Privacy Policy

Last updated: 25 March 2026

1. Who we are

This Privacy Policy applies to the European version of the FluffyPuppy store and related customer interactions in the EU/EEA market.

This website is operated by SafeEcom Global LLP, trading as FluffyPuppy.

For the purposes of this Privacy Policy, we act as the controller of the personal data collected through this website for our own ecommerce, customer service, marketing, security, and business operations.

2. Scope

This Policy explains how we collect, use, disclose, store, and otherwise process personal data when you:

  • visit our Europe-facing storefront or browse our website from the EU/EEA
  • place an order with us
  • contact us about an order, return, refund, delivery issue, or other customer support matter
  • subscribe to marketing from us
  • interact with our website cookies, pixels, analytics tools, or similar technologies

This version is written for our Europe market and uses EU/EEA-style privacy language so customers can understand how their personal data is handled. Under the GDPR, privacy information should be clear, plain, and easy to access.

3. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Order and contact data

  • name
  • billing address
  • shipping address
  • email address
  • phone number
  • order contents
  • delivery preferences
  • invoice and transaction details

Payment data

  • payment method details needed to process your order
  • card data and similar payment credentials are generally processed directly by our payment providers and are not stored by us in full

Support and communications

  • emails, contact form submissions, and customer service messages
  • return, refund, claim, or delivery-related information
  • photos or other files you choose to send to us, for example where an item arrives damaged

Device and usage data

  • IP address
  • browser type and version
  • device information
  • time zone or approximate location
  • pages viewed
  • referring website or source
  • interactions with our site
  • cookie identifiers and similar online data

Marketing and preference data

  • subscription status
  • consent records
  • communication preferences
  • campaign engagement data such as opens, clicks, and opt-outs

We do not intentionally collect special-category personal data for ordinary ecommerce activity, and we ask that you do not include such data in order notes or support messages unless it is genuinely necessary and specifically requested.

4. How we collect personal data

We may collect personal data:

  • directly from you when you place an order, create an account if available, contact us, or sign up for email or SMS
  • automatically through cookies, pixels, server logs, analytics tools, and similar technologies when you use our website
  • from service providers that support our ecommerce operations, such as payment, fraud-prevention, fulfilment, shipping, analytics, and communications providers
  • in limited cases, from advertising or analytics partners where those tools are enabled and lawfully used

5. How we use personal data

We may use personal data to:

  • process and fulfil orders
  • take payment and send order confirmations, invoices, and shipping updates
  • arrange delivery, returns, refunds, replacements, or customer support
  • detect, prevent, and investigate fraud, abuse, chargebacks, and security issues
  • operate, maintain, troubleshoot, and improve our website and store services
  • understand how customers use our website and improve performance, content, and customer experience
  • send marketing communications where you have consented or where otherwise permitted by law
  • measure advertising performance and personalise promotions where lawful
  • comply with legal, tax, accounting, and regulatory obligations
  • protect our business, customers, staff, website, and legal rights

Where personal data is processed, it should be adequate, relevant, and limited to what is necessary for the relevant purpose.

6. Legal bases for processing

Where EU/EEA data protection law applies, we rely on one or more of the following legal bases:

Contract
to process your order, take payment, arrange delivery, provide updates, and handle related customer service

Legitimate interests
to keep our website secure, prevent fraud, protect our business, improve services, and respond to enquiries, provided those interests are not overridden by your rights and freedoms

Consent
for email or SMS marketing where consent is required, and for non-essential cookies, pixels, and similar technologies used for analytics or advertising

Legal obligation
to meet tax, accounting, consumer-law, and other legal or regulatory requirements

The GDPR requires organisations to tell individuals the legal basis for processing, and legitimate interests must still meet necessity and balancing requirements.

7. Cookies, pixels, and similar technologies

We use cookies, pixels, tags, and similar technologies to support the operation of our website and understand how it is used.

These technologies may be used to:

  • keep the site and checkout working properly
  • remember preferences
  • measure traffic and site performance
  • understand product and page engagement
  • improve customer experience
  • support advertising measurement or remarketing

In the EU/EEA, we use non-essential cookies and similar technologies only where the required consent has been obtained. Strictly necessary cookies may be used without that consent where they are genuinely necessary for the service requested. You can manage your choices through our cookie banner, cookie settings, or browser settings where available. EU guidance also stresses that cookies should not be inaccurately labelled as “essential” when they are not strictly necessary.

8. Marketing communications

If you subscribe to receive marketing from us, we may send you promotional emails or SMS about products, offers, restocks, and related store updates.

You can withdraw your consent at any time:

  • for email, by using the unsubscribe link in the message
  • for SMS, by following the opt-out instructions in the message
  • by contacting us at support@fluffypuppypetstore.com

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. Under the GDPR, individuals must be informed of their right to withdraw consent at any time.

9. Sharing personal data

We do not sell or rent your personal data.

We may share personal data with trusted third parties that help us operate our business, including:

  • ecommerce platform and hosting providers
  • payment processors and checkout providers
  • fraud-prevention and security providers
  • warehousing, fulfilment, shipping, and delivery partners
  • customer service, email, SMS, and communications providers
  • analytics and advertising providers, where lawfully used
  • professional advisers and service providers supporting our operations
  • legal, regulatory, government, or law-enforcement authorities where required or permitted by law

We aim to limit sharing to what is reasonably necessary for the relevant service or lawful purpose.

10. International transfers

Because we operate an international ecommerce business, some personal data may be processed or accessed outside the EU/EEA.

This may happen when we use service providers, cloud systems, payment providers, support tools, analytics tools, advertising partners, or fulfilment partners located in or operating from countries outside the EU/EEA.

Where required, we use an appropriate transfer mechanism, such as an adequacy decision or the European Commission’s Standard Contractual Clauses, together with supplementary measures where necessary. The Commission’s modernised SCCs for transfers outside the EU/EEA were issued on 4 June 2021.

11. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy and for related legal, tax, accounting, fraud-prevention, and business needs.

Typical retention periods may include:

  • order and transaction records: up to 6 years, or longer where required by law
  • customer service correspondence: up to 2 years after the last interaction
  • marketing preferences and consent records: until you unsubscribe or withdraw consent, and for a reasonable period afterwards to maintain suppression records
  • analytics and security logs: for the period set by the relevant tool or system configuration

When personal data is no longer reasonably required, we aim to delete it, anonymise it, or securely destroy it. Under the GDPR, data should not be kept longer than necessary, and organisations should define time limits to erase or review stored data.

12. Security

We use reasonable technical and organisational measures designed for an online retail business to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

These measures may include:

  • encrypted website connections
  • access controls
  • provider access management
  • fraud monitoring
  • internal limitation of access on a need-to-know basis

No method of transmission over the internet or electronic storage is completely secure. If you believe your information has been used without authorisation, please contact us promptly.

13. Your rights in the EU/EEA

Subject to applicable law, you may have the right to:

  • be informed about how your personal data is processed
  • access the personal data we hold about you
  • request correction of inaccurate or incomplete data
  • request erasure of your personal data in certain circumstances
  • request restriction of processing in certain circumstances
  • receive your personal data in a portable format where applicable
  • object to processing based on legitimate interests
  • object at any time to processing for direct marketing
  • request human review where a solely automated decision significantly affects you

To exercise your rights, contact us at support@fluffypuppypetstore.com. We may need to verify your identity before responding. The European Commission lists these as core GDPR rights and expects organisations to explain them clearly.

14. Complaints

If you have a concern about how your personal data is handled, please contact us first so we can try to resolve it.

You also have the right to lodge a complaint with a supervisory authority in the EU/EEA country where you live, work, or where you believe the issue occurred. The GDPR requires that individuals be told of their right to complain to a Data Protection Authority.

15. Children

Our store is not directed to children, and we do not knowingly collect personal data from children as part of ordinary ecommerce activity.

If you believe a child has provided personal data to us without appropriate involvement from a parent or guardian, please contact us.

16. Automated decision-making

We may use automated tools for analytics, fraud screening, advertising measurement, and store operations.

We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects on customers in the ordinary course of operating our store unless we are lawfully permitted to do so and provide the required safeguards. The GDPR requires transparency where such automated decision-making exists.

17. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, technology, service providers, or legal requirements.

When we update it, we will post the revised version on this page and change the “Last updated” date.

18. Contact

SafeEcom Global LLP t/a FluffyPuppy
167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
+44 7831 040926
support@fluffypuppypetstore.com