Privacy Policy

Privacy Policy

Privacy Policy for Vulcan Forgeworks

Introduction
Vulcan Forgeworks (“we”, “us”, or “our”) operates https://www.vulcanforgeworks.com (“the Site”), which showcases and sells handcrafted jewellery, blacksmith made items, fossils and fossil-inspired art and crafted pieces. As a business handling personal information—including details submitted through order forms, newsletter sign-ups, and contact forms—we are committed to maintaining transparency, safeguarding your privacy, and complying with all applicable data protection requirements under the UK GDPR and associated regulations. This Privacy Policy explains how we collect, use, store, and share your information, describes your rights, and outlines both our own practices and the role of any third-party services we utilise.

1. Who We Are & Our Contact Information

Business Name: Vulcan Forgeworks
Primary Website: https://www.vulcanforgeworks.com
Email Contact: j@vulcanforgeworks.com

If you have any questions regarding your personal data or this Policy, please contact us via the email above.

2. What Information We Collect
We collect different types of personal information depending on your interactions with our website:
a) Information You Provide Directly

Order Placement: name, shipping/billing address, email, telephone, order details, and any messages you include. Payment details are processed by our third-party payment processors and are not stored on our servers.
Newsletter Sign-Up: email address, and optionally your name or preferences.
Contact Forms: name, email address, and any information you include in your enquiry or message.

b) Data Collected Automatically

Website Usage Data: IP address, browser type, device type, referring URLs, time spent on pages, pages visited, interactions (such as clicks).
Cookies, Pixels, and Similar Technologies: For analytics, performance measurement, fraud prevention, and preference storage (see Section 8).
Order Tracking & Analytics: May include pseudonymous identifiers, purchase behaviour, region estimates, and technical data.

c) Third-Party Sources
If you contact us or purchase via an integrated marketplace (e.g., Etsy) or make use of our social media shop links or email marketing providers, those third parties may disclose relevant personal information to us according to their own privacy policies.

3. How We Use Your Information
We process your data for several purposes, always with lawful grounds (contract, consent, legitimate interest, or where required by law):

To fulfil orders and deliver products or services requested by you
To communicate order status, updates, or service news
To respond to your queries via the contact form or support email
To provide and improve customer service
To send newsletters or marketing communications if you opt in
To personalise or optimise website functions and content
For fraud prevention, dispute resolution, and regulatory compliance
To maintain business accounting and meet legal obligations (e.g. tax)
To monitor usage and secure the Site against abuse
For internal analysis, market research, and product development

We strive to minimise data collection—only asking for information essential to deliver our services or for compliance. We do not sell, lease, or trade your personal information.

4. Legal Grounds for Data Processing
Our primary legal bases under UK GDPR are:

Contract: To supply you goods or services you purchased from us
Consent: For activities such as sending newsletters, marketing communications, or using advertising cookies, always on an opt-in basis
Legitimate Interests: For website security, improvement, analytics, fraud prevention, and some first-party data use
Legal Obligation: Where required for tax, accounting, regulatory investigations, or dispute resolution.

If we rely on your consent for any processing, you have the right to withdraw it at any time (see Section 10).

5. How We Share and Disclose Information
We may share your data under the following circumstances:
a) With Trusted Third-Party Service Providers

Payment Processors: e.g., Stripe, PayPal—handle payments securely; we do not store your full card details on our servers
Ecommerce Platform Providers: We may use Ecwid to operate our online store, analytics, and order fulfilment systems
Shipping Partners: Necessary data to arrange shipment, such as name and address
Email Delivery or Marketing Providers: e.g., newsletter platforms such as Mailchimp or similar (only if you subscribe with consent)
Hosting & Analytics: Web host, performance monitoring, and third-party analytics (e.g., Google Analytics)
Technical Support Providers: For website maintenance or security

These partners are contractually established to only process your data as instructed by us, consistent with this policy.
b) Where Required by Law

With government authorities, regulators, or law enforcement, where compelled to comply with legal obligations or to defend against legal claims

c) With Your Explicit Consent

For any data sharing beyond the above, we will request and document your explicit consent

We never sell or lease your personal information to third parties for marketing.

6. International Data Transfers
Some of our third-party service providers may process your data outside the UK or the European Economic Area (EEA). Whenever personal data is transferred internationally, we ensure that appropriate safeguards (such as adequacy decisions, standard contractual clauses, or other applicable data protection measures) are in place to protect your rights in accordance with UK GDPR.

7. Data Storage, Retention, and Security
a) Storage
Your data is stored securely on servers provided by our hosting company and our ecommerce platform provider (e.g., Ecwid, hosting providers), subject to stringent physical and technical security measures. Any payment information entered at checkout is transmitted directly to the respective payment provider over encrypted (SSL/TLS) connections.
b) Retention
We only retain personal data for as long as is necessary to fulfil the purpose for which it was collected or as required by applicable law (such as for order records, accounting, or tax requirements). General retention periods are as follows:

Order and transaction data	Up to 6 years (UK statutory tax/accounting retention)
Customer communications	Up to 2 years or until resolved
Newsletter data	Until you withdraw consent or unsubscribe
Newsletter data	Until you withdraw consent or unsubscribe
Analytics/cookie data	As specified in our Cookie Policy (varies; see below.

After expiry, data is deleted or anonymised in accordance with best practices for secure disposal.
c) Security Measures
We adopt industry-standard technical and organisational security controls:

Encrypted transfer (HTTPS/SSL) and secure storage of personal data
Strict access controls to sensitive systems
Password protection and multi-factor authentication where supported
Regular software updates and vulnerability patching
Data minimisation and pseudonymisation/anonymisation where practical
Secure deletion or anonymisation at the end of retention
Administrator and staff training on data security principles

8. Cookies and Tracking Technologies
a) What are Cookies?
Cookies are small data files stored on your browser or device when you visit our site. They serve functions necessary to operate our site, enhance your experience, analyse how you use our services, and (with your consent) provide targeted advertising and social media functionality.
b) What Types of Cookies and Trackers We Use

Essential cookies: Strictly necessary to provide our online services (e.g., preserve shopping cart contents)
Performance/Analytics cookies: To track site usage and improve website performance (e.g., Google Analytics), only placed with your consent
Functionality cookies: Remember settings or preferences
Third-party cookies: Set by external providers (such as analytics, payment, or advertising platforms) when you interact with their features

The full list is provided in our separate Cookie Policy, including the purposes, providers, and respective retention periods.
c) Your Choices
Upon your first visit, you will be presented with a cookie banner explaining our cookie usage and requesting your consent for non-essential cookies. You may:

Accept all, reject non-necessary cookies, or set granular preferences
Withdraw or modify your consent at any time via the cookie settings link on our site
Adjust your browser settings to block or erase cookies, although this may affect certain features

d) Cookie Consent Mechanism
We comply with the UK’s Privacy and Electronic Communications Regulations (PECR) and UK GDPR regarding cookie consent: non-essential cookies are only set if you have actively given your consent. You can always access or update your cookie preferences.
e) Third-Party Cookies
We may use third-party analytics tools (such as Google Analytics) or integrate with widgets from payment or social media providers. These parties have their own privacy and cookie policies, and their cookies are governed accordingly.
Please see our separate Cookie Policy for a complete description.

9. Third-Party Services and Integrations
a) Payment Processing
We use reputable third-party processors (e.g., Stripe, PayPal) to process all card payments securely. Your payments are encrypted and processed through their systems; we do not directly store or handle your full card details. These providers are fully PCI DSS compliant, employing industry-leading security measures. You can review Stripe’s Privacy Policy and PayPal’s Privacy Statement for more information.
b) E-Commerce Platform
Our ecommerce store is operated using Ecwid, which is GDPR compliant and committed to safeguarding your data. See Ecwid's Privacy Policy.
c) Hosting and Analytics
Our web hosting provider employs modern encryption, access controls, and firewall mechanisms. For website analytics, we only utilise tools that comply with PECR and GDPR, and we configure them to anonymise data where possible. Analytics cookies are only active if you opt in.
d) Email Marketing & Newsletters
If you sign up for our newsletter, your information is processed and stored by a trusted email service provider and used only for our communications. Unsubscribing (via the provided link in every message) will immediately remove you from future communications.
e) Social Media, Marketplaces, and Embedded Content
If you reach us, interact, or purchase via third-party marketplaces (Etsy, Whatnot) or social platforms (TikTok, Facebook, etc.), those platforms process your data according to their privacy notices. Our own privacy policy governs your interactions only with our website.

10. Your Rights Under UK GDPR
You have rights regarding your personal information under the UK GDPR, including:

10. Your Rights Under UK GDPR
You have rights regarding your personal information under the UK GDPR, including:

Right to be informed	About how your data is collected, used, and retained (as per this Privacy Policy)
Right of access	To request a copy of your personal data we hold
Right to rectification	To request correction of inaccurate or incomplete personal information
Right to erasure (“to be forgotten”)	To request deletion of personal data where it is no longer needed, except where retention is required by law (e.g., for tax records).
Right to restrict processing	To ask us to restrict processing if you contest its accuracy or lawfulness
Right to data portability	To request a copy of your personal data in a structured, commonly used format
Right to object	To object to direct marketing or processing based on legitimate interests.
Rights regarding automated decision making and profilin	To object if we use your data in automated decisions; we do not use profiling or automated decision making for legal or significant effect

To exercise any of these rights, email us at j@vulcanforgeworks.com with your request. We will respond within one month of your request and may require verification of your identity before disclosing information.
If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

ICO Helpline: 0303 123 1113
Online: https://ico.org.uk/
Postal address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11. Marketing & Newsletter Policy
You will only receive marketing or newsletter communications if you have explicitly subscribed or given opt-in consent at checkout. Every marketing email includes a clearly marked option to unsubscribe, and we will promptly honour all such requests.
We keep an up-to-date record of your consent and engagement, and you can opt-out at any time by clicking “unsubscribe” in the email, or by contacting us directly.

12. Order Processing, Payment Data, and Security
a) What Order Data is Necessary
To process your order, we require only the minimum information—name, contact details, and delivery address. Payment information is processed by a third party, not stored by us.
b) Payment Card Privacy
All card payments are handled through Stripe or PayPal. We do not see, store, or have access to your full payment card details, and all transfers are undertaken using strong encryption and secure payment gateways compliant with PCI DSS standards.
c) Refunds and Disputes
If you request a refund or contest a purchase, we will use the transaction and contact data for verification and to resolve the matter. Records of such interactions are stored for as long as required by consumer law or accounting rules.

13. Newsletter Subscription Data Handling and Consent

Newsletter sign-up is always opt-in, never pre-checked
Only your email address (and optionally your name, for personalisation) is required
We keep records of your explicit consent and will not send marketing unless you have signed up
Every email includes an unsubscribe link; requests are processed promptly and automatically remove you from future deliveries
For more, see our Newsletter Privacy Statement.

14. Contact Form Information Handling
When you submit an enquiry via our Contact Form:

We collect only your name, email address, and message
This information is used exclusively for responding to your request
We will not use your contact information for any other purpose (including marketing) unless you separately provide consent.
Contact form submissions are deleted once your request has been resolved, unless retention is required by law

15. Automated Decision-Making and Profiling
We do not make decisions with significant legal or similar effects using fully automated means. No profiling is conducted for marketing or purchasing purposes that would affect your rights or interests.

16. Children’s Privacy
Our Site is not intended for use by children under 16. We do not knowingly collect or process personal data relating to individuals under 16 without verified parental consent. If we become aware of such data, it will be promptly deleted.

17. Data Breach Notification
In the unlikely event of a significant data breach affecting your personal information, we will notify you and the appropriate authorities (ICO), as required by the UK GDPR, without undue delay. We will provide clear information on both the breach and any remedial measures you should take.

18. Changes to This Policy
We may review and update this Privacy Policy to reflect changes in our practices, legal requirements, or as our website and services evolve. Material changes will be announced on the Site with an updated “Last Updated” date at the start of this document. Your continued use of our services after changes indicates your agreement to the revised Policy.

19. How to Make a Complaint
If you have concerns about how we use your personal information, please contact us first so we can seek to address the issue—email j@vulcanforgeworks.com. You are also entitled to lodge any unresolved complaint with the Information Commissioner’s Office (see Section 10).

20. Policy Summary Table

Data collection points	Orders, contact forms, newsletter, cookies/analytics
Types of personal data collected	Name, address, email, order contents, browsing data
Data use purposes	Fulfilment, communication, improvement, legal complianc
Third-party processors	Payments (Stripe, PayPal), Ecwid store software, analytics tools
Retention periods	6 years (orders), up to 2 years (contact), until consent revoked (newsletter); analytics per policy
Security	Encryption (HTTPS), secure storage, access controls
Legal grounds	Contract, consent, legitimate interest, legal obligation
User rights	Access, rectification, erasure, restriction, objection, portabilit
Policy change notification	Website update, “Last Updated” mark
Complaint process	Contact us, then ICO if unresolved

21. Appendix: Further Details and Resource Links
a) Sample Consent Clauses

Newsletter subscription tick-boxes are never pre-checked.
Consent is logged, time stamped, and independently revocable
Website visitors can manage their consent for cookies at any time.

b) Payment Security
All payment interactions with Stripe and PayPal use PCI DSS-compliant protocols—your card information is never stored on our servers.
c) Data Retention Reference
We rely on established business, tax, and regulatory best practice for data retention, with specific timeframes justified by contract, consent, and legal requirements. See ICO guidelines.

22. Useful External Policies

Thank you for trusting Vulcan Forgeworks. Your privacy matters to us and we are committed to protecting your data. If you have any questions, please don’t hesitate to contact us via: j@vulcanforgeworks.com.

This Privacy Policy was last updated on 5 November 2025.

Skype

Phone