Responsible Disclosure Statement
Brooled Store
Last updated: 24. January 2026
This Privacy Policy sets out how Brooled Ltd, trading as Brooled, collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller responsible for your personal data is:
Brooled Ltd
Registered in England and Wales
Website: https://brooled.co.uk
Email: store@brooled.co.uk
Telephone: 0191 433 2094
2. Scope of This Policy
This policy applies to all personal data collected through websites owned, controlled, and operated by Brooled Ltd, including the main website and its sub-websites.
This includes, but is not limited to:
https://brooled.co.uk – the main Brooled website
https://weleda.brooled.co.uk – the Brooled Weleda Store
https://mwp-design.brooled.co.uk – the Graphic Design and Printing website
The MWP-Design website may also be accessed via https://mwp-design.co.uk, which is likewise owned and operated by Brooled Ltd.
This policy applies to personal data collected when users interact with any of the above websites, including when:
Browsing the website
Creating an account or logging in
Placing an order
Contacting customer support
Interacting with marketing or advertising activities
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identity & Contact Data
First name and surname
Billing and delivery address
Email address
Telephone number
3.2 Account & Authentication Data
Website account credentials
Google Account login information (where used)
3.3 Transaction Data
Order details
Payment method used
Purchase history
3.4 Technical & Usage Data
IP address
Browser type and version
Device identifiers
Pages visited and interaction data
4. Lawful Basis for Processing
We process personal data under the following lawful bases as defined by Article 6 of UK GDPR:
Contractual necessity: to process and deliver orders
Legal obligation: to comply with accounting, tax, and regulatory requirements
Legitimate interests: to operate, improve, and secure our website and services
Consent: for marketing communications and non-essential cookies
You may withdraw consent at any time where consent is the lawful basis.
5. Cookies, Analytics & Tracking
Our websites operate on WooCommerce and use cookies and similar technologies for functionality, analytics, and advertising purposes.
We use the following tools:
Google Analytics
Google Search Console
WP Statistics
Facebook Pixel
Instagram Pixel
X (Twitter) API
Google Analytics, WP Statistics, and social media tracking tools may collect anonymised or pseudonymised usage data to help us understand how visitors interact with our websites.
Google Search Console is used solely to monitor and improve website visibility and performance in Google search results. Google Search Console does not use cookies and does not collect personal data relating to individual website users. All data provided is aggregated and anonymised.
Cookie preferences can be managed via browser settings or cookie consent tools available on our websites.
6. Advertising & Marketing
We use Google Ads and Facebook Ads to promote our products and services. Marketing data is processed in accordance with applicable consent requirements. You may opt out of marketing communications at any time.
7. Payment Processing
Payments are securely processed by third-party providers. We do not store full payment card details.
Payment providers include:
Stripe
PayPal
Klarna (via Stripe)
Clearpay (via Stripe)
These providers act as independent data controllers for payment data and process information in accordance with their own privacy policies.
8. Data Sharing & Third Parties
We do not sell personal data to third parties.
We may share personal data only where necessary to fulfil contractual or legal obligations, including:
8.1 Delivery & Logistics Providers
Royal Mail
Evri
DHL
Parcel Force
FedEx
Shared data may include name, delivery address, and email address.
8.2 Manufacturer Fulfilment
To process and fulfil orders, personal data may be shared with:
WELEDA
AVON
ESSENS
HERBALIFE
FOREVER LIVING PRODUCTS
MWP-DESIGN
Shared data includes name, address, and email address and is used solely for order fulfilment purposes.
9. Social Media Platforms
We maintain a presence on:
Facebook
YouTube
Instagram
TikTok
X (Twitter)
Any interaction with these platforms is subject to their respective privacy policies. We are not responsible for how these platforms process personal data.
10. International Data Transfers
Our websites are hosted by Spaceship, with servers located in the United States. Where personal data is transferred outside the UK, appropriate safeguards are in place in accordance with UK GDPR, including standard contractual clauses or equivalent protections.
11. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.
12. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration.
13. Your Rights Under UK GDPR
You have the right to:
Access your personal data
Rectify inaccurate data
Request erasure of your data
Restrict processing
Object to processing
Data portability
Withdraw consent at any time
Requests may be submitted to store@brooled.co.uk.
14. Complaints
If you believe your data protection rights have been breached, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
15. Policy Updates
We reserve the right to update this policy at any time. Changes will be published on our websites and take effect immediately upon posting.
