Privacy policy
Last updated: March 5, 2026
1. Introduction
Mud & Maple ("we", "us", "our") operates this website and online store, including all related information, content, features, tools, products and services (the "Services"). Our Services are powered by Shopify.
This Privacy Policy explains how we collect, use, store, share and protect your personal information when you visit or use our Services, make a purchase, or otherwise communicate with us. It applies to all visitors, customers and users of our Services.
We are the data controller responsible for your personal information. Our contact details are set out in the "Contact Us" section below.
If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing and disclosure of your personal information.
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
2. Personal Information We Collect
When we use the term "personal information" (or "personal data"), we mean information that identifies or can reasonably be linked to you. We may collect the following categories of personal information depending on how you interact with the Services:
Contact details: your name, address, billing address, delivery address, phone number and email address.
Financial information: payment card details and transaction information, processed securely by our payment provider.
Account information: your username, password, preferences and settings.
Transaction information: items you view, add to your basket or wishlist, purchase, return or cancel, and your order history.
Communications: information you include when you contact us, for example via email or our website contact form.
Device and technical information: your IP address, browser type, operating system, device identifiers, and information about your network connection.
Usage information: how and when you interact with or navigate the Services, pages visited, and referring URLs.
3. How We Collect Your Information
We collect personal information from the following sources:
Directly from you: when you create an account, place an order, subscribe to our newsletter, contact us or otherwise provide information to us.
Automatically: through cookies and similar technologies when you use our Services (see Section 9, Cookies).
From our service providers: including Shopify (our hosting and e-commerce platform), payment processors, delivery partners and analytics providers.
From third parties: where you interact with us through third-party platforms or social media.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for each type of processing we carry out. The table below sets out the lawful bases we rely on:
|
Processing Purpose |
Lawful Basis |
|
Fulfilling your order (processing payments, arranging delivery, handling returns) |
Performance of a contract with you (Article 6(1)(b)) |
|
Creating and managing your account |
Performance of a contract with you (Article 6(1)(b)) |
|
Sending order confirmations, delivery updates and other transactional communications |
Performance of a contract with you (Article 6(1)(b)) |
|
Sending marketing emails, texts or postal mail |
Your consent (Article 6(1)(a)), which you can withdraw at any time |
|
Displaying personalised advertisements |
Your consent (Article 6(1)(a)) via cookie preferences |
|
Improving our website, products and services |
Our legitimate interest in understanding how customers use our Services (Article 6(1)(f)) |
|
Fraud prevention and security |
Our legitimate interest in protecting our business, customers and Services (Article 6(1)(f)) |
|
Responding to your enquiries and providing customer support |
Our legitimate interest in being responsive to you (Article 6(1)(f)); or performance of a contract where your enquiry relates to an order |
|
Complying with legal obligations (e.g. tax, accounting, regulatory requests) |
Legal obligation (Article 6(1)(c)) |
Where we rely on legitimate interest as our lawful basis, we have carried out a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You can request details of this assessment by contacting us.
5. How We Use Your Personal Information
We use your personal information for the following purposes:
Order fulfilment: to process your orders, arrange delivery, handle returns and refunds, and send transactional communications such as order confirmations and dispatch notifications.
Account management: to create, maintain and manage your account and remember your preferences.
Marketing: to send you promotional communications where you have given us your consent, including emails, text messages and postal mail. You can withdraw your consent at any time (see Section 8, Your Rights).
Advertising: to show you relevant advertisements on our Services or third-party platforms, where you have consented to the use of advertising cookies.
Improving our Services: to understand how customers use our website so we can improve the user experience, product range and overall service.
Security and fraud prevention: to detect, investigate and prevent fraudulent, unauthorised or illegal activity, and to protect the security of our Services.
Customer support: to respond to your enquiries, complaints and requests.
Legal compliance: to comply with applicable laws, regulations, legal processes and enforceable government requests, including HMRC tax and accounting requirements.
6. How We Share Your Personal Information
We may share your personal information with the following categories of recipients:
Shopify: our e-commerce platform provider, which hosts the Services and processes certain personal information on our behalf and, in some cases, as an independent data controller. Shopify may use data from your interactions with our store, along with other merchants and Shopify, to provide and improve its services. For details, see Shopify's Consumer Privacy Policy at https://privacy.shopify.com/en.
Service providers: third parties who perform services on our behalf, including payment processing, delivery and shipping, IT management, data analytics, cloud storage and customer support. These providers only process your data on our instructions and are contractually bound to keep it secure.
Marketing partners: where you have consented to the use of advertising and marketing cookies, we may share data with advertising partners to deliver relevant advertisements. You can manage your cookie preferences at any time.
Professional advisers: including lawyers, auditors, bankers and insurers, where necessary for professional advice or to establish, exercise or defend legal claims.
Law enforcement and regulators: where required by law, regulation, court order or other legal process.
Business transfers: in connection with any merger, acquisition, restructuring, sale of assets or similar transaction, your personal information may be transferred as part of that transaction.
We do not sell your personal information to third parties.
7. International Transfers
Because our Services are hosted by Shopify, your personal information may be transferred to, stored and processed in countries outside the United Kingdom, including Canada and the United States where Shopify operates.
Where we transfer personal information outside the UK, we ensure that appropriate safeguards are in place, including the use of the UK International Data Transfer Agreement (UK IDTA) or the EU Standard Contractual Clauses (as supplemented by the UK Addendum), or transfers to countries recognised as providing an adequate level of data protection.
8. Your Rights
Under UK data protection law, you have the following rights in relation to your personal information:
Right of access: you can request a copy of the personal information we hold about you.
Right to rectification: you can ask us to correct inaccurate or incomplete personal information.
Right to erasure: you can ask us to delete your personal information in certain circumstances.
Right to restrict processing: you can ask us to restrict how we use your personal information in certain circumstances.
Right to data portability: you can request a copy of your personal information in a structured, commonly used, machine-readable format.
Right to object: you can object to our processing of your personal information where we rely on legitimate interest as our lawful basis. You have an absolute right to object to processing for direct marketing purposes.
Right to withdraw consent: where we rely on your consent to process your personal information (e.g. marketing communications, advertising cookies), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us using the details in the "Contact Us" section below. We will respond to your request within one month, as required by law. In complex cases, we may extend this by a further two months, and will notify you if this is the case.
You will not be charged a fee for exercising your rights, except in limited circumstances where requests are manifestly unfounded or excessive.
9. Cookies and Similar Technologies
Our website uses cookies and similar technologies to distinguish you from other users, provide essential functionality, and improve your experience. A cookie is a small text file placed on your device when you visit our website.
We use the following types of cookies:
|
Cookie Type |
Purpose |
Duration |
|
Strictly necessary |
Essential for the website to function (e.g. shopping cart, checkout, authentication) |
Session or up to 1 year |
|
Analytics and performance |
Help us understand how visitors use the website so we can improve it (e.g. Shopify analytics) |
Up to 2 years |
|
Marketing and advertising |
Used to deliver relevant advertisements and track campaign performance |
Up to 2 years |
|
Functional |
Remember your preferences such as language and region |
Up to 1 year |
Strictly necessary cookies do not require your consent. For all other cookies, we will ask for your consent via our cookie banner when you first visit our website. You can change your cookie preferences at any time through [COOKIE SETTINGS LINK].
You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
10. Marketing Communications
We will only send you electronic marketing communications (such as emails and text messages) where you have given us your specific consent to do so, in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR).
You can withdraw your consent and opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, replying STOP to any marketing text message, or contacting us using the details below.
Even if you opt out of marketing communications, we may still send you non-promotional messages relating to your orders, account or other transactional matters.
We may send marketing by post based on our legitimate interest, unless you ask us to stop.
11. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The table below sets out our general retention periods:
|
Data Category |
Retention Period |
|
Order and transaction data |
6 years from the date of the transaction (for tax and accounting compliance under HMRC requirements) |
|
Account data |
Until you request deletion of your account, or 3 years after your last interaction with us, whichever is sooner |
|
Marketing preferences and consent records |
Until you withdraw consent or unsubscribe; consent records retained for 2 years after withdrawal for compliance purposes |
|
Customer support communications |
2 years from the date of resolution |
|
Website analytics and cookie data |
See our Cookie Policy for specific durations by cookie type |
|
Fraud prevention data |
Up to 6 years where necessary to establish, exercise or defend legal claims |
When personal information is no longer required, we will securely delete or anonymise it.
12. Automated Decision-Making
We do not use automated decision-making or profiling in a way that produces legal effects or similarly significantly affects you. If this changes in the future, we will update this Privacy Policy and notify you where required by law.
13. Children's Data
Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us using the details below and we will take steps to delete it.
14. Security
We take the security of your personal information seriously and use appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure or destruction. These measures include encryption of payment data, secure hosting through Shopify, and access controls.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
15. Third-Party Websites and Links
Our Services may contain links to websites or platforms operated by third parties. We are not responsible for the privacy practices or content of those third-party websites. We encourage you to read the privacy policy of every website you visit. A link to a third-party website does not imply endorsement of that website or its operator.
16. Shopify
Our store is hosted by Shopify, which provides us with e-commerce infrastructure, payment processing and other services. Shopify collects and processes personal information about your use of our Services in order to provide and improve them.
In addition, Shopify may use personal information collected from your interactions with our store, together with data from other Shopify merchants, to provide certain enhanced features to us (such as analytics and personalised recommendations). In these circumstances, Shopify acts as an independent data controller and is responsible for responding to your data subject requests in relation to that processing.
For full details on how Shopify handles your personal information, please visit https://privacy.shopify.com/en. You can also exercise your rights in relation to Shopify's processing through Shopify's Privacy Portal.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, for operational, legal or regulatory reasons. We will post the revised Privacy Policy on this page and update the "Last updated" date. Where changes are material, we will notify you by email or prominent notice on our website before the changes take effect.
18. Complaints
If you have any concerns about how we handle your personal information, please contact us in the first instance using the details below. We will do our best to resolve your concern.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
Information Commissioner's Office
Website: https://ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
19. Contact Us
If you have any questions about this Privacy Policy, wish to exercise any of your rights, or want to make a complaint, please contact us: