Data Protection 

GDPR Compliant

 1.0 CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION User privacy and data protection are human rights. We have a duty of care to the people within my data. Data is a liability, it should only be collected and processed when absolutely necessary. We loathe spam as much as you do! We will never sell, rent or otherwise distribute or make public your personal information. 

2.0 RELEVANT LEGISLATION We comply with the following national and international legislation with regards to data protection and user privacy: UK Data Protection Act 1988 (DPA) EU Data Protection Directive 1995 (DPD) EU General Data Protection Regulation 2018 (GDPR)

 3.0 PERSONAL INFORMATION WE COLLECT AND WHY WE COLLECT IT 3.1 Order Processing- When you place an order via our shop on We receive only the required information in order to process your order (your name, address, phone and email). 

4.0 HOW WE USE THE INFORMATION The information you provide is used to fulfil your order on a ‘contract’ basis and is only used for the purpose of communicating with you regarding your purchase and for delivery of your items. Your personal information will not be added to a mailing list and you will not be contacted for marketing or advertising purposes.

 5.0 SHARING WITH THIRD PARTIES We will NEVER sell or rent your personal data. To process your order and to fulfil your contract with us, your information is shared with third parties for the purpose of delivery and payment (Royal Mail, Paypal, Stripe, Izettle). It may be shared for compliance with legal, regulatory and law enforcement requests as appropriate and necessary. We will endeavour to notify you of any such requests. We are not responsible for how these third parties process your data, please visit their websites to read their privacy policies.

 6.0 FACEBOOK MESSENGER, INSTAGRAM AND EMAIL Should you choose to contact us through our Facebook page or an email, none of the data that you supply will be passed to / be processed by any of the third party data processors defined in section 5.0. as you will be directed to our online shop at website to fulfil the contract. We would suggest you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email. Your data will only be held for as long as necessary in order to communicate with you and respond to your request.

 7.0 HOW WE SECURE, STORE AND RETAIN DATA We use website to trade and complete your purchase. Your data is secured, stored and retained by to complete your purchase. We do not hold hard copies of your data and any data collected is held only as long as is necessary to carry out your order and to maintain adequate and accurate business and financial records (7 years).

 8.0 SELLING AT CRAFT FAIRS If you visit the craft fair we are attending you may be recorded on CCTV if the location has this in operation. If you purchase from us using cash and collect your item on the day, no personal information will be collected or stored. For made-to-order items that can’t be collected on the day, we will need to ask you for your name and address in order to deliver your order. If we are unable to hand deliver your item, We would need to pass your name and address to a third party (Royal Mail) in order for them to deliver your parcel. If you pay for your order via card reader, your details will be passed on to a third party being Izettle. We do not receive any card or bank details. We will ask for an email or telephone number to send you a receipt through Izettle. Information will not be stored after transaction is complete. We are not responsible for how the third party, Izettle, processes your data. Please visit their website to read their privacy policies

 9.0 HOW YOU CAN ACCESS, UPDATE OR DELETE INFORMATION HELD ABOUT YOU You have the right to access, update or ask us to delete your personal information. Please email the Data Controller found in section 9.0 below. We are obliged by law to provide this service within 30 calendar days of your request free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive. 

10.0 DATA BREACHES We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen. If you feel your data has been compromised you have a right to contact the Information Commissioners Office (ICO). 

11.0 DATA CONTROLLER The data controller is Catherine Browne – Owner of  The Very Crafty Zebra, whose registered and operating office is: 18 Myrtle Avenue, Birstall, Leicester. LE4 4HS Email:

12.0 CHANGES TO OUR PRIVACY POLICY This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our users of these changes. Instead, We recommend that you check this page occasionally for any policy changes. 

 Version 2.0 25th Feb 2020


SSL Certificates

SSL certificates are small data files that are installed on website servers to encrypt data.
The Very Crafty Zebra use a Hosted Payment Page, therefore we don’t need our own SSL certificate.
SSL certificates are held by our Hosted Payment Pages (Stripe and PayPal) who process payments on our behalf. When a customer enters their payment details, they are taken through to the Hosted Payment Page website, therefore customers are not entering their details onto our site and we never actually see any customer card information.

In regards to our site security, both the site and checkout are certified as PCI Compliant by Site Ground and SG Site Scanner . Our web hosts are constantly working to defend the integrity of our site so that you can be assured that your information is secure.