Privacy policy
PRIVACY POLICY
Last updated: 17th March 2026 • ICO Registration: ZC101075
1. Who We Are
Paxmora is a mental health clothing brand operated by Catherine Crossley, trading as Paxmora, based in England. We are the data controller for the personal information we collect through our website www.paxmora.co.uk and related communications.
Contact us:
Email: hello@paxmora.co.uk
Address: Crown House, 27 Old Gloucester Street, London, WC1N 3AX, England
ICO Registration Number: ZC101075
Website: www.paxmora.co.uk
2. What Information We Collect
We collect the following personal information when you interact with Paxmora:
When you place an order:
• Full name
• Delivery address and billing address
• Email address
• Phone number (if provided)
• Payment information (processed securely by Shopify Payments / Stripe — we do not store card details)
• Order history and purchase details
When you contact us:
• Name and email address
• The content of your message
When you sign up to our mailing list:
• Email address
• Name (if provided)
Automatically when you visit our website:
• IP address
• Browser type and version
• Pages visited and time spent on site
• Referring website
• Cookie data (see Section 8)
3. Why We Collect Your Information (Lawful Basis)
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
Contract performance: To process and fulfil your orders, send order confirmations, handle returns and refunds, and provide customer service.
Legitimate interests: To prevent fraud, maintain the security of our website, improve our products and services, and manage our business operations.
Consent: To send you marketing emails and newsletters. You may withdraw consent at any time by clicking 'unsubscribe' in any marketing email or by contacting us at hello@paxmora.co.uk.
Legal obligation: To comply with UK law, including tax and financial record-keeping obligations.
4. How We Use Your Information
We use your personal data to:
• Process and fulfil your orders
• Send order confirmation and dispatch notifications
• Provide customer service and respond to enquiries
• Send marketing emails and newsletters (with your consent only)
• Improve our website and products
• Comply with legal and financial obligations
• Prevent fraud and maintain security
We will never sell your personal data to third parties.
We will never share your personal data for third-party marketing purposes.
5. Who We Share Your Information With
We share your personal data only with trusted third parties who help us operate our business. All third parties are required to protect your data and only use it for specified purposes.
• Shopify Inc. — Our e-commerce platform provider. Processes order data and payments. Privacy Policy: shopify.com/legal/privacy
• Printful Inc. — Our print-on-demand and fulfilment partner. Receives your name and delivery address to print and dispatch your order. Privacy Policy: printful.com/policies/privacy
• Shopify Payments / Stripe — Payment processing. We do not store or have access to your full card details. Privacy Policy: stripe.com/gb/privacy
• Royal Mail / Courier Partners — Used by Printful to deliver your order. Receives your name and delivery address only.
• Email Marketing Platform, Mailchimp — Used to send newsletters and marketing emails to subscribers who have opted in.
• Google Analytics — Used to analyse website traffic anonymously. Data is anonymised and does not identify you personally. You can opt out at tools.google.com/dlpage/gaoptout.
We may also disclose your information where required by law or to protect our legal rights.
6. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose it was collected:
• Order records: 6 years from date of purchase (required by UK tax law / HMRC)
• Customer service correspondence: 2 years from last contact
• Marketing email subscribers: Until you unsubscribe, plus 1 year
• Website analytics data: 26 months (Google Analytics default)
• Fraud prevention records: Up to 5 years
When your data is no longer needed, we securely delete or anonymise it.
7. International Data Transfers
Some of our third-party service providers (including Shopify and Printful) are based outside the UK, including in the United States. Where we transfer data internationally, we ensure appropriate safeguards are in place, including:
• Standard Contractual Clauses approved by the UK Information Commissioner
• Adequacy decisions where applicable
• Transfers only to providers with UK or EU GDPR-equivalent protections
For more information on international transfers, contact us at hello@paxmora.co.uk.
8. Cookies
Our website uses cookies — small text files stored on your device — to help us provide a better experience.
• Essential cookies: Required for the website and shopping cart to function. Cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site (e.g. Google Analytics). You can opt out.
• Marketing cookies: Used to show relevant advertising. Only set with your consent.
You can manage cookies through your browser settings. Note that disabling some cookies may affect website functionality. Shopify's full cookie policy is available at: shopify.com/legal/cookies
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@paxmora.co.uk. We will respond within 30 days.
• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate or incomplete data.
• Right to erasure: Ask us to delete your personal data ('right to be forgotten'), subject to legal retention requirements.
• Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
• Right to data portability: Receive your data in a structured, commonly used format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting prior processing.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
10. Data Security
We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it:
• Our website uses HTTPS encryption (SSL certificate)
• Payment data is processed by PCI DSS-compliant providers (Shopify Payments / Stripe)
• We do not store full payment card details
• Access to customer data is restricted to authorised personnel only
• We regularly review our security practices
In the unlikely event of a data breach that poses a risk to your rights, we will notify you and the ICO as required by law.
11. Children’s Privacy
Our website and products are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data without parental consent, please contact us at hello@paxmora.co.uk and we will delete it promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will update the 'Last updated' date at the top of this page. For significant changes, we will notify customers by email where appropriate. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact:
Catherine Crossley — Founder, Paxmora
Email: hello@paxmora.co.uk
Address: Crown House, 27 Old Gloucester Street, London, WC1N 3AX
Website: www.paxmora.co.uk
We aim to respond to all data-related enquiries within 30 days.
Paxmora • ICO Registration: ZC101075 • hello@paxmora.co.uk • www.paxmora.co.uk