Privacy Policy


This Privacy Policy was last updated 22nd August 2018.

At Tatty Rose  we are committed to safeguarding and preserving the privacy of my visitors and my customers.

This notice explains what happens to any personal data that you provide to us, or that we collect from you whilst you visit our website ( We do update this from time to time so please do review this regularly.

Who we are

Our website address is:

What personal data we collect and why we collect it

In the table below we have described the different personal data we collect from you, where it is collected and how it is used.

Data Collected Where it is collected How it is used
Identity Data i.e. first name, last name, usernames, gender, age Via my Contact Form found here When you contact us via our contact form a copy of the information you provide will be sent to us via email so we can respond to your enquiry. This information includes your name, email address and your message.

Gender & Age data is collected via Google Analytics and stored in Google Analytics for this website.

Contact Data i.e. email address, telephone number, billing address Via my Contact Form. Billing Address/Shipping Address is obtained when you make an order on our website. As we are an online store we need to process and hold information regarding you and your order with us. When making an order you will be required to enter your name, email address, billing and shipping address along with your payment details. Your payment details will be stored via our payment gateway, Stripe. The rest of your information will be stored within our website in conjunction with Woocommerce.
Financial Data i.e. card payment details, bank details, Pay Pal details Via Stripe when purchasing our garments. This Data is only used in the purchasing process and is contained within Stripe. We do not see or have record of your banking details, payment details or financial information outside of Stripe. Please see Stripe’s Privacy Policy on how they store and handle your data.
Technical Data i.e. log in data, IP addresses, browser types, time zones, locations, devices.
Usage Data i.e. how you use my website
Via Google Analytics which is connected to this website. This information is used for us to analyse how our website is performing from its visits and how our customers access our website. It is not used and cannot be used to identify an individual.
Profile Data i.e. username and password, your interests, survey responses, feedback forms. Via Woocommerce Plugin in for WordPress
Via Google Analytics for Interest data
Username and Passwords are created for access to your online store account.

Google Analytics is used so we can understand our customers better to then deliver a better service.

Marketing & Communication Data i.e. subscribing to my mailing lists We have a monthly newsletter sign up form on our website and this is connected to Mailchimp. The information you provide to sign up to our newsletter is kept within Mailchimp. It will only be used for the purposed stated – to contact you via email once a month with our Newsletter.

How long do we keep your data on file

We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information.
To read about Cookies, what they are, how they are used and what information is collected – please visit my Cookie Policy here.

How we use your information and store it

Below is a table detailing the systems we use on our website,  with links to their Terms & Conditions and Privacy Policies so you can also read how they are compliant with Data Protection Regulations.

Third Party System Used What I use this system for Their Website Their Privacy Policy and Terms & Conditions Pages if available
WordPress Our website is created on this platform
Woocommerce This Plugin is used to operate our shop, record and process our orders
Divi The framework and theme used to create the website
Mailchimp To send email communication newsletters
Stripe Our Payment Gateway used to process your payments for our garments
Google Analytics To view, analyse and report on activity within our website
Siteground Our hosting provider
Gmail & GSuite Our Business Email provider

We do our utmost to ensure that the hosting provider and any other software we use is secure and fully accredited, however we cannot be responsible for any illegal breaches that may occur within these systems and the companies management of them.

Sensitive Data

Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any sensitive data.

Third Party Service Providers outside of the EEU

Some of the third parties service providers that we use are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we will do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:

  • We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
  • If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

Storage of Payment Details

We do not have the facilities to process card payments offline. All card payments are made online via Stripe.

Third Party Links

On occasion if we do include links to third parties it does not mean that we endorse or approve that site’s notice towards visitor privacy. You should review their privacy notice before sending them any personal data.

Know your rights

If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. You can contact me, the owner Nell Nash, directly at to handle this request.

Alternatively, if it is in reference to any email marketing communications there is an Unsubscribe link at the bottom of every email newsletter that is sent.

If you wish to raise a complaint on how we have handled your personal data please do contact the owner, Nell Nash, directly first at so that she can look into the matter and rectify the situation as efficiently and securely as possible.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) (

Contact Us

Below are our full details:
Tatty Rose
Nell Nash
Address: 75 Fifth Street, Midlothian, EH22 4PL
Phone: +44 7933 454574‬

By signing up to our mailing list you are consenting to receiving our monthly newsletter and special offers from us. If you have any questions about how we handle your data please see our Privacy Policy for more information.

Pin It on Pinterest