Last updated: May 2026

​

This Privacy Policy explains how Sue at Number 11 (“we”, “us”, “our”) collects, uses, stores and protects your personal data when you visit our website, place an order, contact us, or otherwise use our services (collectively, the “Services”).

For the purposes of UK data protection law, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, Sue at Number 11 is the “data controller” of your personal data.

​

Please read this Privacy Policy carefully.

 

1. Who We Are

​

Sue at Number 11

Carrow House Creatives

Carrow House

301 King Street

Norwich

Norfolk

NR1 2TN

United Kingdom

Email: sueatnumber11@gmail.com

 

2. Personal Data We Collect

​

We may collect and process the following categories of personal data:

Information You Provide Directly

Including when you:

• place an order

• create an account

• contact us

• subscribe to marketing

• enter competitions or promotions

• leave reviews or feedback

This may include:

• name

• billing address

• delivery address

• email address

• telephone number

• payment confirmation details

• account login details

• customer support communications

We do not store full payment card details. Payments are processed securely by third-party payment providers.

 

Information Collected Automatically

When you use our website, we may automatically collect:

• IP address

• browser type and version

• device information

• operating system

• referral source

• pages viewed

• time spent on pages

• purchase behaviour

• cookie identifiers

This information helps us improve website functionality, security and customer experience.

 

Information From Third Parties

We may receive personal data from:

• Wix

• payment processors

• delivery providers

• analytics providers

• advertising partners

• fraud prevention services

• social media platforms

 

3. How We Use Your Personal Data

​

We only process personal data where we have a lawful basis to do so under UK GDPR.

Contractual Necessity

We process personal data to:

• fulfil orders

• process payments

• provide customer support

• arrange shipping and returns

• manage customer accounts

Legitimate Interests

We may process data where necessary for our legitimate business interests, including:

• improving our website and services

• fraud prevention

• cybersecurity

• analytics and reporting

• responding to enquiries

• defending legal claims

• business administration

We ensure our legitimate interests do not override your rights and freedoms.

Consent

Where required by law, we rely on consent for:

• email marketing

• SMS marketing

• non-essential cookies

• personalised advertising

You may withdraw consent at any time.

Legal Obligations

We may process personal data to comply with legal and regulatory obligations, including tax, accounting and consumer protection requirements.

 

4. Marketing Communications

​

If you opt in, we may send you marketing communications about products, offers and updates.

You can unsubscribe at any time by:

• clicking the unsubscribe link in emails

• replying STOP to SMS messages

• contacting us directly

We will not send unsolicited direct marketing where prohibited by law.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• operate the website

• remember preferences

• analyse website traffic

• improve user experience

• measure advertising effectiveness

Where legally required, we obtain consent before placing non-essential cookies.

You can manage cookie preferences through your browser settings or cookie banner preferences.

For more information about Wix cookies, visit:
Wix Cookie Policy

​

6. Sharing Your Personal Data

​

We may share personal data with trusted third parties including:

• Wix

• payment providers

• shipping and fulfilment companies

• IT and website hosting providers

• analytics providers

• marketing platforms

• fraud prevention providers

• professional advisers

These third parties only process personal data on our instructions or under their own legal obligations.

We may also disclose information:

• where required by law

• to enforce our legal rights

• in connection with a business sale, merger or restructuring​

​

7. International Data Transfers

​

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

• UK International Data Transfer Agreements (IDTAs)

• UK Addendum to Standard Contractual Clauses

• adequacy regulations approved by the UK government

​

8. Data Retention

​

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including:

• fulfilling orders

• complying with legal obligations

• resolving disputes

• enforcing agreements

Retention periods may vary depending on the type of information and legal requirements.

 

9. Your Rights

​

Under UK GDPR, you may have the right to:

• access your personal data

• correct inaccurate data

• request deletion of your data

• restrict processing

• object to processing

• withdraw consent

• request portability of your data

• object to direct marketing

• lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact us at:
sueatnumber11@gmail.com

​

We may request proof of identity before responding to requests.

 

10. Complaints

​

If you are unhappy with how we handle your personal data, please contact us first.

You also have the right to complain to the UK Information Commissioner’s Office:

Information Commissioner’s Office (ICO)

11. Security

We implement appropriate technical and organisational security measures designed to protect personal data against unauthorised access, misuse, loss or disclosure.

However, no online transmission or storage system can be guaranteed completely secure.

12. Children’s Privacy

Our Services are not intended for children under 13 years old, and we do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child unlawfully, we will delete it promptly.

13. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for their privacy practices or content.

Please review their privacy policies separately.

14. Automated Decision-Making

We do not carry out solely automated decision-making or profiling that produces legal or similarly significant effects on individuals.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical or business developments.

Updated versions will be posted on our website with a revised “Last updated” date.

​

16. Contact Us

​

If you have questions about this Privacy Policy or your personal data, please contact:

​

Sue at Number 11

Carrow House Creatives

Carrow House

301 King Street

Norwich

Norfolk

NR1 2TN

United Kingdom

Email: sueatnumber11@gmail.com