Privacy policy

Privacy Policy

Fiori's Finds Ltd — How we collect, use, and protect your personal data

Fiori's Finds Ltd  |  Registered Company Number: 17033391

Last Updated: June 2026


1. Overview

Fiori's Finds Ltd ("we", "us", "our") is committed to protecting the privacy and security of our customers. This policy explains how we collect and use your personal data when you purchase from us or interact with us via our website (fiorisfinds.com), our social media profiles (Facebook, Instagram, TikTok), marketplace stores (eBay, Etsy, Vinted), or direct messaging (WhatsApp / Email).

Our website, fiorisfinds.com, is hosted on the Shopify platform.

We are the Data Controller of your personal information. Fiori's Finds Ltd is not required to appoint a Data Protection Officer; all data privacy enquiries are handled directly by our Data Privacy Lead.

Contact: marco@fiorisfinds.com


2. The Data We Collect

We collect information necessary to process your orders and provide customer support, including:

  • Identity Data:  Name, username, or social media handle.

  • Contact Data:  Billing address, delivery address, email address, and telephone numbers.

  • Financial Data:  Payment details, processed securely by third-party providers such as Shopify Payments, PayPal, eBay, Etsy, and Vinted. We do not store full card details ourselves.

  • Transaction Data:  Details about payments to and from you and products you have purchased.

  • Technical Data:  When you visit fiorisfinds.com, our website platform (Shopify) collects technical data such as your IP address, browser and device type, and information about how you use the site. This is collected through cookies and similar technologies — see Section 3 below.


3. Cookies

Our website uses cookies and similar technologies to operate the store, keep it secure, and understand how visitors use it. Cookies fall into the following categories:

  • Strictly necessary cookies  — required for the website, cart, and checkout to function. These do not require your consent.

  • Analytics / performance cookies  — used to understand site usage on an aggregate basis. In line with the Data (Use and Access) Act 2025, these operate on an opt-out basis; you can opt out at any time.

  • Advertising cookies  — we do not currently use advertising or tracking cookies on our website. If we introduce them in future, we will ask for your consent first.

Full details are set out in our separate Cookie Policy, available at fiorisfinds.com.


4. How We Use Your Data (Legal Basis)

Under UK GDPR, we only process your data when we have a valid legal basis:

  • Performance of a Contract:  To deliver the items you purchased.

  • Legitimate Interests:  To respond to enquiries, operate and secure our website, and improve our services. We may also use your contact details to send you marketing about similar products you have purchased from us (the "Soft Opt-in"). We do not currently operate a marketing newsletter, but reserve the right to do so in future. You have the right to opt out of any such communications at any time.

  • Legal Obligation:  To keep records for HMRC (tax purposes) or to comply with the Hallmarking Act 1973.

  • Consent:  For any future advertising cookies, or if you explicitly opt in to future marketing communications.


5. Data Sharing & Social Media

We do not sell your data. We share your information with trusted third parties only to operate our website and fulfil your orders:

  • Website Platform:  Shopify, which hosts fiorisfinds.com and processes orders and payments placed directly on our website.

  • Payment Processors:  Shopify Payments and PayPal.

  • Marketplaces:  Etsy, eBay, and Vinted.

  • Delivery Services:  Royal Mail, Evri, Yodel, DPD, and InPost.

  • Social Media:  We maintain organic business profiles on Facebook, Instagram, and TikTok, and run interest-based paid advertising on Meta. We do not upload customer data to social media platforms or create Custom Audiences from your personal information.

  • Professional Advisers:  Accountants or legal advisers if required.


6. International Transfers

Some providers (such as Shopify, Etsy, or Meta) may be based or hold data outside the UK. We ensure they have equivalent data protection measures in place as required by UK law, including:

  • Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).

  • UK Extension to the EU-US Data Privacy Framework (UK-US Data Bridge), where applicable.


7. Data Retention

We only keep your personal data for as long as necessary:

  • Transaction records:  Kept for 6 years to comply with UK tax (HMRC) requirements.

  • Enquiries:  Enquiries that do not lead to a sale are retained in accordance with the retention policies of the platform used (WhatsApp, Facebook Messenger, Instagram DMs, or Gmail). We do not actively export or separately store these communications.

  • Cookie data:  Retained for the lifespan of each cookie, as set out in our Cookie Policy.


8. Your Legal Rights

Under the UK GDPR, you have the following eight rights:

  1. The Right to be Informed:  Transparent information about data use.

  2. The Right of Access:  Request a copy of the data we hold about you.

  3. The Right to Rectification:  Correct inaccurate or incomplete data.

  4. The Right to Erasure:  Request deletion of your data (where no legal duty to retain it exists).

  5. The Right to Restrict Processing:  Block further use of your information.

  6. The Right to Data Portability:  Reuse your data across different services.

  7. The Right to Object:  Object to processing, including direct marketing.

  8. Rights related to Automated Decision-Making:  Protection against decisions made without human intervention. Fiori's Finds does not carry out automated decision-making or profiling.


To protect your privacy, we may request specific information from you to confirm your identity before fulfilling any of these requests.


9. Complaints

If you have a concern about how we handle your data, please contact us in the first instance at marco@fiorisfinds.com.

  • Our Promise:  We will acknowledge any formal data complaint within 30 days and aim to provide a substantive response within that same period.

  • The Regulator:  You have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk if you are unhappy with our response.


This policy is reviewed quarterly. Last Updated: June 2026.