Privacy Policy

Last updated: October 26, 2025

Who we are

Shape & Shine Studio (“we”, “our”, “us”) is an independent craft studio based in Ireland. We respect your privacy and process personal data in accordance with the EU General Data Protection Regulation (GDPR). Contact: [email protected].

What data we collect

• Browsing data – IP address, device/browser info, pages visited (aggregated/analytics only if you consent).
• Cookies – essential cookies for site operation and your preferences; optional analytics cookies if you opt in. See our Cookie Policy.
• Contact messages – name, email, and the content you send us via forms or email.
• Orders (when shop is enabled) – name, email, shipping/billing details, order contents, payment status (payment card data is handled by our payment processor; we do not store card numbers).
• Accounts (if you create one) – login email, hashed password, order history, addresses.

Why we use your data (legal bases)

• Contract – to process and deliver your orders; to provide customer support.
• Consent – for analytics cookies (Google Analytics) and optional marketing emails (if we ever offer them).
• Legitimate interests – to operate, secure, and improve the website (e.g., anti-fraud, performance monitoring).
• Legal obligation – to comply with tax and accounting rules.

Analytics

We use Google Analytics only if you accept analytics cookies in the banner. Analytics helps us understand site performance using aggregated data (e.g., page views, sessions, device types). IP anonymization is enabled. You can change your choice anytime via “Cookie Settings” in the footer. For details, see Cookie Policy.

Payments (shop)

When you place an order, payments are processed securely by a third-party payment processor. We receive confirmation of payment status (paid/failed/refunded) but do not store your full card details.

Who we share data with

• Hosting & infrastructure – to run our website and databases.
• Email service – to receive and send emails you request.
• Analytics provider (if consented) – Google Analytics.
• Payment processor (shop) – to process your payments.

We do not sell personal data. Service providers act as processors under appropriate data protection terms.

International transfers

Some providers may process data outside the EEA. Where this occurs, we rely on lawful transfer mechanisms (e.g., adequacy decisions or Standard Contractual Clauses).

How long we keep data

• Contact messages – typically up to 12 months after last correspondence (unless needed longer for queries/disputes).
• Order records – typically 6–7 years to meet tax and accounting obligations.
• Accounts – as long as your account is active; you can request deletion.
• Cookies – session cookies expire automatically; analytics cookies up to 12 months. See Cookie Policy.

Your rights (GDPR)

You have the right to:

• Access your personal data and get a copy.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”) where applicable.
• Restrict or object to processing in certain circumstances.
• Data portability (to receive data in a structured, commonly used format).
• Withdraw consent at any time (this won’t affect processing already performed lawfully).
• Lodge a complaint with your local supervisory authority (in Ireland: Data Protection Commission).

How to exercise your rights

Email [email protected] with your request. We may need to verify your identity before acting. We respond within the timelines required by GDPR.

Security

We use reasonable technical and organizational measures to protect personal data (access controls, HTTPS, least-privilege access). No system is 100% secure, but we work to prevent unauthorized access and promptly address issues.

Children

Our website is not intended for children under 16. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy to reflect changes in our services or the law. We’ll post updates here with a new “Last updated” date.

Questions? Contact [email protected].