Skip to content
BERTRAM'S VERANDA

Privacy Policy

Privacy Policy

Draft — pending review. Last updated 2026-05-11.

Bertram's Veranda is a small jewellery house, run by Haleema from a studio in Scotland. This page explains what we do with your personal data, how long we keep it, and the rights you have over it under the UK General Data Protection Regulation and the Data Protection Act 2018.

Who is the data controller

The data controller is the proprietor of Bertram's Veranda, trading from Scotland. For any privacy question, write to hello@bertrams.boutique.

What we collect

  • Name, email, and delivery address — to fulfil your order and write to you about it.

  • Order contents and order history.

  • Payment information, handled by Stripe. We never see, store, or have access to your card details.

  • Any correspondence you send us.

  • Basic technical data — IP address, browser type, and pages viewed — collected by our hosting provider for security and to keep the site running.

Why we use it, and our lawful basis

  • To take and fulfil your order — lawful basis: performance of a contract.

  • To send order confirmations, shipping updates, and respond to enquiries — performance of a contract, or our legitimate interest in answering you.

  • To keep tax and accounting records — legal obligation under UK tax law.

  • To send occasional newsletters, if you have asked for them — your consent, which you can withdraw at any time by clicking unsubscribe or writing to us.

  • To keep the site running and protect it from abuse — our legitimate interest in operating the site securely.

Who else processes your data

We rely on a small set of trusted processors, each bound by their own data-protection terms:

  • Supabase — order records and site database, hosted in the European Union.

  • Stripe — payment processing. Stripe is the controller of your payment information.

  • Resend — transactional email (order confirmations, shipping updates).

  • Vercel — site hosting.

Some of these providers are based outside the UK. Where data is transferred internationally, it is protected by standard contractual clauses or an adequacy decision, as required by UK GDPR.

How long we keep it

  • Order and transaction records — six years, as required by HMRC for tax purposes.

  • Newsletter subscriber data — until you ask to be removed.

  • General correspondence — up to two years, then deleted.

Cookies

We use a small number of strictly necessary cookies that keep your shopping cart and session working. We do not use advertising or third-party tracking cookies.

Your rights

Under UK GDPR you have the right to:

  • Ask what we hold about you (right of access).

  • Ask us to correct anything that is wrong (rectification).

  • Ask us to delete it (erasure), subject to our legal obligation to keep order records.

  • Ask for a copy in a portable format (portability).

  • Object to a particular use, or restrict it.

  • Withdraw consent at any time, where we rely on it.

Write to hello@bertrams.boutique and we will respond within one calendar month. If you are not satisfied with our response, you may complain to the Information Commissioner's Office (ico.org.uk).

This page is a draft. It will be revised once the studio has confirmed its trading entity and reviewed the wording with a data-protection specialist.