Penne & Co. Privacy Policy

Introduction

Penne & Friends Limited, trading as Penne & Co. (“we”, “us”, “our”), operates this store and website, including all related information, content, features, tools, products and services (together, the “Services”). Penne & Co. is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services, or otherwise communicate with us. If there is a conflict between our Terms & Conditions and this Privacy Policy, this Privacy Policy governs with respect to the collection, processing, and disclosure of your personal information.

By using or accessing the Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described here.

1. Grounds for Data Collection

We process your personal information where it is necessary for:
- The performance of our contractual obligations to you (e.g., processing and fulfilling orders).
- Protecting our legitimate interests (e.g., improving our services, fraud prevention).
- Compliance with legal and financial regulatory obligations.
- Situations where you have provided explicit consent (e.g., for marketing communications).

Where required, we rely on your consent. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

2. Personal Information We Collect

When we use the term “personal information,” we mean information that identifies or can reasonably be linked to you.

We may collect or process the following categories of personal information:
- Contact details: Name, billing and shipping addresses, phone number, email.
- Financial information: Payment card details, transaction information, payment confirmation. (We do not store full financial details — payments are securely processed by our providers.)
- Account information: Username, password, preferences, saved settings.
- Transaction history: Products viewed, added to cart, wishlists, purchases, returns, exchanges, cancellations.
- Communications: Information you include when contacting us.
- Device information: IP address, device identifiers (e.g., MAC address, UUID), browser, operating system, geolocation data.
- Usage information: Pages visited, clicks, browsing activity, access times.
- Demographic information: Postcode, preferences, interests, other details you provide.
- User-generated content (UGC): Reviews, photos, or other materials you submit may be published publicly, and may include personal information.

We also collect non-personal information such as aggregated usage data and analytics.

3. How We Collect Personal Information

- Directly from you when you place orders, create an account, or contact us.
- Automatically via cookies, analytics, and your device.
- From service providers such as payment processors, fulfilment, or analytics tools.
- From partners/third parties, such as marketing affiliates or public records.

4. How We Use Personal Information

We may use your information for:
- Providing, tailoring, and improving Services.
- Processing orders, returns, refunds, and payments.
- Marketing & advertising, including personalised recommendations and targeted advertising.
- Security & fraud prevention.
- Customer communications & support.
- Legal compliance.
- Research & analytics.
- Publishing UGC you submit, such as reviews or photos.

Where our processing involves automated decision-making or profiling (e.g., personalised product recommendations, targeted ads), you may have the right to object or request human review under UK/EU law.

5. How We Share Personal Information

We may disclose your data:
- With Shopify and service providers (payments, IT, shipping, analytics, hosting).
- With professional advisers (e.g., legal, accounting, auditors).
- With business and marketing partners for advertising.
- Where you consent or direct us (e.g., social media integrations).
- Within our corporate group or during business transactions.
- To comply with law or enforce our rights.

6. Relationship with Shopify

The Services are hosted by Shopify. Shopify collects and processes personal information about your access to and use of the Services to provide and improve them.

Shopify may also use data from your interactions with our store and other merchants to provide enhanced features (such as analytics, benchmarking, and targeted advertising tools). In such cases, Shopify is an independent controller.

Learn more in Shopify’s Privacy Policy: https://www.shopify.com/legal/privacy

7. Cookies & Analytics

We use cookies and similar tools to:
- Enable shopping cart and account features.
- Save preferences.
- Analyse usage.
- Deliver targeted ads.

Types: session, persistent, and third-party cookies.

We use Google Analytics. Data such as IP addresses may be collected by Google. See Google’s policies for more.

You can disable cookies in your browser; some features may not work.

8. International Transfers

Your data may be transferred outside the UK/EEA. Safeguards include:
- Adequacy decisions; or
- Standard Contractual Clauses (SCCs) or UK equivalents.

9. Security

We use industry-standard protections but cannot guarantee “perfect security.” Data transmitted online may not always be secure. Avoid sending highly confidential data via unencrypted channels.

10. Retention

We retain your data as long as necessary for Services, compliance, disputes, or enforcement. Retention depends on the data type and purpose.

11. Children’s Data

Our Services are not directed to children. We do not knowingly collect data from minors under the age of majority. If discovered, such data will be deleted.

12. Your Rights

Depending on your jurisdiction, you may have:
- Access / Know – request a copy of your data.
- Correction – request inaccurate data be fixed.
- Deletion – request erasure.
- Portability – request data in machine-readable format.
- Objection/Restriction – request limits on processing.
- Withdraw consent – for processing based on consent.
- Opt-out – of targeted advertising, or of sale/sharing of data (as defined by law).

Where permitted by law, you may also:
- Appoint an authorised agent to exercise your rights on your behalf. We will require proof of authority and may request identity verification.
- Appeal privacy decisions we make by contacting us; if unsatisfied, you may escalate to the ICO or your local authority.

We will not discriminate against you for exercising these rights.

13. Complaints

You may raise complaints with us directly or with your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).

14. Updates to this Policy

We may amend this policy periodically. Updates will be posted with a new “Last Updated” date. Significant changes will be notified where required by law.

15. Contact Us

Penne & Friends Limited, trading as Penne & Co.
Company Registration Number: 15896071
Registered in England and Wales
Office: Unit 9B Roper Close, Canterbury, Kent, CT2 7EP, England
Email (general enquiries): info@penneand.co
Email (privacy & product issues): barkbark@penneand.co

For data protection purposes, we are the data controller of your information.

Last updated: 21 September 2025