Privacy policy

Privacy Policy

Siesta Crafts Ltd. trading as Bead Curtains

At Bead Curtains, we take your privacy seriously. This Privacy Notice sets out what personal data we collect, how we use it, and the rights you have under UK data protection law.

1. Who We Are

Bead Curtains is a trading name of Siesta Crafts Ltd. ("we", "us", "our"), a UK-based retailer of bead curtains, suncatchers, and decorative home accessories.

Registered Office:
Unit 17 Roper Close, Canterbury, Kent, CT2 7EP

Company Number: 4852622
Privacy Officer: Tim Harper
Contact: via our contact page

2. Legal Basis for Processing

We process your personal data on the following bases, as set out in the UK GDPR and Data Protection Act 2018:

Performance of a Contract – To process and deliver your orders, manage your account, and provide customer service.
Legal Obligation – For tax, accounting, and fraud-prevention requirements.
Legitimate Interest – To run and improve our business, maintain website security, and send essential service updates.
Consent – For optional activities such as email marketing and non-essential analytics cookies.

3. How We Collect Personal Data

We collect data when you:

Place orders through our website.
Get in touch with us for support or product information.
Sign up for our newsletter or marketing updates.
Visit our website (through cookies and analytics tools).

4. What Personal Data We Collect

Depending on how you interact with us, we may collect:

Identity and Contact Details: Name, address, email address, telephone number.
Order & Account Information: Purchase history, delivery details, invoices.
Payment Data: Handled securely by third-party payment providers; we do not store full card details.
Technical & Analytics Data: IP address, device and browser information, and interaction data (where you've consented).
Customer Support Records.

We do not collect sensitive personal data (such as details of race, religion, health, or biometrics).

5. How We Use Your Data

We use your personal data to:

Process and fulfil orders.
Provide customer support.
Manage your account and send essential service updates.
Detect fraud and maintain website security.
Send marketing emails where you have opted in.
Improve our website, product range, and customer experience.

You can opt out of marketing at any time.

6. How Long We Keep Your Data

Orders & Invoices: 6 years (legal requirement).
Marketing Data: Until you unsubscribe, or after 2 years of inactivity.
Job Applications: 6 months, unless you consent to longer retention.

7. Who We Share Your Data With

We do not sell or rent personal data. Where necessary, we may share your information with:

Couriers (such as Royal Mail and DPD) for delivery.
Payment Providers (such as Shopify Payments and PayPal) for secure transactions.
Legal Authorities where required for fraud prevention or to meet legal obligations.

Some of our service providers operate outside the UK and EU. Where this is the case, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

8. Cookies & Tracking Technologies

We use cookies and analytics tools to improve site functionality, measure performance, and support marketing. Non-essential cookies only run with your consent.

8.1 Essential Cookies

Required for the website to operate, for secure checkout, and for account login.

8.2 Analytics Cookies

Used to understand how visitors use the site and to improve the experience.

Google Analytics

Collects aggregated data on page views, traffic patterns, and browsing behaviour. Runs only with consent.

Microsoft Clarity

We use Microsoft Clarity to understand how visitors interact with our site, through heatmaps and session replays.

Clarity may collect:

Clicks, scrolls, mouse movements, and navigation patterns.
Device and technical details (browser, operating system, screen size).
Page performance metrics.
A masked view of webpage content for replay purposes.

Sensitive information (such as payment details or passwords) is automatically masked.

How Microsoft uses this data:
Microsoft acts as an independent data controller, which means it may:

Use de-identified behavioural data to improve its own products.
Process data on servers worldwide, including outside the UK and EU.
Combine anonymised data from our site with data from other sites that use Clarity.

More information: https://privacy.microsoft.com

Clarity only runs if you accept analytics cookies via our cookie banner.

8.3 Marketing Cookies

Used with your consent for personalised advertising through:

Google Ads
Facebook/Meta Pixel
Shopify marketing tools

8.4 Shopify Network Intelligence

Our store is hosted by Shopify. Shopify may use customer interaction data, aggregated across participating merchants, to provide enhanced services including:

Improved search and recommendations.
Marketing tools (such as Shopify Audiences).
Fraud detection.
Personalisation features.

Your data may be processed within Shopify's global infrastructure, including outside your country.

Customers in the United States (and certain other regions) may opt out of "sharing" or "targeted advertising" through Shopify's built-in privacy controls.

Shopify's full privacy policy is available on their website.

9. Your Rights Under UK GDPR

You have the right to:

Access – Request a copy of the personal data we hold about you.
Rectification – Have inaccurate or incomplete data corrected.
Erasure – Request deletion of your data where the law allows.
Restriction – Limit how we use your data.
Objection – Stop marketing communications at any time.
Data Portability – Receive your data in a structured, machine-readable format.

To make a request, please get in touch via our contact page. We may need to verify your identity for security purposes.

10. Data Security & Breach Response

We protect your data using secure servers, encryption in transit, firewalls, and limited internal access. In the unlikely event of a data breach, we will notify the ICO within 72 hours where the law requires it, and contact those affected as appropriate.