Privacy Policy

This Privacy Policy explains how Knotted Rugs ("we", "us", "our") collects, uses, and protects your personal information when you visit knottedrugs.co.uk or purchase from us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Knotted Rugs is a sole-trader/limited company operating a rug showroom at 82 Bromley Road, Beckenham BR3 5NP. The data controller is Knotted Rugs, contactable at info@knottedrugs.co.uk or +44 7554 254513.

2. What data we collect

• Order information: name, delivery address, email, phone number, items purchased and order value — collected when you place an order.
• Enquiry information: name, email, phone, subject and message — collected when you use our contact form.
• Payment information: processed directly by Stripe. We never see or store your full card number — only a last-4 reference for our records.
• Technical data: IP address, browser type, device type, pages visited, referring site — collected via Google Analytics 4 to understand site usage.

3. How we use your data

• To process and deliver your order (legal basis: contract).
• To respond to your enquiries (legal basis: legitimate interest).
• To comply with UK tax, accounting and consumer-protection law (legal basis: legal obligation).
• To improve our website and customer experience via aggregated analytics (legal basis: legitimate interest / consent for non-essential cookies).

4. Cookies and tracking

We use the following cookies and tracking technologies:

• Essential cookies — required for the shopping cart and checkout to function. These cannot be disabled.
• Google Analytics 4 (cookie name: _ga, _ga_*) — anonymised page-view tracking. Data is stored within the EU/UK and retained for 14 months.
• Stripe — used only at checkout for fraud prevention. Stripe is a PCI-DSS Level 1 certified payment processor.

You can opt out of Google Analytics by installing the official Google opt-out browser add-on.

5. Who we share your data with

• Stripe — payment processing. Stripe Privacy Policy.
• Google — analytics. Google Privacy Policy.
• Delivery couriers — your name, address and phone, only as required to deliver your order.
• HMRC and accountants — sales records for tax and audit purposes.

We never sell or rent your personal data to third parties for marketing.

6. How long we keep your data

• Order records: 6 years (HMRC requirement).
• Enquiry emails: 2 years.
• Analytics data: 14 months (GA4 default).

7. Your rights under UK GDPR

You have the right to:

• Access your personal data we hold.
• Request correction of inaccurate data.
• Request deletion ("right to be forgotten"), subject to legal retention requirements.
• Object to or restrict processing.
• Request data portability.
• Withdraw consent for non-essential cookies at any time.

To exercise any of these rights, email info@knottedrugs.co.uk. We will respond within 30 days.

8. Security

The website uses HTTPS encryption on every page. Order data is transmitted directly to Stripe over a secure connection and is not stored on our servers in cardholder form. Server access is restricted to authorised personnel.

9. Children

Our services are not directed at children under 16. We do not knowingly collect data from children.

10. Complaints

If you are unhappy with how we have handled your data, please contact us first at info@knottedrugs.co.uk. You also have the right to complain to the UK Information Commissioner's Office: ico.org.uk/concerns.

11. Changes to this policy

We may update this policy from time to time. The current version is dated above. Material changes will be highlighted on our homepage for at least 30 days.

Last updated: 6 June 2026