Privacy policy

Privacy Policy

This Privacy Policy describes how eastsidestudiolondon.co.uk (the “Site”, “we”, “us”) collects, uses and discloses your personal information when you visit or make a purchase from the Site.

Contact

If you have questions, need more information about our privacy practices, or wish to make a complaint, contact:
Email: support@eastsidestudiolondon.co.uk

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interactions with the Site, and information needed to process your purchases. We may also collect additional information if you contact us for support. “Personal Information” means any information about an identifiable individual. Below is what we collect and why.

Device information
• Purpose: to load the Site accurately and perform analytics to improve it.
• Source: collected automatically via cookies, log files, web beacons, tags and pixels.
• Disclosure: shared with our processor Shopify and analytics/advertising partners (see “Behavioural Advertising”).
• Personal Information: browser version, IP address, time zone, cookie identifiers, pages/products viewed, search terms, on-site actions.

Order information
• Purpose: to provide products/services, process payments, arrange shipping, provide invoices/confirmations, communicate with you, screen orders for risk/fraud, and—if you opt in—send product/offer updates.
• Source: collected from you.
• Disclosure: shared with Shopify and relevant service providers (payments, fulfilment, delivery, customer service).
• Personal Information: name, billing address, shipping address, payment details (tokenised by our payment providers), email address, phone number, order contents and values.

Uploaded images for Custom Services (print & frame)
• Purpose: to store, process and print the file you upload and to support your order (and optional future reprints if you opt in).
• Source: collected from you when you use our custom frame designer or otherwise provide a file.
• Disclosure: stored with our hosting/storage providers; shared only as necessary with print and fulfilment partners to make and deliver your order.
• Personal Information: the image/file itself and limited metadata (e.g. filename, dimensions, DPI; any embedded EXIF may be stripped during processing), job settings (paper, size, mount, glazing) and order identifiers.

Customer support
• Purpose: to assist you and resolve issues.
• Source: collected from you (email, chat, contact forms).
• Disclosure: may be processed by our helpdesk provider(s).
• Personal Information: contact details, order details, your communications with us.

Sharing Personal Information

We share Personal Information with service providers to help us provide our services and fulfil our contracts with you, as described above. For example:
• We use Shopify to power our online store. Read how Shopify uses Personal Information: https://www.shopify.com/legal/privacy

• We may share information to comply with laws, respond to lawful requests (e.g. subpoenas, warrants), or to protect our rights.

Behavioural Advertising

We use Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest. For example:
• We use Google Analytics to understand how customers use the Site. Google’s privacy info: https://www.google.com/intl/en/policies/privacy/; opt-out: https://tools.google.com/dlpage/gaoptout
• We may share information about your use of the Site, purchases and ad interactions with advertising partners via cookies or similar technologies (subject to your consent where required).
• We may use Shopify Audiences to help show ads on other websites to buyers who may be interested. This can involve sharing hashed identifiers (e.g. email) and purchase signals with participating merchants via Shopify.

For more on targeted ads, visit the Network Advertising Initiative: https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work

You can opt out of targeted advertising here:
• Facebook: https://www.facebook.com/settings/?tab=ads
• Google: https://www.google.com/settings/ads/anonymous
• Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
You can also opt out via the Digital Advertising Alliance: https://optout.aboutads.info/

Using Personal Information

We use your Personal Information to: offer products for sale; process payments; ship and fulfil orders; provide invoices/confirmations; prevent fraud; support you; run the Site; and keep you informed about new products, services and offers if you opt in.

Lawful Basis (UK GDPR/GDPR)

If you are in the UK or EEA, we process your Personal Information under one or more of the following lawful bases:
• Contract: to make, print and deliver your order and provide the Site.
• Legitimate interests: site security, fraud prevention, analytics, service improvement and customer support (balanced against your rights).
• Consent: email marketing you opt in to; storing your uploaded files for convenient future reprints; using your images for marketing examples (only with explicit permission).
• Legal obligation: to comply with accounting, tax and other legal requirements.
• Vital interests/Public task: rarely applicable; used only where strictly necessary.

Retention

• Orders/account: we retain order records for as long as needed for our business and legal obligations.
• Customer uploaded files: originals are kept for 90 days after fulfilment for order support. Thumbnails/proofs may be retained longer with the order record. If you opt in to “Store for reprints”, we keep files for up to 24 months (renewable) or until you request deletion.
• You can request deletion at any time (see “Your rights”), subject to our legal record-keeping obligations.

International Transfers

Personal Information may be processed outside the UK/EEA (for example, where Shopify or other providers host data). Where we transfer Personal Information internationally, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) and/or EU Standard Contractual Clauses (SCCs), plus additional measures where required.

Automated Decision-Making

We do not engage in fully automated decision-making that has legal or similarly significant effects using customer data. Our processor Shopify applies limited automated decision-making to reduce fraud (e.g. temporary IP/credit-card blacklists for repeated failed transactions).

Selling Personal Information

We do not sell Personal Information in exchange for money. We may “share” Personal Information for targeted advertising as described above; depending on your location, you may have the right to opt out of such sharing—see the opt-out links in “Behavioural Advertising” and your rights below.

Your Rights

Depending on your location, you have rights over your Personal Information.

UK/EEA (UK GDPR/GDPR):
• Access, rectification, erasure, restriction, portability, and objection to certain processing (including profiling/marketing).
• Withdraw consent at any time where processing is based on consent.
To exercise these rights, email support@eastsidestudiolondon.co.uk.

California (CCPA/CPRA), if applicable:
• Right to know/access, correct, delete, and opt out of sale/sharing of Personal Information; right to limit use of sensitive Personal Information; non-discrimination for exercising rights.
To designate an authorised agent, or exercise rights, email support@eastsidestudiolondon.co.uk.

Data Transfers & Shopify
Your Personal Information may be initially processed in the EEA and then transferred outside Europe for storage and further processing, including to Canada and the United States. For details on Shopify’s GDPR compliance and transfers, see: https://help.shopify.com/en/manual/your-account/privacy/GDPR

Cookies

A cookie is a small file placed on your device when you visit the Site. We use functional, performance, advertising and social media/content cookies. Cookies improve your experience by remembering preferences and helping us understand site usage.

We use (among others) the following Shopify cookies:

Cookies necessary for the functioning of the store
_ab (2y) – access to admin
_secure_session_id (24h) – navigation through storefront
_shopify_country (session) – checkout
_shopify_m (1y), _shopify_tm (30min), _shopify_tw (2w) – privacy settings
_storefront_u (1min) – update customer account info
_tracking_consent (1y) – tracking preferences
c (1y) – checkout
cart, cart_currency (2w) – cart
cart_sig, cart_ts, cart_ver (2w) – checkout/cart
checkout (4w), checkout_token (1y), checkout_one_experiment (session) – checkout
dynamic_checkout_shown_on_cart (30min) – checkout
hide_shopify_pay_for_checkout (session) – checkout
keep_alive (2w) – buyer localisation
previous_step (1y), remember_me (1y) – checkout
secure_customer_sig (20y), storefront_digest (2y) – customer login
shopify_pay (1y), shopify_pay_redirect (30min/3w/1y) – checkout
tracked_start_checkout (1y) – checkout
master_device_id (2y) – merchant login

Reporting and analytics
_landing_page (2w), _orig_referrer (2w) – track landing pages
_s (30min), _shopify_s (30min), _shopify_y (1y), _y (1y) – Shopify analytics
_shopify_d (session), _shopify_evids (session), _shopify_ga (session) – Shopify/Google Analytics
_shopify_sa_p (30min), _shopify_sa_t (30min) – marketing & referrals

Cookie duration depends on whether the cookie is “session” (until you stop browsing) or “persistent” (until it expires or you delete it). Most last between 30 minutes and two years. You can control cookies in your browser settings; removing or blocking cookies may impact your experience. Blocking cookies may not fully prevent sharing with third parties (e.g. ad partners). To exercise advertising choices, use the tools in “Behavioural Advertising”.

Do Not Track

There is currently no consistent industry standard for responding to “Do Not Track” signals, so we do not alter our data collection when we detect such a signal.

Changes

We may update this Privacy Policy from time to time to reflect changes to our practices or for operational, legal or regulatory reasons.

Complaints

You can raise concerns by emailing support@eastsidestudiolondon.co.uk. If you are not satisfied with our response, you have the right to lodge a complaint with a data protection authority. In the UK, you can contact the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

Last updated: 30/10/2025