Cart
0
Privacy policy
Privacy Policy
Grayson & Co. — Privacy Policy Last Updated: May 2026
1. Who We Are
Grayson & Co. is the trading name of MarketRight, a company registered in the Netherlands.
Trading name: Grayson & Co. Legal business name: MarketRight Company number (KVK): 94835780 Registered address: Oranjeboomstraat 254A, 3071BM Rotterdam, The Netherlands Website: https://graysonandco.co.uk Email: support@graysonandco.co.uk Phone: +31 643699876 Support hours: Monday–Friday 09:00–17:00 | Saturday 09:00–18:00 | Sunday Closed
MarketRight is the data controller responsible for your personal data collected through graysonandco.co.uk. This means we determine how and why your personal data is collected and processed.
2. What This Policy Covers
This Privacy Policy explains:
- What personal data we collect about you
- Why we collect it and the legal basis for processing
- How we use it and who we share it with
- How long we keep it
- Your rights regarding your personal data
- How to contact us or complain
This policy applies to all personal data collected through our website, by email, by phone, or through any other interaction with Grayson & Co.
3. Legal Framework
As a Netherlands-based business selling primarily to customers in the United Kingdom, we comply with:
- UK GDPR — for customers based in the United Kingdom
- EU GDPR (Regulation (EU) 2016/679) — for customers in the EU/EEA
- Dutch UAVG (Uitvoeringswet Algemene Verordening Gegevensbescherming)
Where UK and EU GDPR requirements differ, we apply the higher standard of protection.
4. What Personal Data We Collect
Identity Data
- First and last name
Contact Data
- Billing and delivery address
- Email address
- Phone number
Transaction Data
- Products purchased
- Order history and order value
- Payment method type (we do not store full card details — see Section 9)
Technical Data
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and time on site
- Referring website
- Cookie identifiers
Marketing & Communications Data
- Email marketing preferences
- Newsletter subscription status
- Communication history with our support team
5. How We Collect Your Personal Data
Direct interactions — when you:
- Place an order on our website
- Create a customer account
- Subscribe to our newsletter or email list
- Contact us by email or phone
- Complete a contact or enquiry form
Automated technologies — when you browse our website, we automatically collect Technical Data through cookies, server logs, and similar technologies. See Section 11 for full details.
Third parties — we may receive data from:
- Payment processors when confirming transaction status
- Shipping carriers when confirming delivery
- Analytics providers (Google Analytics)
- Advertising platforms if you interact with our ads
6. Legal Bases for Processing
We only process your personal data where we have a valid legal basis under UK GDPR / EU GDPR Article 6:
| Legal Basis | When We Rely on It |
|---|---|
| Contract (Art. 6(1)(b)) | Processing orders, arranging delivery, handling returns and refunds |
| Legal obligation (Art. 6(1)(c)) | Retaining financial records for tax purposes |
| Legitimate interests (Art. 6(1)(f)) | Fraud prevention, site security, improving our services |
| Consent (Art. 6(1)(a)) | Sending marketing emails, setting non-essential cookies |
You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of any processing carried out before withdrawal.
7. How We Use Your Personal Data
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your order | Contract |
| Sending order confirmation and shipping updates | Contract |
| Processing payments securely | Contract |
| Managing returns and refunds | Contract |
| Responding to enquiries and support requests | Contract / Legitimate interests |
| Sending newsletters and marketing emails | Consent |
| Fraud prevention and site security | Legitimate interests |
| Improving our website and product offering | Legitimate interests |
| Retaining financial records for tax compliance | Legal obligation |
We will never sell your personal data to third parties for their own commercial purposes.
8. Who We Share Your Data With
Shopify Inc. (Platform provider) Our website is built and hosted on Shopify's platform. Shopify processes data on our behalf as a data processor under a GDPR-compliant Data Processing Agreement. Shopify is certified under the EU-US Data Privacy Framework. Privacy policy: shopify.com/legal/privacy
Payment processors Payments on graysonandco.co.uk are processed securely through Shopify's payment infrastructure, which supports the following methods: Visa, Mastercard, American Express, Discover, Maestro, JCB, Diners Club, and iDEAL.
For iDEAL payments, your transaction is processed via Mollie B.V. or an equivalent Dutch payment gateway. These processors receive only the data necessary to complete your payment and are PCI-DSS compliant.
We never store full card numbers or CVV codes on our own servers.
Shipping and logistics providers We share your name, delivery address, and order reference with our shipping carriers to fulfil your order and provide tracking. Carriers may include Royal Mail, DPD, Evri, PostNL, or DHL depending on your delivery location.
Analytics providers We use Google Analytics to understand how visitors use our website. Data is anonymised where possible. Google's privacy policy: policies.google.com/privacy
Legal and regulatory authorities We may disclose personal data to law enforcement or regulatory bodies where required by applicable law or to protect our legal rights.
All third-party processors are contractually required to handle your data lawfully, securely, and only for the purposes we specify.
9. Payment Data and Security
All payment transactions on graysonandco.co.uk are processed through Shopify's secure payment infrastructure. We do not store, process, or transmit full credit card numbers, debit card numbers, CVV codes, or bank account details on our own servers.
All transactions are:
- SSL/TLS encrypted end to end
- PCI-DSS compliant through Shopify's certified payment systems
- Processed by certified payment service providers only
iDEAL payments are processed through a Dutch-licensed payment service provider. iDEAL transactions involve direct bank authorisation and are subject to your bank's own privacy policy.
10. International Data Transfers
As a Netherlands-based business serving UK customers, your data moves between the UK and the EEA.
UK to EEA transfers The UK has granted adequacy decisions recognising the Netherlands and the broader EEA as providing an equivalent level of data protection. Transfers of UK customer data to our Netherlands-based systems are therefore lawful under UK GDPR adequacy provisions.
Transfers outside UK and EEA Some of our third-party service providers (including Shopify and Google) may process data in the United States or other countries. Where this occurs, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) or reliance on the EU-US and UK-US Data Privacy Framework where applicable.
11. Cookies
We use cookies and similar tracking technologies on our website.
Essential cookies (no consent required) Necessary for the website to function — maintaining your shopping cart, remembering your session, processing secure payments, and preventing fraud.
Analytics cookies (consent required) We use Google Analytics to collect anonymised data about how visitors use our site — which pages are most visited, how long visitors stay, and where they come from. This helps us improve your shopping experience.
Marketing cookies (consent required) If you have interacted with our advertising on platforms such as Facebook, Instagram, or Google, tracking pixels may be active on our site to measure advertising effectiveness.
Managing your cookies When you first visit graysonandco.co.uk, a cookie consent banner will allow you to accept or decline non-essential cookies. You can update your preferences at any time via the cookie settings in our website footer. You may also manage cookies through your browser settings — note that disabling essential cookies may affect site functionality.
12. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Order and transaction records | 7 years (Dutch UAVG / UK HMRC tax requirements) |
| Customer account data | Duration of account + 2 years after last activity |
| Email marketing / newsletter data | Until unsubscribe + 1 year |
| Customer service correspondence | 3 years from last contact |
| Analytics / technical data | 26 months (Google Analytics default) |
| Cookie consent records | 1 year |
After the applicable retention period, your data is securely deleted or anonymised.
13. Your Rights
Under UK GDPR and EU GDPR, you have the following rights:
Right of access (Art. 15) Request a copy of the personal data we hold about you and information on how it is used.
Right to rectification (Art. 16) Request correction of any inaccurate or incomplete data we hold about you.
Right to erasure (Art. 17) Request deletion of your personal data where there is no compelling reason for continued processing, subject to legal retention requirements.
Right to restriction (Art. 18) Request that we limit how we use your data in certain circumstances.
Right to data portability (Art. 20) Receive your data in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means.
Right to object (Art. 21) Object to processing based on legitimate interests, including direct marketing. We will stop direct marketing immediately upon objection.
Right to withdraw consent (Art. 7(3)) Withdraw consent at any time for consent-based processing without affecting prior lawful processing.
14. How to Exercise Your Rights
Contact us using any of the following methods:
Email: support@graysonandco.co.uk Phone: +31 643699876 Post: MarketRight | Grayson & Co., Oranjeboomstraat 254A, 3071BM Rotterdam, The Netherlands
We will respond within one calendar month as required by GDPR. For complex or multiple requests we may extend this by a further two months — we will notify you if this applies. We may verify your identity before processing your request. We will not charge a fee unless requests are manifestly unfounded or excessive.
15. Right to Complain
UK customers — Information Commissioner's Office (ICO) If you are unhappy with how we have handled your personal data and are based in the United Kingdom:
Website: ico.org.uk Phone: 0303 123 1113 Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Netherlands / EU customers — Autoriteit Persoonsgegevens (AP) If you are based in the Netherlands or elsewhere in the EU:
Website: autoriteitpersoonsgegevens.nl Phone: +31 88 1805 250 Post: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag, The Netherlands
We would always appreciate the opportunity to address your concern directly before you contact a supervisory authority.
16. Data Security
We implement appropriate technical and organisational security measures to protect your personal data, including:
- SSL/TLS encryption for all data transmitted through our website
- Secure, access-controlled systems for storing customer data
- Data Processing Agreements with all third-party processors
- Regular review of our data handling practices
In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33.
17. Children's Privacy
Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately at support@graysonandco.co.uk and we will delete it without delay.
18. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies before submitting any personal data.
19. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy from time to time.
20. Contact Us
Trading Name: Grayson & Co
Legal Business Name: MarketRight
Company Number: 94835780
Address: Oranjeboomstraat 254A, 3071BM Rotterdam, The Netherlands
Email: support@graysonandco.co.uk
Phone: +31 643699876
Hours: Mon–Fri 09:00–17:00 | Sat 09:00–18:00 | Sun Closed
Support: We aim to respond within 24 business hours.