Privacy policy

In compliance with the UK GDPR and the Data Protection Act 2018

Last Updated:  March 2026 | Last Reviewed: March 2026

Questions? Contact wecare@happythreads.com

1. Data Controller

Happythreads is the Data Controller for personal information collected on this website.

  • Registered Address (Data Controller): G14 Calmount Park, Dublin, Ireland
  • UK Establishment: Unit 48A, Enniskillen Business Centre, 21 Lackaghboy Road, Enniskillen, BT74 4RL
  • Email: wecare@happythreads.com

2. Information We Collect & Why

To provide a seamless experience, we process personal data under the following legal bases: Contractual Necessity (to fulfil your order), Consent (for marketing emails and non-essential cookies), and Legitimate Interest (to improve our service). We only send marketing emails to customers who have actively opted in. You may withdraw your consent at any time.

Data Type Purpose System Used
Identity & Contact Order fulfilment, shipping, and automated support. Shopify, WaveOMS, Gorgias
Financial Data Secure payment processing and fraud prevention. Shopify Payments, PayPal
Transaction Data Accounting, VAT compliance, and inventory management. Xero, Stocky
Technical & Usage Website optimisation and performance tracking. GA4, Meta Pixel, Microsoft Clarity
Marketing Data Email marketing and newsletters (consent-based only). Mailchimp

3. How We Share Your Data

We do not sell your information. To operate our business, we share data with Data Processors who are contractually bound to protect your information:

  • E-commerce Platform: Shopify (including Shopify Payments).
  • Alternative Payments: PayPal and secure Bank Transfers.
  • Logistics & Fulfilment: WaveOMS (managing warehouse operations).
  • Accounting: Xero (handling HMRC compliance).
  • Customer Support: Gorgias (integrated helpdesk) and SnapEngage (Live Chat).
  • Marketing & Analytics: Mailchimp, Google Analytics 4, Microsoft Clarity and Meta Pixel.
  • Shipping & Delivery: We share your name, delivery address, and contact details with our courier partners (such as DPD, Royal Mail, and An Post) solely for the purpose of fulfilling your order.

4. International Data Transfers

Some of our service providers are based outside the United Kingdom. We ensure all international transfers of your personal data are protected by appropriate safeguards under UK GDPR:

  • Transfers to the EEA: The UK government has recognised the European Economic Area as providing an adequate level of data protection. Transfers to EEA-based processors are therefore permitted without additional safeguards.
  • Transfers to other countries (e.g. the United States, where Shopify, Mailchimp, and Gorgias operate): These are protected by the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as approved by the Secretary of State under UK GDPR Article 46.

5. Cookies and Tracking

We use cookies in accordance with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR. Non-essential cookies are not loaded until you provide your consent. Our cookie consent is managed via Cookiebot.

  • Necessary Cookies: Required for the cart and secure checkout.
  • Analytical Cookies: Help us understand site usage (GA4, Microsoft Clarity).
  • Marketing Cookies: Used for relevant advertising (Meta Pixel).

Your Choice: You can manage your preferences via our Cookiebot consent banner at any time. You have the right to "Reject All" non-essential cookies.

6. Data Retention

We keep your data only as long as necessary:

  • Financial Records: Retained for 6 years to comply with HMRC requirements.
  • Marketing Data: Retained until you unsubscribe, or after 24 months of inactivity.

7. Your Legal Rights

Under the UK GDPR, you have the following rights:

  1. Right of Access: Request a copy of your personal data.
  2. Right to Erasure: Request we delete your data (subject to legal and tax retention obligations).
  3. Right to Rectification: Request corrections to inaccurate or incomplete information.
  4. Right to Restriction of Processing: Request that we limit how we use your data in certain circumstances.
  5. Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
  6. Right to Object: Object to processing based on Legitimate Interest, including for direct marketing purposes.
  7. Right to Withdraw Consent: Unsubscribe from marketing at any time via the link in our emails or by contacting us directly.

To exercise any of these rights, email wecare@happythreads.com. We will respond to all requests within one calendar month as required by UK GDPR.

You also have the right to lodge a complaint with the UK supervisory authority: the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Automated Decision-Making

We do not use solely automated decision-making that produces legal effects or similarly significant effects on you. Human oversight is maintained across all key decisions relating to your account and orders.

9. Secure Shopping & Payments

We use industry-standard encryption to protect your data.

  • Credit/Debit Cards: Handled securely via Shopify Payments (PCI-DSS compliant).
  • Alternative Payments: Securely processed via PayPal.
  • Bank Transfers: We provide sort code and account number details for B2B/B2C transfers; we do not store your personal bank login credentials.

Security Note: We will never ask for your credit card details or bank passwords via email.