Privacy Policy

1. Who We Are

mysterydumpling.co.uk is a trading name of Specter Marketing Limited, registered in England and Wales (Company No. 10946220). We are the data controller for personal data collected through this website.

For any privacy-related queries, please contact us via our contact page.

2. What Personal Data We Collect

We collect the following categories of personal data when you use our website:

• Identity data: your name, as provided when placing an order.
• Contact data: your email address and delivery address.
• Transaction data: details of products you have purchased, order values, and payment status. We do not store your card details — all payment processing is handled securely by Stripe.
• Technical data: your IP address, browser type, device information, and pages visited, collected automatically via our server logs and session cookies.
• Communications data: any messages you send us via our contact form or helpdesk, including your name and email address.

3. How We Collect Your Data

• Directly from you when you place an order, complete our contact form, or communicate with our support team.
• Automatically via cookies and session data when you browse our website.
• From third parties — Stripe (our payment processor) provides us with payment confirmation and basic order fulfilment data.

4. Why We Use Your Data (Legal Bases)

We process your personal data under the following legal bases:

• Contract performance (Article 6(1)(b) UK GDPR): to process your order, arrange delivery, and provide customer support.
• Legal obligation (Article 6(1)(c) UK GDPR): to comply with our legal and regulatory obligations, including tax and accounting requirements.
• Legitimate interests (Article 6(1)(f) UK GDPR): to maintain the security of our website, prevent fraud, improve our service, and manage our business operations. We have assessed that these interests are not overridden by your rights and freedoms.
• Consent (Article 6(1)(a) UK GDPR): where you have explicitly consented to a specific use of your data, such as receiving marketing communications.

5. How We Use Your Data

• To process and fulfil your orders, including sending order confirmation emails.
• To communicate with you about your order status, returns, or support queries.
• To maintain records of transactions for accounting and legal compliance.
• To detect and prevent fraudulent transactions.
• To improve the functionality and user experience of our website.

We will never sell your personal data to third parties, nor use it for automated decision-making or profiling.

6. Who We Share Your Data With

We share personal data only where necessary with the following categories of recipients:

• Stripe, Inc. — our payment processor. Stripe processes your payment data under their own privacy policy and is a certified PCI-DSS Level 1 service provider. See stripe.com/gb/privacy.
• Delivery and logistics providers — where necessary to fulfil and ship your order.
• Our hosting and infrastructure providers — who process data on our behalf under data processing agreements.
• Law enforcement or regulatory authorities — where required to do so by law or court order.

All third-party processors are required to handle your data securely and in accordance with applicable data protection law.

7. International Transfers

Some of our third-party service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place — such as UK adequacy decisions or Standard Contractual Clauses — to protect your data in line with UK GDPR requirements.

8. How Long We Keep Your Data

• Order and transaction data: retained for 7 years from the date of purchase to comply with HMRC accounting obligations.
• Support communications: retained for 3 years from the date of last contact, or until the matter is resolved.
• Technical and session data: session cookies expire at the end of your browsing session; server logs are retained for up to 90 days.

After the applicable retention period, your data is securely deleted or anonymised.

9. Cookies

We use the following types of cookies:

• Essential cookies: required for the website to function, including your shopping basket session. These cannot be disabled.
• Analytics cookies: used to understand how visitors interact with our site. We only use these with your consent.

You can manage or disable non-essential cookies through your browser settings at any time.

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct inaccurate or incomplete data.
• Right to erasure — you may ask us to delete your personal data, subject to legal retention obligations.
• Right to restriction — you may ask us to restrict processing of your data in certain circumstances.
• Right to data portability — you may request your data in a structured, machine-readable format.
• Right to object — you may object to processing based on legitimate interests, including for direct marketing purposes.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us via our contact page. We will respond within 30 days. We may need to verify your identity before processing your request.

11. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. All payment data is handled exclusively by Stripe and is never transmitted to or stored on our servers. Our website uses HTTPS encryption for all data in transit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The version published on this page applies from the date shown at the top. We encourage you to review this policy periodically.

14. Contact Us

For any questions about this Privacy Policy or how we handle your data, please contact us via our contact page or write to us at: