Login

Country

Cart

Your cart is empty

PRIVACY POLICY

Page Updated (effective date): 26 November 2025
Operated by Steven Patrick Sim t/a The Tartan Artisan®
Governing Law: Scotland | Compliance Framework: UK GDPR, Data Protection Act 2018 & Data (Use and Access) Act 2025

 

 

1. Purpose of this Policy

This Privacy Policy explains how The Tartan Artisan® collects, uses, stores, and protects your personal information when you visit or make a purchase from thetartanartisan.com or any affiliated domain, including tartan.love and project pages such as TARTAN250 and Star-Spangled Banner / Tartan 250 collections.

It also covers data processed through our trusted fulfilment partners — Print Space Studios Limited (trading as theprintspace and Creative Hub), Contrado, and our approved kilt manufacturers (Glenisla Kilts Ltd.), together with the technology and ecommerce services provided by Shopify that power this store and checkout.

This Privacy Policy is updated to reflect developments under the Data (Use and Access) Act 2025 (DUAA), which amends and builds upon the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. DUAA is being commenced in stages; we keep this policy under review as official guidance evolves.

We are committed to processing your data lawfully, fairly, and transparently, in line with UK data protection law.

 

 

2. Who We Are

Data Controller: Steven Patrick Sim t/a The Tartan Artisan®
Studio / Trading Address: 55 Lordburn, Arbroath, Angus, DD11 1JD, Scotland (studio open by appointment only)
Telephone: 07590 566777
Contact Email: enquiries@thetartanartisan.com
VAT Number: GB-312816916

If you have any questions about this policy or how we handle your data, you can contact us using the details above.

 

 

3. Information We Collect

We collect and process the following categories of personal data, depending on how you interact with us and the services you use:

  • Identity & Contact Data: name, billing address, shipping address, email address, telephone number, country of residence.
  • Account Data: if you choose to create an account, we process your login details (such as email, password), saved addresses, preferences, order history and wishlist.
  • Transaction & Order Data: purchase details, order numbers, products ordered, returns, exchanges, refunds and related correspondence.
  • Payment & Billing Data: payment method, billing contact details and transaction confirmations. Card numbers and sensitive payment details are processed securely by Shopify Payments, PayPal, Stripe or other payment providers and are not stored by us in full.
  • Device & Usage Data: IP address, browser type and version, device identifiers, operating system, pages viewed, time spent on pages, interaction with site features, and referring/exit pages. This may be collected through cookies, pixels and similar technologies.
  • Marketing & Communications Data: newsletter subscriptions, marketing preferences, competition entries, and records of communications where you contact us for support or enquiries.
  • Additional Order Data: details you provide for custom or made-to-measure items (for example, body measurements, garment specifications and style preferences for kilts and related products).

We collect this information directly from you (for example, when you place an order, create an account, sign up for emails or contact us), automatically through your use of our website and Shopify-powered services (via cookies and similar technologies), and via partner ordering platforms such as theprintspace CreativeHub and Contrado print-on-demand systems where they process data on our behalf.

 

 

4. How We Use Your Information

We use your personal data for the following purposes:

  1. To fulfil orders and deliver products.
    • Studio-produced items and kilts are processed in-house, with your supplied sizes, garment specifications and name being provided to Glenisla Kilts (or approved tailors) solely for the purpose of producing and quality-checking your garment.
    • Fine-art prints are fulfilled by theprintspace via its UK, EU and US labs.
    • Print-on-demand products are produced and shipped by Contrado Imaging Ltd (London).
    • Shopify and integrated payment providers process your payment and support order management, shipping and returns.
  2. To provide, tailor and improve our services.
    • Operating our website and checkout, remembering your preferences, and displaying content in a way that works on your device.
    • Understanding how visitors use the site so we can improve layout, navigation, product ranges and performance.
    • Recommending products that may interest you based on your browsing or purchase history, where this is appropriate and lawful.
  3. To communicate with you.
    • Responding to enquiries and support requests.
    • Sending order confirmations, shipping updates, issue resolution messages and service notifications.
  4. To maintain legal and financial records.
    • Keeping accounting, tax and transaction records required by law (for example, HMRC record-keeping obligations).
    • Maintaining documentation relating to orders, refunds, complaints or disputes.
  5. To keep our services secure and prevent fraud.
    • Protecting our website, systems and customers from unauthorised access, abuse, spam and fraudulent transactions.
    • Using limited data for security monitoring, chargeback investigation and abuse prevention.
  6. To send marketing updates (where you consent).
    • Sending newsletters, launch announcements and offers by email, only where you have actively opted in.
    • You can unsubscribe at any time using the link in our emails or by contacting us.

 

 

5. Our Legal Bases for Processing

We process your personal data on the following lawful bases under UK GDPR:

  • Performance of a contract: to process and fulfil your orders, take payment, provide customer service, manage returns and operate your online account.
  • Legal obligation: to meet our obligations under tax, accounting and consumer protection laws, and to respond to lawful requests from authorities.
  • Legitimate interests: to operate and protect our business (for example, website security and fraud prevention), to understand how our site is used, to improve our products and services, and to promote similar products to existing customers in a measured way. Where we rely on this basis, we balance our interests against your rights and expectations.
  • Consent: for sending marketing communications by email and for the use of certain non-essential cookies and similar technologies where required by law. You can withdraw consent at any time.

Purpose Lawful basis (UK GDPR Art. 6)
Order processing & delivery (including managing your online account and customer support) Performance of a contract
Accounting, tax records & legal compliance Legal obligation
Website operation, analytics & service improvement Legitimate interests (to operate, protect and improve our business and services)
Marketing communications (email newsletters, launch announcements and offers) Consent (and, where applicable for existing customers, legitimate interests)
Security, fraud prevention & abuse monitoring Legitimate interests (to protect our business, our customers and the public)


The Data (Use and Access) Act 2025 introduces a concept of recognised legitimate interests for specific activities in the wider public interest (for example, serious crime and public security). These provisions sit alongside the lawful bases above. For the ordinary running of this store we generally rely on contract, legal obligation, legitimate interests and consent as described, and we will update this policy if our use of recognised legitimate interests changes.

 

 

6. Sharing Your Information

We share only the minimum necessary information with trusted third parties for the purposes described in this policy:

  • Shopify Inc. and its affiliates – our ecommerce platform provider, which hosts the store, supports checkout and payments, provides analytics and security services, and helps us manage orders and customer accounts.
  • Print Space Studios Limited – for fine-art print and framing fulfilment from its UK, EU and US production sites.
  • Contrado Imaging Ltd. – for on-demand production and logistics of certain printed products from its London operations.
  • Glenisla Kilts Ltd. / approved tailors – to manufacture, alter and quality-check made-to-measure kilts and related garments using measurements and order details you provide.
  • Service providers and professional advisers – such as couriers, payment processors, IT and hosting providers, accountants and legal advisers who support our business.
  • Marketing and advertising partners – where we use tools such as Meta Pixel or Google services to understand performance and, where lawful, show relevant adverts. These partners will process data under their own privacy policies.
  • Public authorities and law enforcement – where we are legally required to disclose information, or where disclosure is necessary to protect our rights, customers or the public.

All partners that act as data processors for us are engaged under appropriate contracts and are required to handle information securely and lawfully.

We do not sell, rent, or trade your personal data.

 

 

7. Relationship with Shopify & Shopify Network Intelligence

Our store is built on and hosted by Shopify. When you use this website or place an order, some of your personal information is collected and processed through Shopify’s systems so that the Services can function (for example, to power checkout, process payments, prevent fraud and provide analytics).

In many cases, Shopify acts as our data processor, processing personal data on our behalf to help us run this store. In some situations, Shopify also acts as an independent data controller for its own purposes, such as improving its platform, providing cross-merchant analytics, security and advertising-related services sometimes described as Shopify Network Intelligence.

Where Shopify processes your personal information as an independent controller (for example, in connection with network-level analytics or advertising services across different merchants), Shopify is responsible for that processing and for enabling you to exercise your rights in respect of it.

To understand how Shopify uses personal information, and to exercise your rights in relation to data that Shopify controls, you can visit:

When you make a rights request to us (for example, for deletion) we will, where appropriate, also work with Shopify so that data processed on our behalf in connection with this store is updated or erased as required.

 

 

8. International Transfers

Some of our partners (including Shopify and theprintspace’s overseas labs) are based outside the UK, or use servers located outside the UK and European Economic Area (EEA). This means your personal data may be transferred internationally.

Where such transfers occur, we rely on appropriate safeguards, which may include:

  • Adequacy regulations issued by the UK government confirming that the destination country provides an acceptable level of protection for personal data; and/or
  • Standard Contractual Clauses or similar contractual protections approved by the UK and/or EU authorities, together with any additional measures that may be required.

Under the DUAA, the UK has introduced a “not materially lower” standard for assessing the protections offered by other jurisdictions. We aim to ensure that any international transfers of your data are carried out in line with this requirement.

 

 

9. Data Retention

  • Order records & invoices are generally kept for 6 years to comply with HMRC and accounting requirements.
  • Customer accounts and routine correspondence are usually retained for up to 3 years after your last meaningful interaction with us, then securely deleted or anonymised, unless a longer period is required (for example, in connection with a dispute).
  • Analytics and cookie data is typically kept for up to 14 months, depending on the tools in use and your cookie preferences (see Cookie Policy).

We may keep information for longer where we have an unresolved issue, need to establish or defend legal claims, or are required to do so by law. When data is no longer needed, we will delete it or anonymise it so it can no longer be linked to you.

 

 

10. Cookies & Tracking

We use cookies and similar technologies to operate our Shopify store, to understand how visitors use the site, and (where authorised) to measure and deliver advertising. This may involve tools such as Google Analytics 4 and Meta Pixel.

Full details are set out in our Cookie Policy.

You can manage or withdraw consent at any time through the cookie banner on our site or your browser settings. Where supported, we also seek to respect recognised browser-based preference signals such as Global Privacy Control for certain forms of data sharing.

 

 

11. Your Data Protection Rights

Under UK data protection law, you have the following rights in relation to your personal data:

  • Access – to request a copy of the personal data we hold about you.
  • Rectification – to ask us to correct inaccurate or incomplete information.
  • Erasure (“Right to be Forgotten”) – to request deletion of your data where there is no longer a good reason for us to keep it.
  • Restriction – to ask us to limit how we use your data in certain circumstances.
  • Portability – to receive your data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller.
  • Objection – to object to certain types of processing, including direct marketing based on our legitimate interests.
  • Complaint – to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how we use your data.

ICO Contact: www.ico.org.uk | Tel 0303 123 1113 | Email casework@ico.org.uk

Requests can be made to enquiries@thetartanartisan.com and will normally be answered within one calendar month, subject to any lawful extensions or exemptions.

Depending on where you live, you may have additional rights under local laws (for example, certain rights to opt out of “sale” or “sharing” of personal information or specific types of targeted advertising). These rights can often be exercised through our on-site controls, your browser settings, or via the Shopify privacy portal where Shopify controls the data.

 

 

12. Data Security

We apply multi-layer security measures to protect your personal data, including HTTPS encryption for our website, PCI-DSS compliant payment processing via Shopify and its payment partners, two-factor authentication on key accounts, and restricted access to personal data on a need-to-know basis.

Offline records (for example, kilt measurements or paper records relating to orders) are stored in locked storage with limited access.

No system can be guaranteed 100% secure, but we take care to select reputable service providers and to review our security arrangements periodically.

 

 

13. Minors

Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us so we can investigate and take appropriate action.

 

 

14. Automated Decision Making & Profiling

We do not make decisions about you that are based solely on automated processing and that produce legal or similarly significant effects.

We may use basic profiling for analytics and advertising (for example, to understand which products are popular or to measure the effectiveness of campaigns), but this is typically aggregated and does not involve automated decisions with significant effects on you as an individual. You can manage your preferences through our cookie tools and marketing opt-outs.

 

 

15. Links to Other Websites

Our site may contain links to external websites or services that are not operated by us. We are not responsible for the privacy practices, content or security of those third-party sites.

We encourage you to review the privacy policies of any external sites you visit.

 

 

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal changes, operational updates or improvements to our services.

The latest version will always be dated at the top of this page. Where changes are material, we will take reasonable steps to notify you, for example by email or a prominent notice on the website.

 

 

17. Questions or Complaints

If you have any questions, concerns or complaints about this policy or how your data is handled, please contact:

Steven Patrick Sim
The Tartan Artisan®
Public Studio:
55 Lordburn, Arbroath, Angus, DD11 1JD, Scotland
(Open by appointment only)
📞 Telephone: 07590 566777
enquiries@thetartanartisan.com

If you are not satisfied with our response, you have the right to raise the matter with the Information Commissioner’s Office as set out above.

 

 

End of Policy

(This Privacy Policy supersedes all previous versions and applies to all activities of The Tartan Artisan®, including TARTAN250, Star-Spangled Banner / Tartan 250 projects and Tartan.LOVE domains.)