BROOLED Ltd Privacy and Cookie Policy
Last updated: January 24 2026
This Privacy and Cookie Policy explains how BROOLED Ltd (“we”, “us”, “our”) collects, uses, stores and shares personal data when you use our websites, place an order, request design services, or contact us.
This policy applies to:
brooled.co.uk
mwp-design.co.uk
Any other websites, checkout pages, forms, or services we operate that link to this policy (together, the “Services”).
We are committed to protecting your privacy and handling your personal data in line with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
1) Who we are (Data Controller)
Data Controller: BROOLED Ltd
Company No: 14442396 (England & Wales)
Registered address: 32 Albany Gardens, Whitley Bay, NE26 2DY, United Kingdom
Email: store@brooled.co.uk
Privacy enquiries: info@brooled.co.uk (recommended)
2) Personal data we collect
A. Data you provide to us
Depending on how you use our Services, we may collect:
Identity & contact details: name, email, phone number, billing/shipping address
Order details: items purchased, sizes/variants, customisations, order notes, delivery preferences
Payment-related details: payment method and transaction references (we do not store full card details when processed by third-party providers)
Design service details: briefs, brand info, revision requests, approvals, and communications
Customer support communications: emails, messages, and any information you choose to provide
B. Files you upload or share (design proofs and printing)
If you upload artwork or share files for proofing/printing, we may process:
Images, logos, print files (PDF/AI/PNG/JPG etc.)
Text content you provide for print
Proof approvals/confirmations
File storage: Design proof files and shared assets may be stored and managed using Google Drive and/or Apple iCloudfor collaboration and fulfilment workflows.
Important: Please avoid uploading sensitive personal data (e.g., ID documents, health data). If you include personal data in artwork (e.g., phone numbers on business cards), you are responsible for having the right to use it.
C. Data collected automatically (website usage)
When you browse our sites we may collect:
Device and technical data: IP address, browser type, device type, operating system, language
Usage data: pages viewed, clicks, referring pages, approximate location (from IP)
Cookie and tracking data: as described in our Cookie section
D. Marketing and newsletter data
If you subscribe, we may collect:
Email address, marketing preferences, and engagement (opens/clicks)
3) How we use your personal data
We use your personal data to:
Process orders and deliver products (including printing, packing and shipping)
Provide graphic design services, including concepts, revisions, proofing, and approvals
Communicate with you about orders, proofs, delivery updates, and support requests
Manage accounts and checkouts (WooCommerce and/or Shopify)
Prevent fraud and protect our business, sites, and customers
Improve our sites and services using analytics and performance tools
Send marketing where permitted (see Marketing section)
4) Lawful bases for processing (UK GDPR)
We process personal data under the following lawful bases:
Contract: to fulfil orders and provide design/printing services you request
Legal obligation: for accounting, tax, and regulatory compliance
Legitimate interests: to run and improve our business, prevent fraud, secure our systems, and measure site performance (balanced against your rights)
Consent: for non-essential cookies and certain marketing activities, where required under PECR/UK GDPR
5) Marketing communications
We may send marketing communications:
If you opt in, or
Where permitted under “soft opt-in” rules for existing customers (you can opt out anytime)
You can unsubscribe at any time using:
The unsubscribe link in emails, or
By contacting info@brooled.co.uk
We do not sell your personal data for money.
6) Who we share personal data with (processors and partners)
We share personal data only when necessary to provide the Services, including with:
Ecommerce platforms
WooCommerce / WordPress
Shopify (if you place orders or interact with storefront features hosted there)
Payments
Stripe
PayPal
Klarna
WooCommerce Payments
Bank transfer (your bank and ours will process the transaction details)
Printing and fulfilment
Depending on the product and your order, we may share the details required to print and fulfil with:
In-house printing (within BROOLED Ltd)
External print partners: Pixartprinting, Vistaprint, Gelato
Shared data typically includes: name, delivery address, product specs, and print files/customisation details.
Delivery and couriers
We may share your name, address, phone/email (where needed for delivery updates), and parcel details with:
Royal Mail, Parcelforce, FedEx, Evri, UPS, DHL
(used depending on destination, weight, and quantity)
Email and customer communications
Mailchimp (newsletter and marketing where applicable)
Other communication tools used to respond to enquiries/order updates
Analytics, advertising, and site tools (with consent where required)
Google Analytics
WP-Statistics
Meta / Facebook Pixel (including Meta Pixel)
Hotjar
Microsoft Clarity
File storage and collaboration (design proofs/assets)
Google Drive
Apple iCloud
We require service providers to protect data and use it only to provide services to us.
7) International data transfers
Some providers we use may process data outside the UK (for example in the United States or other jurisdictions).
Where personal data is transferred internationally, we use appropriate safeguards such as:
UK adequacy regulations where applicable, and/or
contractual protections (e.g., UK IDTA or equivalent safeguards), and
security and access controls
8) How long we keep your personal data
We keep personal data only as long as necessary for the purposes described:
Order and transaction records: typically 6 years (UK tax/accounting obligations)
Customer support correspondence: typically up to 24 months after resolution
Design proofs and print files: typically up to 12 months after order completion (unless you request earlier deletion or we need to retain for dispute resolution/legal compliance)
Marketing data: until you unsubscribe or object (then we keep minimal suppression records to respect your preferences)
Retention periods may vary depending on legal requirements and legitimate business needs.
9) Your data protection rights (UK GDPR)
You have rights to:
Access your data
Correct inaccurate data
Request deletion (where applicable)
Restrict processing
Object to processing (including marketing)
Data portability (where applicable)
Withdraw consent (where processing is based on consent)
To exercise rights, email info@brooled.co.uk. We may request identity verification to protect your information.
Complaints
If you’re unhappy with how we handle your data, you can complain to us first, or contact the UK regulator:
Information Commissioner’s Office (ICO).
10) Security
We use appropriate technical and organisational measures to protect personal data, including access controls and secure processing practices.
No system is 100% secure. If you believe your data may have been compromised, contact info@brooled.co.ukimmediately.
11) Children
Our Services are not intended for children under 16 and we do not knowingly collect personal data from children.
COOKIE POLICY
12) What are cookies?
Cookies are small text files stored on your device. We use cookies and similar technologies to:
Make the website work (essential functions)
Remember preferences
Understand site performance
Measure marketing effectiveness (where you consent)
Some cookies are set by us (“first-party”) and others by third parties (“third-party”).
13) Cookie consent
On your first visit (and periodically thereafter), we display a cookie consent banner allowing you to:
Accept all cookies
Reject non-essential cookies
Set preferences by category
Non-essential cookies (analytics, advertising, session replay) are used only where required and where you have given consent.
You can change cookie preferences at any time via [insert link to your cookie settings button/page, e.g., “Cookie Settings” in the footer].
14) Cookie table
Cookie names can vary by configuration and may change as providers update their systems. Below is a typical list based on the tools you use.
Essential cookies (necessary for site operation)
| Cookie | Provider | Purpose | Typical duration |
|---|---|---|---|
woocommerce_cart_hash | WooCommerce | Helps determine when cart contents change | Session |
woocommerce_items_in_cart | WooCommerce | Stores cart status | Session |
wp_woocommerce_session_* | WooCommerce | Stores a unique session code for cart data | 2 days |
wordpress_logged_in_* | WordPress | Keeps you logged in (if account features enabled) | Session |
wordpress_sec_* | WordPress | Security cookie for logged-in users | Session |
PHPSESSID (if used) | Site | Maintains session state | Session |
cookieyes-consent / consent cookie (varies) | Consent tool | Stores cookie preferences | Up to 12 months |
Analytics cookies (performance measurement)
| Cookie | Provider | Purpose | Typical duration |
|---|---|---|---|
_ga | Google Analytics | Distinguishes users | 2 years |
_ga_* | Google Analytics | Stores session state | 2 years |
_gid | Google Analytics | Distinguishes users | 24 hours |
_gat | Google Analytics | Throttles requests | 1 minute |
| (WP-Statistics may use no cookies depending on configuration) | WP-Statistics | Site analytics | Varies |
Advertising/marketing cookies
| Cookie | Provider | Purpose | Typical duration |
|---|---|---|---|
_fbp | Meta/Facebook | Delivers/measure ads | 3 months |
fr (may be used) | Meta/Facebook | Ad delivery and measurement | 3 months |
Session replay / behaviour analytics (requires consent)
| Cookie | Provider | Purpose | Typical duration |
|---|---|---|---|
_hjSessionUser_* | Hotjar | User identifier for behaviour analytics | 1 year |
_hjSession_* | Hotjar | Session data | 30 minutes |
_clck | Microsoft Clarity | Persists Clarity user ID | 1 year |
_clsk | Microsoft Clarity | Connects pageviews into a session | 1 day |
Email marketing (where used)
| Cookie | Provider | Purpose | Typical duration |
|---|---|---|---|
mc_* (varies) | Mailchimp | Tracks signup/forms and campaign effectiveness | Varies |
Shopify cookies (only where Shopify storefront is used)
| Cookie | Provider | Purpose | Typical duration |
|---|---|---|---|
_shopify_y | Shopify | Analytics | 1 year |
_shopify_s | Shopify | Session analytics | 30 minutes |
_shopify_sa_t / _shopify_sa_p | Shopify | Marketing/referral tracking | 30 minutes |
15) Managing cookies
You can manage cookies in three ways:
Use our site’s Cookie Settings tool (recommended)
Adjust browser settings to block/delete cookies
Use device-level privacy controls (mobile/tablet)
Blocking essential cookies may affect checkout and site functionality.
16) Changes to this policy
We may update this policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.
17) Contact us
For privacy questions or requests:
📧 info@brooled.co.uk
📍 BROOLED Ltd, 32 Albany Gardens, Whitley Bay, NE26 2DY, UK
