PRIVACY POLICY

Last updated: 07/11/25

At A Bowl of Tiramisu Ltd, we respect your privacy. This policy explains what information we collect, how we use it, and your rights under UK GDPR.

1. Who We Are

A Bowl of Tiramisu Ltd
C/O Bevan Buckland LLP, Ground Floor, Cardigan House, Swansea, Wales, SA7 9LA
Email: contact@hannahgrae.com

2. Information We Collect

We may collect:

  • Personal details (like name and email) if you sign up for the mailing list or make a purchase.

  • Analytics data through Squarespace and embedded content (e.g., Spotify, YouTube) to understand how people use the site.

  • Payment and delivery details if you buy merchandise through our store.

3. How We Use Your Data

We use your data to:

  • Send you updates, newsletters, or marketing you’ve opted into.

  • Process orders and deliver items you’ve purchased.

  • Improve website performance and user experience.

We never sell or rent your data to anyone.

4. Legal Basis for Processing

We process your data under:

  • Consent — when you sign up for emails or marketing.

  • Contract — when fulfilling merch orders.

  • Legitimate interest — to maintain and improve our website.

5. Cookies and Tracking

This site uses cookies to operate and improve functionality. Squarespace, Spotify, YouTube, and analytics tools may set additional cookies. You can manage or disable cookies via your browser settings. For more information, see the banner you accepted on your first visit.

6. Sharing Your Information

We only share data with trusted services that help us run the site, such as Squarespace, payment processors, and email platforms. These partners are GDPR-compliant and only process data on our instructions.

7. Data Storage and Security

Your data is stored securely through Squarespace and associated service providers. We take reasonable measures to protect it from unauthorised access or misuse.

8. Your Rights

You have the right to:

  • Access, correct, or delete your personal data.

  • Withdraw consent for marketing at any time.

  • Lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk if you believe your data is being mishandled.

9. Retention Period

We retain your data only for as long as necessary for the purposes outlined here or to comply with legal obligations.

10. Changes to This Policy

We may update this Privacy Policy occasionally. The latest version will always be posted here.