1. Who We Are
HelloRowanCraft (“we”, “our”, “us”) is a small handmade shop operated by Rowan (based in Hong Kong) together with Mia (based in Bend, Oregon, USA).
For the purposes of EU and UK data protection laws, Rowan is the data controller of your personal data when you interact with this Etsy shop.
Contact email: rowan051485@gmail.com
2. Where This Policy Applies
This Privacy Policy explains how we collect, use, store, and share your personal data when you:
- Visit or purchase from our Etsy shop “HelloRowanCraft”
- Contact us via Etsy Messages or email
This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and similar data protection laws where applicable.
3. Personal Data We Collect
We only collect personal data that is necessary to run our shop and fulfill your orders. This includes:
a) Information you provide to Etsy that is shared with us:
- Your name
- Postal/shipping address
- Email address (if provided by Etsy or by you)
- Order details (items purchased, personalization details, chosen options)
- Any other information you include in your messages or order notes
b) Information you provide directly to us:
- Additional personalization details or photos you voluntarily send us
- Additional contact details you choose to share (for example, a different shipping name or address)
c) Automatically collected information:
We do not directly run tracking scripts or independent analytics outside of Etsy. However, Etsy may collect technical and usage data (such as device information, cookies, IP addresses, and browsing behavior) in accordance with Etsy’s own Privacy Policy. We do not control this data collection.
4. How We Use Your Personal Data (Purposes)
We process your personal data for the following purposes:
- To process and fulfill your orders (producing items, packaging, shipping, and handling returns or exchanges)
- To communicate with you about your order, personalization details, or any questions you may have
- To provide customer support and handle complaints or disputes
- To keep basic business and tax records as required by law
- To improve our products and services (for example, using non-identifying summaries of orders and feedback)
- With your consent, to send occasional information or updates you have asked for
We do not sell your personal data to third parties.
5. Legal Bases for Processing (EU/UK Customers)
Under GDPR, we rely on the following legal bases to process your personal data:
- Contract: We need your personal data to fulfill the contract between us, for example when you place an order and we ship your items.
- Legal Obligation: We may need to retain certain data for tax, accounting, or other legal requirements.
- Legitimate Interests: We may process your data to improve our services, protect our rights, and prevent fraud, provided these interests are not overridden by your rights.
- Consent: In some cases (for example, if you ask us to contact you outside Etsy or sign up for optional updates), we rely on your consent. You can withdraw your consent at any time by contacting us.
6. How We Share Your Personal Data
We share your data only when necessary and only with trusted parties, for the purposes described above:
- Etsy: Our shop operates on the Etsy platform. Etsy processes your data as an independent controller according to Etsy’s own Privacy Policy and Terms of Use.
- Shipping and courier companies: We share your name, address, and sometimes phone or email with postal or courier services so they can deliver your order.
- Payment processors: Payments are processed by Etsy or its payment partners; we do not receive your full payment card details.
- Professional service providers: In rare cases, we may share necessary information with accountants, tax advisors, or legal professionals to comply with laws or protect our rights.
- Legal authorities: We may disclose information when required by law, court order, or to respond to lawful requests from authorities.
We do not allow these parties to use your data for their own marketing purposes unrelated to your order.
7. International Data Transfers
Because our shop is run from Hong Kong and the USA, and Etsy operates internationally, your data may be transferred and stored outside your home country, including in locations that may have different data protection standards.
We only use your data in line with this Privacy Policy and will take reasonable steps to protect it. By placing an order or contacting us, you understand that your data will be processed in these countries as necessary to fulfill your order and operate the shop.
8. Data Retention (How Long We Keep Your Data)
We keep your personal data only as long as necessary for the purposes described in this policy, including:
- Orders and business records: Typically retained for up to 6–7 years to meet accounting and tax requirements.
- Messages and communications: Typically retained for up to 3 years after the last contact, unless a longer period is required for legal reasons (for example, to handle disputes).
- Records kept based on consent: Retained until you withdraw your consent or request deletion, unless we are required by law to keep it longer.
When data is no longer needed, we will delete or anonymize it in a secure manner.
9. Your Rights (EU/UK Residents)
If you are located in the EU, EEA, or UK, you have certain rights under data protection laws. Subject to legal limitations, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate or incomplete data.
- Erasure (“Right to be forgotten”): Ask us to delete your personal data when there is no longer a valid reason for us to keep it.
- Restriction: Ask us to limit how we process your data.
- Objection: Object to certain types of processing, including processing based on legitimate interests or for direct marketing.
- Data Portability: Receive a copy of the data you provided to us in a structured, commonly used, machine-readable format and request that we transfer it to another controller where technically feasible.
To exercise any of these rights, please contact us at:
Email: rowan051485@gmail.com
For your security, we may need to verify your identity before responding.
You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated. We would appreciate the chance to address your concerns first, so please consider contacting us before escalating.
10. Children’s Privacy
Our shop is not directed at children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us without appropriate consent, please contact us at rowan051485@gmail.com and we will delete the information as soon as reasonably possible.
11. Cookies and Tracking Technologies
We do not directly set cookies on your device through any separate website for this shop. However, Etsy uses cookies and similar technologies to run its platform, for security, and for analytics and personalization. These cookies are controlled by Etsy, and you can learn more or manage your preferences in Etsy’s own Cookie Policy and Privacy Policy.
12. Security Measures
We take reasonable technical and organizational measures to protect your data from unauthorized access, loss, misuse, or alteration. However, no method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.
13. Automated Decision-Making
We do not use your personal data to make decisions that have legal or similarly significant effects based solely on automated processing.
14. Changes to This Privacy Policy
We may occasionally update this Privacy Policy to reflect changes in our practices, services, or legal requirements. When we update it, the revised version will be available in our shop. Your continued use of the shop after any change indicates that you accept the updated policy.
If you have any questions about this Privacy Policy or how we handle your personal data, you can always contact us at:
Email: rowan051485@gmail.com