Privacy policy

PAW BY FOUR: PRIVACY POLICY

Last updated: April 2, 2026

PAW BY FOUR operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the “Services”). PAW BY FOUR is powered by Shopify, which enables us to provide the Services to you. Our products and services are also available via Etsy and Payhip; purchases made through those platforms are additionally governed by their respective privacy policies.

This Privacy Policy describes how we collect, use and disclose your personal information when you visit, use or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy takes precedence with respect to the collection, processing and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use and disclosure of your information as described in this Privacy Policy.

Our Legal Status and ICO Registration

PAW BY FOUR acts as the data controller in respect of your personal information. For the purposes of applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are responsible for deciding how and why your personal data is processed.

We are registered with the Information Commissioner’s Office (ICO), the UK’s independent data protection authority.

Our ICO Registration Number is ZC144821

If you have any concerns about how we handle your data, you can contact the ICO at www.ico.org.uk or by calling 0303 123 1113.

Personal Information We Collect or Process

When we use the term “personal information,” we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot identify you or be reasonably linked to you.

We may collect or process the following categories of personal information, depending on how you interact with the Services, where you live and as permitted or required by applicable law:

  • Contact details including your name, address, billing address, shipping address, phone number and email address.

  • Financial information including payment card information, transaction details, form of payment and payment confirmation. Note: we do not store full card numbers; payment processing is handled securely by Shopify’s, Etsy’s, Payhip’s payment infrastructure.

  • Account information including your username, password, security questions, preferences and settings.

  • Transaction information including the items you view, put in your cart, or purchase  and your past transactions.

  • Communications with us including information you include when sending a customer support enquiry.

  • Device information including information about your device, browser or network connection, your IP address and other unique identifiers.

  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

  • Cookie and tracking data: information collected automatically via cookies and similar technologies when you visit our website. See our Cookie Policy section below for full details.

Our Lawful Basis for Processing Your Data

Under the UK GDPR, we are required to identify a lawful basis for each type of personal data processing we carry out. Our lawful bases are as follows:

  • Contract: We process your contact details, financial information and transaction information where this is necessary to fulfil a contract with you; for example, to process and deliver your order or to provide access to a digital product you have purchased.

  • Legal obligation: We process and retain certain financial and transaction records to comply with our legal obligations including but not limited to, HMRC tax and accounting requirements.

  • Legitimate interests: We process certain data including, usage information, device information and communications with us where we have a legitimate business interest in doing so, such as improving our services, preventing fraud and maintaining the security of our website. We have assessed that these interests are not overridden by your rights and freedoms.

  • Consent: Where we rely on your consent for example, to send you marketing emails or to place non-essential cookies, we will obtain this consent clearly and separately, and you may withdraw it at any time.

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including, when you create an account, visit or use the Services, communicate with us or otherwise provide us with your personal information.

  • Automatically through the Services including, from your device when you use our products or services or visit our website and through the use of cookies and similar technologies.

  • From our service providers including, when we engage them to enable certain technology and when they collect or process your personal information on our behalf.

  • From our partners or other third parties.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

  • Provide, Tailor and Improve the Services - To process your payments, fulfil your orders, arrange shipping, facilitate returns and exchanges, send account notifications and create a personalised shopping experience.

  • Digital Product Delivery - To deliver digital products to you via email or download link, following purchase including, downloadable guides. 

  • Marketing and Advertising - To send marketing, advertising and promotional communications by email, where you have provided consent to receive these. You may opt out at any time using the unsubscribe link in any email we send. 

  • Security and Fraud Prevention - To authenticate your account, provide a secure payment experience and detect or prevent fraudulent or malicious activity. 

  • Communicating with You - To provide customer support and to respond to your enquiries. 

  • Legal Reasons - To comply with applicable law, respond to valid legal process and to enforce our terms and policies.

Cookies and Tracking Technologies 

Our website uses cookies and similar tracking technologies to operate effectively and to improve your experience. Cookies are small data files placed on your device when you visit our website.

Essential Cookies

These cookies are necessary for the website to function and cannot be switched off. They include cookies set by Shopify to enable your shopping cart, checkout process and session management.

Analytics Cookies

Analytical cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. These cookies allow us to measure and improve the performance of our site, for example, by tracking which pages are visited most frequently, how long visitors spend on each page and whether users encounter any error messages. 

The data collected is aggregated and cannot be used to identify you personally. We only place analytical cookies on your device with your consent, which you may withdraw at any time by adjusting your cookie preferences. You can also opt out at any time by visiting our Cookie Settings page. 

We will collect analytical data from analytical data platforms, currently we use Google Analytics.

Marketing and Advertising Cookies

We use marketing and advertising cookies to deliver personalised advertisements and promotional content that may be relevant to you, both on our website and across third-party platforms. 

These cookies track your browsing activity, interactions with our content and purchasing behaviour to help us and our advertising partners build a profile of your interests. They may also be used to limit how frequently you see an advertisement and to measure the effectiveness of our marketing campaigns. 

These cookies will only be placed on your device with your explicit consent, which you may withdraw at any time by adjusting your cookie preferences through our Cookie Settings link. Please note that disabling certain cookies may affect the functionality of the website.

Withdrawing consent will not affect the lawfulness of any processing carried out prior to your withdrawal. Please note that if you decline these cookies, you may still see advertising, but it will be less tailored to your interests. 

From time to time, we use META (Facebook/Instagram) or Pinterest, TikTok and X (formerly Twitter. For more information on how these platforms handle your data, please refer to the relevant platform’s Privacy Policy. 

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf, including IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping.

  • With business and marketing partners to provide marketing services. Our business and marketing partners will use your information in accordance with their own privacy notices.

  • With Etsy and Payhip, where purchases are made through those platforms, in accordance with their own privacy policies.

  • When you direct, request or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media integrations.

  • In connection with a business transaction such as a merger, to comply with applicable legal obligations, to enforce our terms of service or policies and to protect or defend our rights or the rights of our users.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify, as well as third parties that may be located in countries other than where you reside.

To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy at www.shopify.com/legal/privacy. You may also exercise rights in relation to data processed by Shopify via the Shopify Privacy Portal at privacy.shopify.com.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness or reliability of information found on these sites. 

Our inclusion of such links does not imply any endorsement of the content on such platforms or of their owners or operators.

Children’s Data

The Services are not intended to be used by children under the age of 18 and we do not knowingly collect any personal information from anyone under 18 years of age. 

If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

Security and Retention of Your Information

We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss or misuse. However, no security measures are perfect or impenetrable and we cannot guarantee absolute security. 

We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

Retention Periods 

We retain your personal information for as long as is necessary to fulfil the purposes for which it was collected, in accordance with the following general principles:

  • Customer order and transaction records: retained for a minimum of 7 years to comply with HMRC accounting and tax obligations.

  • Account information: retained for as long as your account is active, plus a reasonable period thereafter to resolve any disputes or enquiries in accordance with any statutory limits applicable to disputes or enquiries.

  • Marketing data and email preferences: retained until you withdraw consent or unsubscribe, after which your details will be suppressed from marketing communications.

  • Customer support communications: retained for up to 3 years following resolution of an enquiry.

  • Cookie and usage data: retained in accordance with the retention periods of the specific tools used; see our Cookie Policy section above.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute, may apply only in certain circumstances and in certain cases we may decline your request as permitted by law.

  • Right to Access / Know. You may have a right to request access to personal information that we hold about you.

  • Right to Delete. You may have a right to request that we delete personal information we maintain about you.

  • Right to Correct. In certain circumstances and with certain exceptions, you may have a right to request that we correct inaccurate personal information we maintain about you.

  • Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party.

  • Managing Communication Preferences. You may opt out of receiving marketing emails at any time by using the unsubscribe option in our emails. If you opt out, we may still send you non-promotional emails, such as those about your account or orders.

If you reside in the UK or European Economic Area, you may also exercise the following rights:

  • Objection to Processing and Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information for certain purposes.

  • Withdrawal of Consent: Where we rely on consent to process your personal information, you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before withdrawal.

You may exercise any of these rights by contacting us using the contact details provided below. We will respond to your request in a timely manner as required under applicable law. We may need to verify your identity before we can process your request.

You will not be discriminated against for exercising any of these rights.

Complaints

If you have complaints about how we process your personal information, please contact us in the first instance using the contact details provided below. We will endeavour to resolve your complaint promptly.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection matters:

  • Website: www.ico.org.uk

  • Telephone: 0303 123 1113

  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are located in the European Economic Area, you may also lodge a complaint with your local data protection supervisory authority.

International Transfers

Please note that we may transfer, store and process your personal information outside the country in which you live. Where we transfer your personal information outside the UK or European Economic Area, we will rely on recognised transfer mechanisms such as the European Commission’s Standard Contractual Clauses or any equivalent contracts issued by the relevant competent authority of the UK, unless the transfer is to a country that has been determined to provide an adequate level of protection.

Data (Use and Access) Act 2025

This Privacy Policy has been reviewed and updated to reflect the requirements of the Data (Use and Access) Act 2025, which came into force on 5 February 2026 and introduced amendments to the UK GDPR and Data Protection Act 2018. We will continue to monitor regulatory guidance from the ICO and update this policy as required.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal or regulatory reasons. We will post the revised Privacy Policy on this website and update the “Last updated” date. Where changes are material, we will endeavour to notify you in advance, for example by email or by a notice on our website.

Contact

Should you have any questions about our privacy practices or this Privacy Policy or if you would like to exercise any of the rights available to you, please contact us:

  • Email: privacy@pawbyfour.com

  • Post: 25 Darling Street, Enniskillen BT74 7DP, United Kingdom

For the purpose of applicable data protection laws, PAW BY FOUR is the data controller of your personal information.