1. Who we are
We are a sole trader business based in London, England. We sell trend-inspired apparel and accessories online. For the purposes of UK data protection law, we are the data controller for the personal data described in this policy.
Contact: info@trendmerch.co
2. What data we collect
We collect very little. When you place an order, Stripe (our payment processor) collects the following on our behalf:
- Your name
- Your email address
- Your shipping address
- Your payment card details (held by Stripe only — we never see or store your full card number)
That's it. There is no account creation on our site. We don't ask you to set a password. We don't collect phone numbers unless Stripe requires one for delivery purposes.
3. What we don't collect
To be clear about what we're not doing:
- We don't track you across the web
- We don't build advertising profiles
- We don't sell, rent, or share your data with third parties for marketing purposes
- We don't send you marketing emails unless you've explicitly opted in
4. How we use your data
Our lawful basis for processing your personal data is contract performance (Article 6(1)(b), UK GDPR) — we need your data to fulfil the order you have placed with us. For our email signup list, the lawful basis is consent (Article 6(1)(a)) — you actively opt in.
We use your personal data for one purpose: fulfilling your order. Specifically:
- Your shipping address is shared with our UK production partner so they can post your order to you
- Your email is used to send order confirmation and any delivery updates
- Your email may be used to contact you if there's an issue with your order (wrong colour, delivery problem, etc.)
We don't use your data for anything else unless you've given us separate permission to do so.
5. Data processors
The following third-party services process data on our behalf:
- Stripe — payment processing. Stripe stores your payment details securely on their PCI DSS compliant servers. See Stripe's privacy policy.
- Vercel — website hosting. Vercel serves the site pages. See Vercel's privacy policy.
- Our production partner — receives your name and shipping address to fulfil and post your order. They don't use your data for any other purpose.
6. Cookies and local storage
Our site does not set any cookies.
Stripe and Vercel may set functional cookies when you interact with the checkout or visit the site. These are necessary for payment processing and site delivery — they are not used for advertising or tracking.
We use your browser's localStorage for one thing only: recording your vote in the style poll on the homepage. This stores your vote choice locally on your device. It contains no personal data and is never sent to any server.
7. Marketing
We offer an optional email signup to notify you about new product drops. This is strictly opt-in — you will only receive emails if you actively sign up, and you can unsubscribe at any time by emailing us at info@trendmerch.co.
We don't send unsolicited marketing emails. Your email address from the signup form is used only for new drop notifications, not sold or shared with third parties.
8. How long we keep your data
We retain your order data (name, email, shipping address, order details) only for as long as needed to:
- Fulfil your order
- Handle any returns or complaints within the 14-day cancellation period
- Meet our legal obligations (e.g. tax records, which UK law requires us to keep for 6 years)
After that, your data is deleted. Payment card data is held by Stripe according to their own retention policy — we have no access to it.
9. Your rights (UK GDPR)
Under the UK General Data Protection Regulation, you have the right to:
- Access the personal data we hold about you
- Rectify any inaccurate data (e.g. fix a typo in your address)
- Delete your data (subject to legal retention requirements)
- Object to processing of your data
- Data portability — receive your data in a structured, commonly used format
To exercise any of these rights, email us at info@trendmerch.co. We'll respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been mishandled. Their website is ico.org.uk.
10. Data security
We don't store payment data ourselves. All payment processing happens on Stripe's PCI DSS compliant infrastructure. The site is served over HTTPS. We use strong passwords and limit access to order data to only those who need it (which is just the business owner and the production partner for fulfilment).
11. Children
We don't knowingly collect data from anyone under 16. If you're under 16, please ask a parent or guardian to place the order on your behalf.
12. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top will change when we do. We won't make significant changes that reduce your rights without letting affected customers know by email.
13. Contact
Questions about your data or this policy: