Privacy policy
Who We Are
Caught Couture is a UK-based online outerwear retailer. Our website is caughtcouture.com. We are the data controller for the personal information you share with us when shopping or browsing. That means we decide how and why your data is used — and we are responsible for keeping it safe.
This policy explains everything. What we collect, why we collect it, who we share it with, how long we keep it, and what rights you have over it. We have written it in plain English because privacy policies should be easy to understand.
If you have a question that is not answered here, email us at support@caughtcouture.com.
What Personal Data We Collect
We collect different types of information depending on how you interact with us.
When you place an order, we collect your full name, email address, delivery address, billing address, phone number, and payment details. Your payment information is processed directly by our payment provider — we never see or store your full card number on our systems.
When you create an account, we store your login credentials (email and encrypted password) alongside your order history and saved preferences.
When you browse our website — even without buying anything — we automatically collect certain technical data. This includes your IP address, browser type, device type, operating system, pages you visit, time spent on those pages, and the website that referred you to us. We collect this through cookies and analytics tools.
If you contact us by email or through our contact form, we keep a record of that conversation, including your name, email address, and anything you tell us about your order or query.
Why We Use Your Data
We use your personal data only where we have a lawful reason to do so under UK GDPR. Here is how we use it and why.
We use your name, address, and contact details to process and fulfil your order. This includes packing your items, dispatching them via Royal Mail, and sending you order confirmation and shipping updates. Without this information, we simply cannot complete your purchase.
We use your email address to communicate with you about your order — confirmations, dispatch notifications, and responses to any support queries you raise with us. These are transactional emails and we send them regardless of your marketing preferences.
We use your IP address and browsing data to detect fraud, protect the security of our website, and improve the experience for all customers. For example, we may use analytics data to understand which product pages are confusing or underperforming, and fix them.
If you have opted in to marketing communications, we use your email address to send you information about new products, promotions, and seasonal offers. You can unsubscribe at any time using the link at the bottom of any marketing email or by emailing us directly. Opting out of marketing does not affect your order confirmations or shipping updates.
Our Legal Basis for Processing
Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. We rely on the following:
Contract performance — We process your name, address, and payment information because we need it to fulfil the contract when you place an order. Without it, we cannot process or deliver your purchase.
Legitimate interests — We process browsing data and technical information to improve our website, prevent fraud, and run our business effectively. We have assessed that this does not override your privacy rights.
Consent — We process your data for marketing emails only where you have explicitly opted in. For non-essential cookies, we rely on your consent through our cookie settings.
Legal obligation — We are required by UK law to retain financial records for seven years. This means we keep order and payment records for that period even if you request deletion of your account.
Who We Share Your Data With
We do not sell your personal data to anyone. We share it only where genuinely necessary. Here is a full breakdown of every third party we share data with and why:
- Royal Mail — Your name and delivery address, so they can fulfil and track your delivery.
- Shopify Inc. — Our e-commerce platform processes and stores your order data under a formal data processing agreement. Shopify is GDPR-compliant.
- Stripe & PayPal — Payment processors who handle card and payment details securely under PCI-DSS. We never store your full card number.
- Google LLC — We use Google Analytics (anonymised browsing data) and Google Ads / Google Merchant Center (advertising). Google may receive data about your visit and purchases to serve relevant ads. Opt out via the Google Analytics Opt-out Add-on.
- Meta Platforms Inc. (Facebook / Instagram) — We use the Meta Pixel to measure ad effectiveness and serve relevant ads. Meta may receive data about your site interactions. Manage preferences at facebook.com/ads/preferences.
We may also disclose data if required by law or to protect the safety of our customers or business. All third parties are contractually required to handle your data securely and comply with UK data protection law.
How We Keep Your Data Secure
We take data security seriously. Our website uses SSL encryption to protect data in transit between your browser and our servers. Payments are processed through PCI-compliant systems. Access to customer data within our business is restricted to those who need it to do their job.
No method of electronic transmission or storage is 100% secure. We do our utmost to protect your data but cannot guarantee absolute security. If a data breach occurs that is likely to affect your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by law.
How Long We Keep Your Data
We keep order and financial records for seven years from the date of the transaction. This is required by HMRC for UK tax purposes.
If you have a customer account but have not placed an order or logged in for three years, we may contact you to let you know we are going to delete your account. You will have 30 days to respond if you want to keep it.
Marketing preferences and consent records are kept as long as you remain subscribed. If you unsubscribe, we retain a record of that preference so we do not accidentally contact you again.
Support email correspondence is kept for two years unless it relates to an active dispute.
Your Rights
Under UK GDPR, you have meaningful rights over your personal data. Here is what they mean in practice.
Right of access. You can ask us to confirm whether we hold data about you and request a copy of it. We will provide this within 30 days, free of charge.
Right to rectification. If any of the data we hold is inaccurate or incomplete, you have the right to ask us to correct it. We will do so promptly.
Right to erasure. You can ask us to delete your personal data. We will do so unless we have a legal obligation to keep it — for example, financial records required by HMRC.
Right to restrict processing. You can ask us to pause how we use your data in certain circumstances — for example, while you contest the accuracy of the data we hold.
Right to data portability. Where we process your data by automated means on the basis of consent or contract, you can ask us to provide it in a structured, machine-readable format.
Right to object. You have the right to object to us processing your data for direct marketing at any time. We will stop immediately. You can also object to processing based on legitimate interests, though we may have compelling grounds to continue in some cases.
Rights related to automated decision-making. We do not make decisions about you based solely on automated processing that have a legal or similarly significant effect on you.
To exercise any of these rights, email support@caughtcouture.com with your request. We will respond within 30 days. In some cases we may ask you to verify your identity before we action the request.
Cookies
We use cookies to make our website work, to understand how it is being used, and to support marketing where you have given consent. Essential cookies cannot be turned off — the site does not function without them. Analytics and marketing cookies can be managed through your browser settings or your cookie consent preferences. For a full breakdown of every cookie we use, see our Cookie Policy.
Children
Our website is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us at support@caughtcouture.com and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page and, where the changes are significant, we may notify you by email. Continuing to use our website after changes are posted means you accept the updated policy.
How to Complain
If you are unhappy with how we have handled your personal data, please contact us first at support@caughtcouture.com. We take all concerns seriously and will do our best to resolve things directly.
If you remain unsatisfied, you have the right to complain to the Information Commissioner's Office (ICO) — the UK's independent data protection authority. You can contact them at ico.org.uk or call 0303 123 1113. This right is yours and we fully support it.