Legal

Privacy Policy & GDPR Notice

Last updated: April 2026 · TreasureKinS · United Kingdom

In plain English: When you create an account or place an order, we collect the details needed to process and deliver it. We don't sell your data, we don't use it for third-party marketing, and you can ask us to delete it at any time.

1. Who We Are

TreasureKinS is a UK-based handmade gifts and home fragrance business, run by Kayleigh. We specialise in soy wax melts, personalised gifts and home fragrance products — all cruelty-free, vegan-friendly and CLP compliant.

For the purposes of UK GDPR, TreasureKinS is the Data Controller for personal data collected through this website. Our website is hosted and maintained by Generative Solutions UK on servers located in the United Kingdom.

To contact us about your data: Treasurekins20@yahoo.com

2. What Data We Collect

We only collect personal data when you actively provide it — by creating an account, placing an order, or submitting a product review.

Data	Collected via	Why we need it
First & last name	Account registration, checkout	To identify you and personalise your order
Email address	Account registration, checkout	To send order confirmations and account emails
Phone number	Account registration, checkout	To contact you about your order if needed
Delivery & billing address	Checkout	To ship your order and for payment verification
Order details	Shop checkout	To fulfil your purchase, including personalisation instructions
Password (hashed)	Account registration	To secure your account — stored as an irreversible hash, never in plain text
Review & rating	Product review form	To display customer feedback on our website (with your consent)

What We Do Not Collect

Payment card details — all payments are processed by Square. We never see or store your card number, expiry or CVV.
Sensitive personal data (health, religion, ethnicity, etc.)
Government-issued identification

3. How We Use Your Data

We use your personal data only to:

Process and fulfil your order, including personalisation and shipping
Send transactional emails (order confirmation, dispatch notification, receipt)
Maintain your customer account and order history
Respond to queries and support requests
Display product reviews you have chosen to submit

We do not use your data for unsolicited marketing, profiling, or automated decision-making. We will never sell or share your data with third parties for their own marketing purposes.

4. Legal Basis for Processing

Contract (Article 6(1)(b)) — processing is necessary to fulfil your order or take steps at your request before entering into a contract.
Legitimate interests (Article 6(1)(f)) — for account management, fraud prevention and responding to enquiries.
Legal obligation (Article 6(1)(c)) — retaining financial records for HMRC compliance.
Consent (Article 6(1)(a)) — for displaying your review publicly (you may request removal at any time).

5. How Your Data Is Stored

Your data is stored in a secure MySQL database on a private server operated by Generative Solutions UK, located in the United Kingdom. The server is not publicly accessible and is protected by firewall controls.

All data in transit between your browser and our website is encrypted using TLS (HTTPS). Passwords are stored as one-way cryptographic hashes and cannot be read by anyone.

Payment processing is handled entirely by Square (Block, Inc.), a PCI-DSS compliant payment processor. Square’s privacy policy is available at squareup.com/legal/privacy.

6. How Long We Keep Your Data

Customer accounts — retained while your account is active. Request deletion at any time.
Order records — retained for 7 years to meet HMRC financial record-keeping requirements.
Product reviews — retained until you request removal.

7. Sharing Your Data

We share your data only where necessary:

Square (Block, Inc.) — payment processing. Square acts as a data processor under their PCI-DSS compliance and privacy policy.
Delivery carriers — your name and delivery address are shared with our shipping carrier (e.g. Royal Mail, Evri) to fulfil your order.
Email service provider — transactional emails are sent via our hosting provider's mail infrastructure.
Legal obligation — where required by law to disclose to authorities.

8. Cookies

We use only the following cookies:

Session cookie — essential for your shopping cart, account login and form security (CSRF protection). Deleted when you close your browser.
Cart cookie — stores your basket between visits. Expires after 30 days.

We do not use advertising cookies, Google Analytics, or social media tracking pixels.

9. Your Rights Under UK GDPR

Right of Access Request a copy of all personal data we hold about you.

Right to Rectification Ask us to correct inaccurate or incomplete data.

Right to Erasure Ask us to delete your data, subject to legal retention requirements.

Right to Restriction Ask us to restrict processing while a complaint is resolved.

Right to Data Portability Request your data in a structured, machine-readable format.

Right to Object Object to processing based on legitimate interests.

Contact us at Treasurekins20@yahoo.com to exercise any right. We will respond within 30 days at no charge. You can also manage your account directly via My Account.

If you are not satisfied with our response, you may complain to the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint or 0303 123 1113.

10. Children's Privacy

Our website is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy at any time. The "last updated" date at the top always reflects the current version.

12. Contact Us

Email: Treasurekins20@yahoo.com

Terms & Conditions → Back to Shop →