Privacy policy

Last updated: May 2026

1. Introduction

This Privacy Policy explains how Penelope Chilvers Limited (“Penelope Chilvers”, “we”, “us” or “our”) collects, uses, stores and protects your personal data when you:

  • visit our website at penelopechilvers.com (the “Site”);
  • create an account with us;
  • purchase products from us;
  • subscribe to our marketing communications;
  • interact with us on social media;
  • contact our customer services team; or
  • otherwise engage with our brand.

We are committed to protecting your privacy and handling your personal data transparently and securely.

2. Who We Are

Penelope Chilvers Limited is the data controller responsible for your personal data.

Penelope Chilvers Limited Registered in England & Wales Company number: 06855823 VAT number: GB848 3449 90

Registered office: 69 Duke Street Mayfair London W1K 5NX United Kingdom

Email: customerservices@penelopechilvers.com Telephone: +44 (0)20 8969 2506

For any privacy-related queries, please contact:

Data Protection Contact Email: customerservices@penelopechilvers.com

3. Personal Data We Collect

We may collect, use, store and transfer different types of personal data about you, including:

Identity Data

  • first name and surname;
  • title;
  • username or account identifier;
  • date of birth (where voluntarily provided);
  • social media handle or username.

Contact Data

  • billing address;
  • delivery address;
  • email address;
  • telephone number.

Financial and Transaction Data

  • payment method details;
  • transaction records;
  • order history;
  • refunds and exchanges;
  • gift card transactions.

Payment card information is processed securely by our payment providers and is not stored directly on our systems.

Technical Data

  • IP address;
  • browser type and version;
  • time zone setting and location;
  • device information;
  • operating system and platform;
  • website interaction data.

Usage Data

  • pages viewed;
  • products searched for;
  • basket activity and abandoned baskets;
  • clickstream data;
  • time spent on pages;
  • navigation paths.

Marketing and Communications Data

  • marketing preferences;
  • email engagement;
  • SMS engagement;
  • competition entries;
  • review submissions;
  • customer service interactions.

User Generated Content

  • product reviews;
  • uploaded images;
  • social media content shared with us or tagged for reposting.

We may also collect aggregated or anonymised information that does not directly identify you.

4. How We Collect Your Data

We collect personal data:

  • when you place an order;
  • when you create an account;
  • when you sign up for marketing;
  • when you contact customer services;
  • when you enter competitions or promotions;
  • when you submit reviews or user content;
  • when you browse our Site;
  • through cookies and tracking technologies; and
  • from selected third-party partners.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

To Process Orders

Including:

  • processing payments;
  • delivering products;
  • managing returns and refunds;
  • communicating about your order.

To Manage Your Account

Including:

  • maintaining your account;
  • providing customer support;
  • managing saved preferences and order history.

To Improve Our Website and Services

Including:

  • analysing website performance;
  • understanding customer behaviour;
  • improving product selection and user experience.

Marketing Communications

Where permitted by law, we may send you:

  • marketing emails;
  • SMS marketing messages;
  • personalised offers;
  • product recommendations;
  • invitations to events or promotions.

You can unsubscribe from marketing at any time by:

  • clicking the unsubscribe link in emails;
  • replying STOP to SMS messages where applicable; or
  • contacting us directly.

Fraud Prevention and Security

We may use your information to:

  • verify transactions;
  • detect suspicious activity;
  • prevent fraud and misuse of our services.

Reviews and User Generated Content

We may publish reviews, photographs and other content submitted by customers.

6. Lawful Bases for Processing

Under UK GDPR and applicable European data protection laws, we rely on one or more of the following lawful bases when processing your personal information:

Contractual Necessity

Where processing is necessary to fulfil our contract with you, including:

  • processing payments;
  • delivering orders;
  • managing returns and exchanges;
  • administering your account; and
  • providing customer support.

Legitimate Interests

Where processing is necessary for our legitimate business interests, including:

  • improving our Services and customer experience;
  • fraud prevention and website security;
  • analytics and performance monitoring;
  • personalised marketing and recommendations;
  • business administration and operational management.

We ensure that our legitimate interests do not override your rights and freedoms.

Consent

Where required by law, including for:

  • certain email and SMS marketing communications;
  • non-essential cookies and tracking technologies; and
  • certain advertising and personalisation activities.

You may withdraw your consent at any time.

Legal Obligations

Where processing is necessary to comply with legal or regulatory obligations.

7. Marketing and Profiling

We may analyse your browsing behaviour, purchase history and interactions with our communications in order to:

  • personalise marketing;
  • recommend products;
  • improve customer experience;
  • tailor advertising and promotions.

This activity does not involve automated decision-making that produces legal or similarly significant effects.

8. SMS Marketing

Where you opt in to SMS marketing, we may send promotional text messages relating to:

  • product launches;
  • offers and promotions;
  • basket reminders;
  • events and announcements.

Message frequency may vary.

You may opt out at any time by following the unsubscribe instructions in the message or contacting us directly.

9. Cookies and Tracking Technologies

We use cookies, pixels, tags and similar technologies on our Site.

These technologies help us:

  • operate the Site;
  • remember preferences;
  • analyse traffic and performance;
  • personalise content and advertising;
  • measure marketing effectiveness.

We may use:

  • essential cookies;
  • analytics cookies;
  • functionality cookies;
  • advertising and targeting cookies.

Our Site uses tracking technologies provided by third parties including Shopify, Google and Meta.

You can manage your cookie preferences using our cookie management tool.

For more information, please see our Cookie Policy.

10. Third-Party Service Providers

We work with trusted third-party providers to operate our business and services.

These may include:

  • Shopify and Shopify Payments;
  • PayPal;
  • Klarna;
  • Clearpay;
  • Apple Pay;
  • Google Pay;
  • Dotdigital;
  • Meta;
  • Google Analytics 4;
  • Judge.me;
  • Zendesk;
  • delivery and logistics providers; and
  • fraud prevention and payment verification providers.

These providers process personal data on our behalf and are contractually required to protect your information.

These providers process personal data on our behalf and are contractually required to protect your information.

11. Sharing Your Information

We do not sell your personal data.

We may share your information where necessary with:

  • payment providers;
  • delivery partners;
  • technology providers;
  • marketing service providers;
  • analytics providers;
  • professional advisers;
  • regulators or law enforcement authorities;
  • prospective purchasers of our business.

We may disclose personal data where required to:

  • comply with legal obligations;
  • enforce our terms;
  • protect our rights, property or customers;
  • detect or prevent fraud or security issues.

12. International Transfers

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including:

  • adequacy regulations;
  • International Data Transfer Agreements (IDTAs);
  • Standard Contractual Clauses (SCCs); or
  • other lawful transfer mechanisms.

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data.

These measures include:

  • encryption;
  • secure payment processing;
  • restricted access controls;
  • monitoring and fraud prevention tools.

Although we take reasonable steps to secure your data, no method of internet transmission or storage is completely secure.

14. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes set out in this Privacy Policy, including:

  • fulfilling orders;
  • managing customer accounts;
  • legal, tax and accounting obligations;
  • fraud prevention;
  • resolving disputes.

Retention periods may vary depending on the type of data and legal requirements.

When personal data is no longer required, it will be securely deleted or anonymised.

15. Your Rights

Under applicable data protection laws, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion of your data;
  • restrict processing;
  • object to processing;
  • request transfer of your data;
  • withdraw consent;
  • opt out of direct marketing.

You may exercise your rights by contacting us at customerservices@penelopechilvers.com.

We may use your browsing behaviour, purchase history and interactions with our communications to personalise recommendations, marketing and advertising. This profiling does not involve automated decision-making that produces legal or similarly significant effects.

Where permitted by applicable law, we may send marketing communications by email, SMS and post. You can opt out at any time by:

  • clicking the unsubscribe link in emails;
  • replying STOP to SMS communications where applicable; or
  • contacting us directly.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

https://www.ico.org.uk

16. Children

Our Site is not intended for children under the age of 16.

We do not knowingly collect personal data from children.

17. Third-Party Websites

Our Site may contain links to third-party websites or services.

We are not responsible for the privacy practices or content of third-party websites.

We encourage you to review the privacy policies of any third-party sites you visit.

18. Competitions and Promotions

Where you enter competitions, giveaways or promotions, we may process your personal data to:

  • administer the promotion;
  • verify eligibility;
  • contact winners;
  • deliver prizes.

Participation in competitions is not conditional on consenting to marketing communications.

Where you separately opt in to marketing, you may withdraw consent at any time.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Any changes will be posted on this page and will take effect immediately upon publication.

We encourage you to review this Privacy Policy periodically.

20. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

Penelope Chilvers Limited 69 Duke Street Mayfair London W1K 5NX United Kingdom

Email: customerservices@penelopechilvers.com Telephone: +44 (0)20 8969 2506