • Managing returns, refunds, and exchanges (contract)

Business operations

  • Providing customer support (contract / legitimate interests)
  • Maintaining records for tax and accounting purposes (legal obligation)
  • Preventing fraud and securing transactions (legitimate interests)

Website functionality and improvement

  • Operating and maintaining the website (legitimate interests)
  • Analysing usage to improve services (legitimate interests or consent where required)

Marketing (where applicable)

  • Sending marketing communications where consent has been provided (consent)
  • Users may withdraw consent at any time

4. Legal Basis for Processing (UK GDPR)

We rely on the following lawful bases:

  • Contract – to process and fulfil orders
  • Legal obligation – compliance with tax, accounting, and legal requirements
  • Legitimate interests – fraud prevention, website security, and service improvement
  • Consent – marketing communications and non-essential cookies

5. How We Disclose Personal Information

We may disclose personal information to:

Service providers

  • Shopify (e-commerce platform and hosting)
  • Printify and its production partners (order fulfilment)
  • Payment processors (PayPal, Apple Pay, Shopify Payments)
  • Analytics and IT service providers

These providers process personal data only as necessary to perform services on our behalf.

Other disclosures

We may disclose personal information:

  • Where required by law or legal process
  • To protect our legal rights or prevent fraud
  • In connection with a business transaction (e.g. restructuring or sale of business assets)
  • Where you have provided consent

We do not sell personal data.

6. Relationship with Shopify

The Services are hosted by Shopify. Shopify processes personal information to provide, secure, and improve its services.

Information you provide may be transferred to Shopify and third parties located outside your country of residence.

Shopify may also use aggregated or anonymised data for business analytics and platform improvement.

To understand Shopify’s processing practices, please refer to Shopify’s Privacy Policy and Privacy Portal.

7. International Transfers

Personal data may be transferred outside the United Kingdom.

Where this occurs, appropriate safeguards are used in accordance with UK GDPR, including Standard Contractual Clauses or transfers to countries deemed to provide adequate protection.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable essential website functionality
  • Support shopping cart and checkout functionality
  • Analyse website traffic and usage

Non-essential cookies (e.g. analytics or marketing cookies) are only used where consent has been provided via the cookie banner.

You may control cookies through your browser settings.

9. Data Retention

We retain personal data only as long as necessary:

  • Order and transaction data: up to 6 years (tax and legal requirements)
  • Customer service data: as long as required to resolve enquiries
  • Marketing data: until consent is withdrawn or you unsubscribe
  • Technical data: retained for limited periods for security and analytics

10. Data Security

We implement appropriate technical and organisational measures to protect personal data.

However, no system of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your Rights (UK GDPR)

You have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent (where applicable)

Requests can be made using the contact details below.

We may need to verify your identity before responding.

12. Complaints

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
https://ico.org.uk/

13. Third-Party Websites

Our Services may contain links to third-party websites. We are not responsible for their privacy practices.

14. Children’s Data

The Services are not directed to individuals under the age of majority in their jurisdiction. We do not knowingly collect personal data from children.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last updated” date.

16. Contact

For questions about this Privacy Policy or your personal data:

Email: stillnheld@gmail.com
Address: 17 High Street, Hertfordshire EN8 7AA