GDPR - Privacy Policy

We understand that privacy and the security of your personal information is -

extremely important. This policy sets out what we do with your information and what

we do to keep it secure. It also explains where and how we collect your personal

information, as well as your rights over any personal information we hold about you.

This policy applies to you if you use our products or services over the phone, online,

or through our mobile application. This policy gives effect to our commitment to

protect your personal information.

Who are we?

When we say ‘we’ or ‘us’ or “White Witch” in this policy, we are referring to White

Witch, 1 Church Street, Waltham Abbey, Essex, EN9 1DX. It also includes any other

businesses we add to this group in the future.

What sorts of information do we hold?

We collect information about you when you place an order for products or services.

Website usage information is collected using cookies.

Information that you provide to us such as your name, address, telephone number,

email address, bank account and payment card details and any feedback you give to

us, including by phone, email or post.

Information about the Services that we provide to you (including for example, the

things we have provided to you, when and where, what you paid, the way you use

our products and Services, and so on);

Information about any device you have used to access our Services (such as your

device’s make and model, browser or IP address) and how you use our Services;

Your contact details and details of the emails and other electronic communications

you receive from us, including whether that communication has been opened and if

you have clicked on any links within that communication.

How do we use your information?

Under the General Data Protection Regulations (GDPR) we have a number of lawful

reasons that we can use (or ‘process’) your personal information. One of the lawful

reasons is called ‘legitimate interests’. Broadly speaking Legitimate Interests means

that we can process your personal information if we have a genuine and legitimate

reason and we are not harming any of your rights and interests.

When you provide your personal details to us we use your information for our

legitimate business interests to carry out our work of providing you with products and

services. Before doing this, though, we will also carefully consider and balance any

potential impact on you and your rights.

Some typical examples of when we might use the approach are for preventing fraud,

maintaining the security of our systems, data analytics, enhancing, modifying or

improving our services, identifying usage trends and determining the effectiveness of

our sales.

We will process the personal information you have supplied to us to conduct and

manage our business to enable us to give you the products and services you have

ordered. These are what we consider to be our ‘Legitimate Interests’.

Our interests

The following are some examples of when and why we would use this approach in

our work:

 In order for us to process an order, payment has to be taken and contact

information collected, such as name, delivery address and telephone number,

provided. Both the buyer and seller would need to record the transaction, help

answer your questions and solve any issues you have.

 Communication: We will make best effort to ensure our communication is tailored

and relevant for you wherever we deem you to be in the sales cycle.

 Your best interest: Processing your information to protect you against fraud when

transacting on our website, and to ensure our websites and systems are secure.

 Personalisation: Where the processing enables us to enhance, modify,

personalise or otherwise improve our services for the benefit of our customers

and prospects.

 Analytics: To process your personal information for the purposes of customer

analysis, assessment, on a personalised or aggregated basis, to help us with our

activities, if this does not harm any of your rights and interests.

 Research: To determine the effectiveness of and develop our products, services,

systems and relationships with you.

 Due Diligence: We may need to conduct investigations on supporters, potential

customers and business partners to determine if those companies and individuals

have been involved or convicted of offences such as fraud, bribery and


Your interests

When we process your personal information for our legitimate interests, we will

consider and balance any potential impact on you and your rights under data

protection and any other relevant law. Our legitimate business interests do not

automatically override your interests – we will not use your personal data for

activities where our interests are overridden by the impact on you (unless we have

your consent or are otherwise required or permitted to by law).

You will never receive unsolicited emails, telephone calls or mail from us. We will

only contact you to acknowledge your order, if goods are unavailable, or in response

to your request.

Remember, you can change the way you hear from us or withdraw your permission

for us to process your personal details at any time by using our contact details


Who we might share your information with?

We will only share information about you within White Witch to allow us to process

your order. We will not disclose your information to third parties, other than when

order details are processed as part of the order fulfilment, for goods delivery


Your rights

Access and correction of your personal information

You have the right to access the personal information that we hold about you in

many circumstances. This is sometimes called a ‘Subject Access Request’. If we

agree that we are obliged to provide personal information to you, (or someone else

on your behalf), we will provide it to you, or them, free of charge.

Before providing personal information to you or another person on your behalf, we

may ask for proof of identity and sufficient information about your interactions with us

so that we can locate your personal information.

If any of the personal information we hold about you is inaccurate or out of date, you

may ask us to correct it.

Right to stop or limit our processing of your data.

You have the right to object to us processing your personal information if we are not

entitled to use it any more, to have your information deleted if we are keeping it too

long or have its processing restricted in certain circumstances.

If you would like to exercise these rights, please contact us via one of the

mechanisms set out below.

How long do we keep your information for?

We will retain your personal information for the period necessary to fulfil the

purposes outlined in this Privacy Policy unless a longer retention period is required

or permitted by law.


Cookies are text files placed on your computer to collect standard internet log

information and visitor behaviour information. This information is used to track visitor

use of the website and to compile statistical reports on website activity, aid

navigation and to keep track of the contents of your shopping basket.

You can set your browser not to accept cookies. However, in a few cases some of

our website features may not function as a result.

Links to other websites

We sometimes provide you with links to other websites, but these websites are not

under our control. Therefore, we will not be liable to you for any issues arising in

connection with their use of your information, the website content or the services

offered to you by these websites. We advise you to consult the privacy policy and

terms and conditions on each website to see how each supplier may process your



We take security measures to protect against unauthorised access, improper use,

alteration, destruction or accidental loss of your personal information including:

 implementing access controls to our information technology, such as firewalls, ID

verification and logical segmentation and/or physical separation of our systems

and information.

 accepting payment on our website only via PayPal.

Contact Us

If you would like to exercise one of your rights as set out above, or you have a

question or a complaint about this policy or the way your personal information is

processed, please contact us by one of the following means:

By email:

By post: The Proprietor, White Witch, 1 Church Street, Waltham Abbey, Essex, EN9


You also have the right to lodge a complaint with the UK regulator, the Information

Commissioner. Please go to to find out more.

Policy change

We keep our privacy policy under regular review and we will place any updates on

this web page. This privacy policy was most recently updated in May 2018.