Privacy Policy

Last updated: [November 2025]

1. Introduction

Furnace Brook CIC ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

Our Details:

  • Company Name: Furnace Brook CIC

  • Company Number: 07434378

  • Address: Trolliloes, Hailsham, East Sussex, BN27 4QR

  • Contact Email: enquiries@furnacebrook.co.uk

  • Data Protection Contact: enquiries@furnacebrook.co.uk

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide to Us

We collect personal data that you provide when you:

  • Make a purchase or donation

  • Sign up for our mailing list

  • Contact us with enquiries

  • Use our website

This may include:

  • Name

  • Email address

  • Postal address

  • Phone number

  • Payment information (processed securely by our payment processor)

2.2 Information We Collect Automatically

When you visit our website, we automatically collect:

  • IP address

  • Browser type and version

  • Operating system

  • Pages visited and time spent on pages

  • Referring website

  • Cookie data (see Section 8)

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 To Process Transactions

  • Fulfilling orders and processing donations

  • Sending order confirmations and receipts

  • Managing refunds or exchanges

  • Legal Basis: Contractual necessity and legitimate interests

3.2 To Communicate With You

  • Responding to your enquiries

  • Sending important updates about your orders

  • Sending marketing communications (with your consent)

  • Legal Basis: Contractual necessity, consent, and legitimate interests

3.3 To Improve Our Services

  • Analyzing website usage through Google Analytics

  • Understanding customer preferences

  • Improving our website and user experience

  • Legal Basis: Legitimate interests

3.4 To Comply With Legal Obligations

  • Maintaining records for tax and accounting purposes

  • Complying with legal and regulatory requirements

  • Legal Basis: Legal obligation

4. Sharing Your Information

We only share your personal data with trusted third parties who help us operate our business:

4.1 Payment Processors

We use Stripe to process payments securely. Stripe collects and processes your payment information according to their own privacy policy. We do not store complete payment card details on our servers.

4.2 Analytics Services

We use Google Analytics to understand how visitors use our website. Google Analytics collects information anonymously and reports website trends. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4.3 Marketing Platforms

When we begin sending marketing emails, we will use third-party email marketing services. Your email address will be shared with these providers only if you have consented to receive marketing communications.

4.4 Social Media

Our website includes social media plugins (such as Facebook, Twitter, Instagram). These services may collect information about your visit to our website. Please refer to their respective privacy policies.

4.5 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our legal rights.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

5. Data Retention

We retain your personal data only for as long as necessary:

  • Transaction and order data: 7 years (for tax and accounting purposes)

  • Marketing data: Until you unsubscribe or withdraw consent

  • Analytics data: Up to 26 months (Google Analytics default setting)

  • General enquiry data: 2 years from last contact

After these periods, we will securely delete or anonymize your data.

6. Data Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. These include:

  • Secure Socket Layer (SSL) encryption for data transmission

  • Secure payment processing through PCI-DSS compliant providers

  • Regular security assessments

  • Access controls limiting who can view your data

  • Secure backup procedures

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Under UK GDPR, you have the following rights:

7.1 Right of Access

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification

You can ask us to correct inaccurate or incomplete data.

7.3 Right to Erasure

You can request that we delete your personal data in certain circumstances.

7.4 Right to Restrict Processing

You can ask us to limit how we use your data.

7.5 Right to Data Portability

You can request your data in a structured, commonly used format.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time.

7.8 Right to Complain

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk

  • Helpline: 0303 123 1113

  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

To exercise any of these rights, please contact us at enquiries@furnacebrook.co.uk

8. Cookies

Our website uses cookies to improve your browsing experience and analyze website traffic.

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website.

8.2 Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly

  • Analytics Cookies: Help us understand how visitors use our site (Google Analytics)

  • Functional Cookies: Remember your preferences

  • Social Media Cookies: Enable social media features and plugins

8.3 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling certain cookies may affect website functionality.

For more information, visit: www.aboutcookies.org

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any personal information.

10. Marketing Communications

10.1 Email Marketing

When we begin sending marketing emails, we will only do so with your explicit consent. You can unsubscribe at any time by:

  • Clicking the "unsubscribe" link in any marketing email

  • Contacting us at enquiries@furnacebrook.co.uk

10.2 What We'll Send

Marketing emails may include:

  • Information about our products and services

  • Special offers and promotions

  • News and updates about Furnace Brook CIC

11. International Data Transfers

We do not transfer your personal data outside the United Kingdom or European Economic Area (EEA).

12. Children's Privacy

Our website and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from someone under 18, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting the updated policy on our website with a new "Last Updated" date

  • Sending an email notification (if you have provided your email address)

We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: enquiries@furnacebrook.co.uk

Post: Furnace Brook CIC Trolliloes Hailsham East Sussex BN27 4QR

We will respond to your enquiry within 30 days.

Furnace Brook CIC - Company Number: 07434378