Privacy Policy

 

Effective Date: 20/08/2025

CFI LTD (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you visit or make a purchase from our Shopify store (“Services”). It also explains your rights under the UK GDPR, EU GDPR, and other applicable data protection laws.

 

1. Information We Collect

When you visit our store, use our Services, or make a purchase, we may collect the following types of personal data:

a. Identity Data

  • Full name, title, and, where required, date of birth and gender.

b. Contact Data

  • Billing and delivery addresses, email address, and phone numbers.

c. Order & Transaction Data

  • Details about products purchased, order history, payments made, and any returns or refunds.

d. Technical & Usage Data

  • Your IP address, browser type, device information, operating system, referring URLs, pages viewed, and time spent on the site.

e. Marketing Preferences 

  • Subscription preferences for newsletters and promotions.


2. How We Use Your Information

We process your information where we have a lawful basis under GDPR, including:

  • Contractual Necessity – To process your orders, deliver products, and provide customer support.
  • Legal Obligations – To comply with tax, accounting, and regulatory requirements.
  • Legitimate Interests – To improve our services, ensure security, analyse site usage, and detect fraud.
  • Consent – For marketing communications, cookie usage, or sharing data with third parties where required.


3. Shopify as Our Data Processor

Our store is hosted on Shopify Inc., which provides the e-commerce platform that allows us to sell our products to you.

  • Shopify stores your data securely on servers located in Canada and may transfer data to the United States.
  • Shopify acts as a data processor under GDPR, processing your information on our behalf.
  • You can read Shopify’s Privacy Policy here: https://www.shopify.com/legal/privacy


4. How We Use Your Information in Practice

We may use your personal data to:

  • Process and deliver your orders.
  • Communicate with you about your purchases or queries.
  • Send you service updates, receipts, or confirmations.
  • Improve our products, website, and customer experience.
  • Prevent fraud and ensure secure payments.
  • Send you promotional offers or newsletters (where you’ve consented).


5. Data Sharing

We do not sell your personal data. However, we may share your information with trusted third parties where necessary:

  • Payment processors (e.g., Shopify Payments, Stripe, PayPal)
  • Delivery and logistics providers (e.g., Royal Mail, DHL, DPD)
  • Email marketing services (only if you’ve opted in)
  • IT and analytics providers (e.g., Shopify Analytics, Google Analytics)
  • Regulators and authorities where required by law

Whenever data is shared, we ensure appropriate contractual and security measures are in place.

 

6. International Data Transfers

Because Shopify and some of our service providers are located outside the UK and EEA, your data may be transferred internationally.

  • Shopify’s servers are in Canada (covered by an EU adequacy decision) and may also transfer data to the U.S.
  • Where data is transferred outside the UK or EEA, we ensure safeguards such as Standard Contractual Clauses (SCCs) are in place to protect your data.


7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for legal and accounting requirements.

For example:

  • Orders & Transaction Data – retained for up to 7 years for tax purposes.
  • Marketing Data – retained until you unsubscribe or withdraw consent.

When data is no longer needed, we securely delete or anonymise it.

 

8. Your Data Protection Rights

Under the UK GDPR and EU GDPR, you have the right to:

  • Access – Request a copy of your personal data.
  • Rectification – Correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”) – Request deletion of your data where legally applicable.
  • Restrict Processing – Limit how your data is used.
  • Data Portability – Obtain your data in a structured, machine-readable format.
  • Object – Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent – Where processing is based on consent, you can withdraw it anytime.

To exercise any of your data protection rights, please contact us first using the details below. We take privacy seriously and will do our best to resolve any concerns directly.

If, after contacting us, you still believe your data has been mishandled, you have the right to lodge a complaint with your local Data Protection Authority.

In the UK, you can contact the Information Commissioner’s Office (ICO): https://ico.org.uk/

 

9. Cookies & Analytics

Our Shopify store uses cookies and similar tracking technologies to:

  • Enable core website functionality (e.g., shopping cart, checkout).
  • Improve your browsing experience.
  • Understand site traffic and usage through analytics.
  • Deliver relevant marketing and advertising.

You can manage your cookie preferences via your browser or by using the Shopify cookie consent tool, where applicable.

For more information, see Shopify’s cookie policy: https://www.shopify.com/legal/cookies

 

10. Data Security

We take your security seriously and use industry-standard measures to protect your personal data. All payments on our store are processed securely by Shopify Payments (or other trusted payment providers).

We do not store or have access to your full credit or debit card details. All payment information is encrypted and handled directly by our payment processors, who are PCI DSS compliant — the highest level of payment security certification.

 

11. Contact Us

If you have any questions about this Privacy Policy or want to exercise your data protection rights, please contact us:

CFI LTD

Email: giftshop@neasdentemple.org

 

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we’ll:

  • Update the “Effective Date” above
  • Notify you via email or our website (where legally required)

We encourage you to review this Privacy Policy periodically to stay informed.