Skip to content Skip to footer
0 items - $0.00 0
SHOTBYGAFAR
Plan a Visit
0 items - $0.00 0
SHOTBYGAFAR

Privacy Policy

Close

1. Introduction & Who We Are

This Privacy Policy explains how Shot by Gafar (“we”, “us”, “our”), operated by Gafar, London, United Kingdom, collects, uses, stores, and protects your personal data when you visit shotbygafar.com or purchase our products and services.

We are committed to protecting your privacy and complying with all applicable data protection laws globally, including the UK General Data Protection Regulation (UK GDPR), EU GDPR, California Consumer Privacy Act (CCPA), Canada’s PIPEDA, and Australia’s Privacy Act 1988.

Business: Shot by Gafar Location: London, United Kingdom Website: shotbygafar.com Contact: shotbygafar.com/contact

2. What Personal Data We Collect

Data You Provide

When you purchase, register an account, or contact us we collect:

  • Full name and email address
  • Billing address (where required)
  • Phone number (for service bookings)
  • Messages and communications you send us

Data Collected Automatically

  • IP address and approximate location
  • Browser type, version, and device type
  • Pages visited, time on site, and referring source
  • Cookies and tracking data (see Section 8)

Payment Data

All payments are processed by Stripe. We do not store, view, or have access to your full card number, CVV, or bank details at any point. Stripe is PCI-DSS Level 1 certified. See stripe.com/gb/privacy for their full policy.

Order & Download Data

WooCommerce records your order details, transaction reference, and download history for order fulfilment and legal financial record-keeping purposes.

3. How We Use Your Data

  • To process and fulfil your orders and deliver digital downloads
  • To send order confirmation, receipts, and delivery emails
  • To respond to your enquiries and provide customer support
  • To manage your account on our Website
  • To send marketing emails if you have opted in — you can unsubscribe at any time
  • To analyse and improve our Website and products
  • To comply with legal obligations including HMRC tax records (6 year minimum)
  • To detect, prevent, and investigate fraud and security issues
  • To enforce our Terms & Conditions and Sales Policy

4. Legal Basis for Processing

  • Contract performance — to process your purchase and deliver your order
  • Legal obligation — HMRC requires transaction records for a minimum of 6 years
  • Legitimate interests — fraud prevention, site improvement, business operations
  • Consent — for marketing emails; you may withdraw consent at any time

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share it only with trusted processors necessary to operate our business.

Stripe — Payment processing. Data shared includes name, email, and billing info for fraud prevention and payment. See stripe.com/gb/privacy.

WooCommerce / WordPress — Our e-commerce platform. Order data is stored on our secured hosting environment.

Hostinger — Website hosting provider. Data stored within EEA-compliant infrastructure.

MailerLite — Email marketing for opted-in subscribers only. Unsubscribe at any time. See mailerlite.com/privacy-policy.

Google Analytics — Anonymised website analytics. Opt out via browser settings or our cookie banner.

All processors are contractually required to handle your data securely and in compliance with applicable law.

6. Data Retention

  • Order and transaction records: 6 years minimum (HMRC requirement)
  • Customer account data: until account deletion is requested
  • Marketing subscriptions: until you unsubscribe
  • Analytics data: 26 months
  • Support correspondence: 2 years from last contact

Data no longer required is securely deleted or anonymised.

7. International Data Transfers

Some processors including Stripe and MailerLite may transfer data outside the UK or EEA. Where this occurs we ensure appropriate safeguards are in place including Standard Contractual Clauses approved by the UK ICO and equivalent mechanisms under applicable law.

8. Cookies

We use cookies to improve your experience and analyse site usage.

  • Essential cookies — required for the Website and checkout to function
  • Analytics cookies — to understand how visitors use our site
  • Marketing cookies — to track campaign effectiveness with your consent only
  • Preference cookies — to remember your currency and settings

A cookie consent banner is displayed on your first visit. You can manage or withdraw cookie consent at any time via the banner or your browser settings.

9. Your Rights

Regardless of your location, we honour the following rights:

  • Right to access — request a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion subject to legal retention obligations
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw marketing consent at any time

Submit requests via shotbygafar.com/contact. We will respond within 30 days.

10. UK & EU Customers — UK/EU GDPR

We process your data in full compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and EU GDPR.

UK residents may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or call 0303 123 1113.

EU residents may lodge a complaint with their local supervisory authority.

11. California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following additional rights:

  • Right to Know — request disclosure of the personal information we have collected about you in the past 12 months
  • Right to Delete — request deletion of your personal information subject to legal retention obligations
  • Right to Opt-Out of Sale — we do not sell your personal information to any third party
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights

Categories of data we collect: identifiers (name, email, IP address), commercial information (purchase history), internet activity (browsing behaviour on our site).

We do not collect sensitive personal information as defined by CCPA. We do not sell or share personal information for cross-context behavioural advertising.

To exercise your CCPA rights contact us at shotbygafar.com/contact. We will respond within 45 days as required by CCPA.

12. Canadian Customers — PIPEDA

For customers in Canada we process your personal data in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect only the information necessary for the purposes identified in this policy and obtain your consent where required.

You have the right to complain to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

13. Australian Customers — Privacy Act 1988

For customers in Australia we handle your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles. We collect personal information only for the purposes described in this policy.

You have the right to complain to the Office of the Australian Information Commissioner at oaic.gov.au.

14. Data Security

  • SSL/TLS encryption on all pages of our Website
  • PCI-DSS compliant payment processing via Stripe
  • Password-protected admin access
  • Regular software and security updates
  • Limited staff access to personal data on a need-to-know basis

In the event of a data breach affecting your rights we will notify you and relevant authorities within 72 hours as required by UK GDPR.

15. Children’s Privacy

Our Website and products are not directed at children under the age of 13. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to us please contact us immediately.

16. Changes to This Policy

We may update this Privacy Policy at any time. The updated version will be posted on this page with a revised date. Continued use of our Website after changes constitutes acceptance.

17. Contact

Shot by Gafar London, United Kingdom Contact form: shotbygafar.com/contacts

We will respond to all data-related requests within 30 days.