Privacy Policy

Privacy Policy of Maple and Grace, 

Your personal information is important to our business and we understand that keeping it safe is important too.

In accordance with the EU General Data Protection Regulation (GDPR) This Privacy Policy describes how and when I collect,
use, and share information when you purchase an item from me, contact me, or otherwise use my services.


Our Privacy Promise Maple and Grace are dedicated to safeguarding your privacy online. We will only collect, store and use your personal information for specific purposes as outlined below in accordance with GDPR. We will never share your personal data to 3rd parties unless required by law and your data is always protected. Please feel free to contact Maple and Grace at any time with any privacy queries or concerns and to see the personal data you have given us and request modification. Personal data means any information relating to an identified or identifiable natural person. This can include name, email address, address, and any other information you may have provided along with your order.

This Privacy Policy does not apply to the practices of third parties that I do not own nor control, including Etsy or any third party

services you access through this site including but not limited to Wix, Google, Etsy, Royal Mail, Paypal. You can reference their 

Privacy policy to learn more about its privacy practices.


Information I Collect

To fulfil your order, you must provide me with certain information,  such as your name, email address, postal address, payment information,

and the details of the product that you’re ordering. You may also choose to provide me with additional personal information

(for a custom order such as  pencils or a fairy door for example), if you contact me directly. Our website uses Google Analytics to ensure we are meeting your customer needs. Google Analytics stores usage data which may include your IP address, geographical location, referral source, length of visit and page views. The legal basis for this is legitimate interest for the basis of ensuring we are meeting customer needs. We may process information you submit to us when you contact us for the purposes of ensuring we answer your query effectively.

Why I Need Your Information and How I Use It

Maple and Grace rely on a number of legal bases to collect, use, and share your information, including:

*as needed to provide my services, such as when I use your information to fulfil your order, to settle disputes, or to
provide customer support;  *when you have provided your affirmative consent, which you may revoke at any time, such as
by signing up for my mailing list; *if necessary to comply with a legal obligation or court order or in connection with
a legal claim, such as retaining information about your purchases if required by tax law; and *as necessary for the purpose

of my legitimate interests, if those legitimate interests are not overridden by your rights or interests,
such as providing and improving my services. I use your information to provide the services you requested and in
my legitimate interest to improve my services.

Information about my customers is important to my business. I share your personal information for very limited
reasons and in limited circumstances, as follows:
*Service providers. I engage certain trusted third parties to perform functions and provide services to my shop,
such as delivery companies. Royal Mail - I will share your personal information with these third parties, but only to the extent
necessary to perform these services with the information you have provided. 
*Business transfers. If I sell or merge my business, I may disclose your information as part of that transaction,
only to the extent permitted by law.  *Compliance with laws. I may collect, use, retain, and share your information if I have a

good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce my agreements,
terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical
issues; or (d) protect the rights, property, and safety of my customers, or others.

How we protect data

You recognise that the Internet is not a 100% secure platform for communication and, accordingly, we cannot guarantee the security of any data you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information. We take every precaution to safeguard your information. All personal data stored by us is kept on a server in a secure environment. The computer on which data is accessed is password protected with only staff accessed, data held in the cloud is password protected and held on encrypted systems and third-party software have their own security systems. The risks of a breach are minimal due to the precautions mentioned above being taken, and close monitoring is undertaken to ensure security systems are always up to date. Breaches will be identified, reported, managed, and resolved according to the ICO guidelines.

Data Retention

Maple and Grace retain your personal information only for as long as necessary to provide you with my services and as described
in my Privacy Policy. However, I may also be required to retain this information to comply with my legal and
regulatory obligations, to resolve disputes, and to enforce my agreements. I generally keep your data for the
following time period: 7 years. This is in accordance with HMRC.

Transfers of Personal Information Outside the EU

Maple and Grace may store and process your information through third-party hosting services in the US and other jurisdictions.
As a result, I may transfer your personal information to a jurisdiction with different data protection and government
surveillance laws than your jurisdiction. If I am deemed to transfer information about you outside of the EU, I rely
on Privacy Shield as the legal basis for the transfer, as Google Cloud is Privacy Shield certified.

Your Rights

If you reside in certain territories, including the EU, you have a number of rights in relation to your personal
information. While some of these rights apply generally, certain rights apply only in certain limited cases. I
describe these rights below:

Access. You may have the right to access and receive a copy of the personal information I hold about you by contacting
me using the contact information below.
Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information.
Absent exceptional circumstances (like where I am required to store data for legal reasons) I will generally delete
your personal information upon request.
Object. You can object to (i) my processing of some of your information based on my legitimate interests and (ii)
receiving marketing messages from me after providing your express consent to receive them. In such cases, I will delete
your personal information unless I have compelling and legitimate grounds to continue using that information or if it is
needed for legal reasons.
Complain. If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice
to any other rights you may have), you have the right to do so with your local data protection authority.


How to Contact Me

For purposes of EU data protection law, I, Charlotte Joyner, am the data controller of your personal information.
If you have any questions or concerns, you may contact me at