Website Privacy Terms

Highland Wood Ltd – Privacy Policy

Last updated: 20/10/2025

1. Who We Are

Highland Wood Ltd (“we”, “us”, “our”) is a family-run woodworking business based in the Highlands of Scotland. We design and manufacture handmade wooden planters and timber products. We are the data controller for all personal data collected through our website www.highlandwood.co.uk and any related services.

2. How We Collect Information

We collect personal data when you:

  • Place an order through our website or by email/phone
  • Create an account or sign up for updates
  • Contact us through our Contact Page
  • Interact with us on social media
  • Browse our website (cookies, analytics, and similar technologies)

3. What We Collect

We may collect:

  • Your name and contact details (email address, phone number)
  • Billing and delivery address
  • Order details and payment confirmation (processed securely by Revolut Pay)
  • Account login details (if you register)
  • Communications you send to us
  • Technical data such as IP address, browser type, and pages visited

We do not store or have access to your full payment card details.

4. How We Use Your Information

We use your information to:

  • Process and deliver your orders
  • Provide customer support and respond to queries
  • Manage your account and order history
  • Send order updates and service messages
  • Improve our website, products and services
  • Send marketing communications (if you’ve opted in)
  • Comply with tax, legal, and accounting obligations

5. Legal Bases for Processing

Under the UK GDPR, we rely on the following lawful bases:

  • Contract: to fulfil your order and provide customer service
  • Legal obligation: to keep business and tax records
  • Consent: for marketing emails and optional cookies
  • Legitimate interests: to improve our website, protect against fraud, and grow our business

6. Sharing Your Information

We only share information where necessary:

  • Revolut Pay for secure payment processing
  • BigCommerce for website hosting and order management
  • Couriers such as Parcelforce, DX or others to deliver orders
  • Email and hosting providers for secure communication
  • Analytics and marketing tools (Google Analytics, Meta/Facebook Pixel) to measure performance

All partners act under contract, process your data securely, and use it only for the intended purpose. We never sell or rent your data to any third party.

7. Marketing and Communication Preferences

You can opt in to receive occasional updates about new products or special offers. You may unsubscribe at any time by clicking “Unsubscribe” in our emails or contacting us via our Contact Page.

8. Cookies and Analytics

We use cookies to:

  • Make the website work properly (essential cookies)
  • Improve site performance and user experience (analytics cookies)
  • Measure advertising results (marketing cookies)

You can manage your cookie preferences through our cookie banner or browser settings. See our separate Cookie Policy (coming soon) for full details.

9. Data Storage and Security

Your personal data is stored securely on BigCommerce servers and protected by encryption and access controls. BigCommerce may process data outside the UK or EEA; in such cases, they use Standard Contractual Clauses and other safeguards to ensure compliance with the UK GDPR. We take appropriate technical and organisational measures to keep your data secure.

10. How Long We Keep Your Data

We retain your personal data only as long as necessary:

  • Orders and invoices – up to 6 years (for legal/tax purposes)
  • Marketing data – until you withdraw consent
  • Analytics data – up to 26 months

After that, it is securely deleted or anonymised.

11. Your Rights

You have the right to:

  • Access a copy of your personal data
  • Correct inaccurate or incomplete information
  • Request deletion (“right to be forgotten”)
  • Restrict or object to certain processing
  • Request data portability
  • Withdraw consent at any time (for marketing or cookies)

To exercise any of these rights, contact us via our Contact Page. We may need to verify your identity before processing the request.

12. Children’s Privacy

Our website is not intended for children under 16. We do not knowingly collect data from children.

13. International Data Transfers

BigCommerce and some of our service providers may transfer data outside the UK or EEA. When this occurs, we ensure appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) are in place to protect your information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page, with the “last updated” date shown above.

15. Contact Us

If you have questions about this policy or how we handle your personal data, please get in touch via our Contact Page.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk