Privacy Policy
Last updated: 6 March 2026
Who We Are
This website is operated by Nadia Poe, a sole trader based in London, United Kingdom.
- Data controller: Nadia Poe
- Email: hello@nadiapoe.co.uk
- Website: nadiapoe.co.uk
This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What Data We Collect
When you place an order
- Full name
- Email address
- Delivery address
- Phone number (if provided)
We do not collect or store your payment card details. All payments are processed securely by Stripe, our payment provider.
When you use the contact form
- Name
- Email address
- Your message
When you sign up to our newsletter
- Email address
When you browse the website
We use Cloudflare Web Analytics, which is cookieless and does not collect any personal data. It records aggregate page views and performance metrics only — no individual visitors are identified or tracked.
How We Use Your Data
| Data | Purpose | Legal basis |
|---|---|---|
| Name, email, address (orders) | To fulfil your order, send confirmation and shipping emails, and handle any returns or queries | Contract — necessary to perform our contract with you |
| Email (contact form) | To respond to your enquiry | Legitimate interest — you have contacted us and expect a reply |
| Email (newsletter) | To send updates about new paintings, prints, and events | Consent — you actively opted in. You can unsubscribe at any time |
| Aggregate analytics | To understand how the website is used and improve it | Legitimate interest — no personal data is collected |
Who We Share Your Data With
We share your data only with the following third-party services, solely to fulfil our obligations to you:
| Service | Purpose | Their privacy policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/gb/privacy |
| Resend | Order confirmation and shipping emails | resend.com/legal/privacy-policy |
| Royal Mail | Parcel delivery (name and address on the label) | royalmail.com/privacy-notice |
| Cloudflare | Website hosting and cookieless analytics | cloudflare.com/privacypolicy |
We do not sell, rent, or share your personal data with any other third parties for marketing purposes.
International Data Transfers
Some of our third-party service providers (Stripe, Resend, Cloudflare) are based in the United States. Where your data is transferred outside the United Kingdom, it is protected by appropriate safeguards including the UK Extension to the EU-US Data Privacy Framework and Standard Contractual Clauses approved by the UK government.
Cookies
This website does not use cookies for tracking or advertising. Cloudflare Web Analytics is entirely cookieless.
Essential technical data (such as your shopping basket contents) is stored in your browser’s local storage and is never sent to any third party.
How Long We Keep Your Data
| Data | Retention period | Reason |
|---|---|---|
| Order data (name, email, address) | 6 years from date of order | HMRC requires financial records to be kept for at least 6 years |
| Contact form messages | 12 months | To handle follow-up queries |
| Newsletter email addresses | Until you unsubscribe | We delete your email promptly after you unsubscribe |
Your Rights
Under UK GDPR, you have the right to:
- Access your personal data — request a copy of what we hold
- Rectify inaccurate data — ask us to correct any errors
- Erase your data — ask us to delete it (subject to legal retention requirements)
- Restrict processing — ask us to limit how we use your data
- Object to processing based on legitimate interest
- Data portability — receive your data in a machine-readable format
- Withdraw consent at any time (e.g. unsubscribe from the newsletter)
To exercise any of these rights, email us at hello@nadiapoe.co.uk. We will respond within one month.
Children’s Privacy
This website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.
Changes to This Policy
We may update this policy from time to time. The updated version will be posted on this page with a revised date.
Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
We would appreciate the opportunity to address your concerns directly first — please email hello@nadiapoe.co.uk.