Privacy and Cookies Policy
Last updated: 9 September 2025
Who We Are
Make Believe Ideas Ltd (“we”, “us”, “our”) is the data controller for the personal data collected via our website and services. Our registered office is The Wilderness, Berkhamsted, ENG, HP4 2AZ, GB. If you have any questions, please contact us at data@makebelieveideas.com.
Our Commitment to Your Privacy
We take your privacy seriously and are committed to handling your personal information fairly, lawfully and securely. This policy explains what we collect, how we use it, who we share it with, how long we keep it, and the rights you have. By using and accessing any of our Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described here.
Personal Information We Collect
When we say “personal information,” we mean information that identifies or can reasonably be linked to you. We may collect or process the following categories depending on how you interact with us:
- Identity & contact details (e.g. name, email, phone, billing and delivery addresses)
- Account details (e.g. login, password, saved preferences)
- Order & payment details (order history, payment method metadata—note: full card data is handled securely by our payment providers and not stored by us)
- Marketing preferences (newsletter opt-in/opt-out)
- Device & usage data (IP, browser type, pages viewed, interactions)
- Survey, competition & promotion responses
- Date of birth (if provided, e.g. for birthday offers)
- Gender (if provided, for analytics and relevant offers)
- Communications (information you provide when contacting us)
Sources of Personal Information
- Directly from you (when you create an account, place an order, or contact us)
- Automatically (via cookies and similar technologies when you browse our site)
- From service providers (e.g. payment processors, couriers, analytics)
- From partners or third parties (e.g. marketing or review platforms you choose to use)
How and Why We Use Your Information
We process your personal data under the UK GDPR on the following bases: performance of a contract, consent, legitimate interests, and legal obligations. The table below shows examples:
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Process and deliver your orders; provide customer support; handle returns | Identity, contact, order details | Contract; Legitimate interests (efficient service) |
| Payments and refunds | Order details; payment method metadata | Contract; Legitimate interests (fraud prevention) |
| Account creation and management | Identity, contact, account details | Contract; Legitimate interests (secure access) |
| Send service messages (e.g. order updates) | Identity, contact, order details | Contract; Legitimate interests (keep you informed) |
| Marketing emails (news, offers) | Identity, contact, preferences | Consent (you can withdraw anytime) |
| Birthday offers | Date of birth | Consent |
| Analytics and product improvement | Device & usage data; purchase history | Legitimate interests (improve our site and products) |
| Security and fraud prevention | Device & usage data; order metadata | Legitimate interests; Legal obligations |
| Competitions, surveys and promotions | Identity, contact, responses | Consent; Contract (where applicable) |
Relationship with Shopify
Our store is powered by Shopify. Shopify collects and processes personal information about your use of our store in order to provide and improve their services. In some cases, Shopify acts as an independent controller (for example, where they use aggregated data across merchants to improve their platform). To learn more, please see the Shopify Consumer Privacy Policy and the Shopify Privacy Portal.
Payments
We use trusted payment providers such as Shopify Payments and PayPal. We do not store full card details. These providers are PCI DSS compliant and process payments securely. For details, please see your chosen payment provider’s own privacy policy.
Marketing Emails (Mailchimp)
If you consent, we may send you marketing emails. We use Mailchimp to send these and to manage your preferences. You can unsubscribe at any time. Mailchimp processes your data on our instructions and safeguards transfers outside the UK/EEA with Standard Contractual Clauses.
Cookies
Our website uses cookies and similar technologies provided by Shopify and partners to enable core functionality, remember preferences, and understand site traffic. You can control cookies via your browser or through our consent tool. For Shopify’s cookie list, see shopify.com/legal/cookies.
Sharing Your Information
We do not sell or rent your data. We only share it with:
- Service providers (e.g. Shopify, couriers, analytics, review platforms, marketing partners) who must keep it secure.
- Authorities or legal advisers where required by law.
- Business transferees in the event of a sale, merger or reorganisation.
International Transfers
Some providers (including Shopify and Mailchimp) may process data in countries outside the UK/EEA, such as Canada or the United States. Where this occurs, we rely on recognised safeguards such as Standard Contractual Clauses or equivalent frameworks to ensure protection to UK GDPR standards.
How Long We Keep Your Information
We keep customer account and order information for up to three (3) years after your last activity, or longer where required to meet legal/regulatory obligations, prevent fraud, or resolve disputes. Financial/tax records (e.g. invoices) are retained for up to six (6) years as required by UK law. Pending, failed and cancelled orders may be retained for up to three years. After this, data is securely deleted or anonymised.
Your Rights
Under UK data protection law, you have the right to:
- Be informed about how your data is used (this policy)
- Access the personal data we hold about you
- Correct inaccurate or incomplete information
- Request deletion or restriction of your data in certain circumstances
- Withdraw consent at any time (e.g. marketing)
- Data portability (receive or transfer your data)
- Object to processing based on legitimate interests
- Lodge a complaint with the UK regulator (ICO)
To exercise your rights, please email data@makebelieveideas.com. You can also complain to the ICO at ico.org.uk. EEA customers may also contact their local data protection authority (list here).
Children’s Data
Our Services are directed to adults. We do not knowingly collect personal information from children under the age of 16 without parental consent. If you believe a child has provided us with information, please contact us so we can delete it.
Security
We use technical and organisational measures such as HTTPS encryption, access controls, and secure provider selection. Payments are processed by PCI DSS compliant providers. However, no method of transmission or storage is completely secure, so please take care when sharing data online.
Complaints
If you have concerns about how we process your data, please contact us first. You may also appeal to your local data protection authority if applicable.
Changes to This Policy
We may update this policy from time to time. Any significant changes will be posted here and, if appropriate, notified to you by email or on our site before taking effect.
Contact Us
If you have questions, comments or requests, please contact us:
Email: data@makebelieveideas.com
Postal Address: Make Believe Ideas Ltd, The Wilderness, Berkhamsted, ENG, HP4 2AZ, GB
Phone: (please contact by email first)
Data Controller: Make Believe Ideas Ltd
