1. Introduction
Gelatine Sculpt UK Ltd ("we," "us," "our") is a company registered in England and Wales (Company No. 14829362) with registered offices at Suite 14, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (gelatinesculpt.co.uk) or place an order with us.
This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). Gelatine Sculpt UK Ltd is registered with the Information Commissioner's Office (ICO) under registration number ZB512774.
2. The Data We Collect
We collect and process the following categories of personal data:
Information you provide directly
- Contact details: your name, postal address, email address, and telephone number
- Order information: the products you purchase, the delivery address, and the payment method used (we do not store your full card details)
- Account information: if you create an account, your login credentials and any profile preferences
- Communications: any messages you send to our support team or feedback you submit via our forms
- Review submissions: any reviews, ratings, or testimonials you choose to share publicly
Information collected automatically
- Technical data: IP address, browser type and version, operating system, time zone, and device identifiers
- Usage data: pages visited, time spent on pages, click patterns, and referral source
- Cookies and similar technologies: see our Cookie Policy for details
3. How We Use Your Data
We process your personal data on the following legal bases:
Contract performance
To process and fulfil your orders, communicate with you about your order status, deliver products to your address, and respond to support enquiries relating to your order.
Legitimate interests
To improve our website and services, prevent fraud, ensure platform security, conduct analytics on aggregated user behaviour, and respond to general enquiries. We have assessed that these legitimate interests do not override your fundamental rights and freedoms.
Consent
To send you marketing communications (where you have explicitly opted in), place non-essential cookies, and use your data for purposes beyond those described above. You may withdraw your consent at any time.
Legal obligations
To comply with tax law, accounting requirements, consumer protection legislation, and any other legal obligations applicable to our business.
4. Who We Share Your Data With
We do not sell, rent, or trade your personal data to any third party for marketing purposes. We share limited data with carefully selected service providers who help us operate our business:
- Payment processors: Stripe (PCI-DSS compliant) processes payment transactions. Your full card details are never stored on our servers.
- Delivery partners: Royal Mail and DPD receive the minimum data necessary (name, address, phone) to deliver your order.
- Email service providers: Klaviyo handles transactional emails (order confirmations, shipping notifications) and optional marketing emails (only with your consent).
- Hosting and infrastructure: Our website is hosted on UK-based servers with appropriate security certifications.
- Review verification: An independent third-party review platform verifies and publishes customer reviews.
All service providers are contractually bound to process your data only for the specific purposes we have authorised, and to apply appropriate security measures.
5. International Transfers
Where any of our service providers are located outside the United Kingdom, we ensure that appropriate safeguards are in place to protect your data. These typically include the use of UK International Data Transfer Agreements, Standard Contractual Clauses approved by the UK Information Commissioner's Office, and adequacy decisions where applicable.
6. How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, plus any additional period required to comply with legal obligations.
- Order records: retained for 6 years after the last order, in accordance with HMRC requirements
- Customer account data: retained while your account is active and for 24 months after inactivity, after which we anonymise or delete it
- Marketing data: retained until you withdraw consent or for 24 months after your last engagement, whichever comes first
- Support correspondence: retained for 3 years to support ongoing customer service quality
7. Your Rights Under UK GDPR
As a data subject in the United Kingdom, you have the following rights:
- Right of access: to request a copy of the personal data we hold about you
- Right to rectification: to request correction of inaccurate or incomplete data
- Right to erasure: to request deletion of your personal data ("right to be forgotten")
- Right to restrict processing: to request that we limit how we use your data
- Right to data portability: to receive your data in a structured, machine-readable format
- Right to object: to object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please email privacy@gelatinesculpt.co.uk. We will respond within one calendar month of receiving your request.
8. Security Measures
We take the security of your personal data seriously. Our protective measures include:
- SSL/TLS encryption (256-bit) for all data transmitted between your browser and our servers
- Encrypted storage of personal data at rest
- Strict access controls limiting which staff members can view personal data
- Regular security audits and vulnerability assessments
- Two-factor authentication for all staff accounts
- Use of PCI-DSS compliant payment processors
9. Cookies and Tracking
We use cookies and similar technologies to operate our website effectively and improve your experience. Full details — including how to manage your cookie preferences — are available in our Cookie Policy.
10. Children's Privacy
Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child, we will delete it immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any updates will be posted on this page with a revised "Last updated" date. Significant changes will be communicated by email to registered customers.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Lead:
Email: privacy@gelatinesculpt.co.uk
Post: Data Protection Lead, Gelatine Sculpt UK Ltd, Suite 14, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Phone: +44 20 3870 8842
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.