Privacy Policy
Last updated: June 2025
Contents
1. Who We Are
The data controller is Pearla Tea 茶, 331 Doncaster Road, Dalton, Rotherham, S65 2UE. You can contact us regarding your data at hello@pearlatea.com.
2. What Data We Collect
| Category | Examples | How collected |
|---|---|---|
| Identity data | Full name, username, profile picture | Account registration, Google Sign-In |
| Contact data | Email address, phone number | Account registration, checkout |
| Order data | Items ordered, customisations, order total, order history | Placing an order |
| Delivery data | Delivery address, postcode | Checkout (delivery orders only) |
| Payment data | Card type, last 4 digits, billing postcode (Stripe token) | Checkout — processed by Stripe. We never see your full card number. |
| Technical data | IP address, browser type, device, pages visited, timestamps | Automatically via Firebase Analytics |
| Communications data | Messages sent via our contact form or WhatsApp | When you contact us |
| Marketing data | Email address, marketing preferences | Newsletter sign-up (optional) |
3. How We Use Your Data
- Processing your order — to prepare, fulfil, and deliver your order and send you confirmation and updates.
- Account management — to create and manage your customer account.
- Payment processing — to charge you for your order through our secure payment provider.
- Customer service — to respond to enquiries, complaints, and refund requests.
- Marketing — to send you promotional emails and offers, only if you have opted in. You can unsubscribe at any time.
- Improving our service — to analyse how customers use our website and make improvements.
- Legal compliance — to comply with our legal obligations, including food safety and financial record-keeping.
4. Legal Basis for Processing
- Contract — processing your order and managing your account.
- Legitimate interests — improving our website, fraud prevention, and customer service.
- Consent — sending marketing emails (you can withdraw consent at any time).
- Legal obligation — keeping financial records and complying with food safety law.
5. Third Parties We Share Data With
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Google Firebase | Authentication, database, hosting | firebase.google.com/support/privacy |
| Stripe | Payment processing | stripe.com/gb/privacy |
| Netlify | Website hosting | netlify.com/privacy |
| Google Sign-In | Optional account login | policies.google.com/privacy |
We do not sell your personal data to any third party. We do not share your data with any advertising platforms.
6. How Long We Keep Your Data
- Account data — retained while your account is active. You may request deletion at any time.
- Order data — retained for 7 years for financial and legal compliance purposes.
- Marketing data — retained until you unsubscribe or request deletion.
- Technical/analytics data — retained for up to 26 months (Google Firebase default).
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request that we correct inaccurate or incomplete data.
- Right to erasure — request deletion of your data ("right to be forgotten"), subject to legal obligations.
- Right to restrict processing — ask us to pause how we use your data.
- Right to data portability — receive your data in a machine-readable format.
- Right to object — object to us processing your data for marketing purposes.
- Right to withdraw consent — where we rely on consent, you may withdraw it at any time.
To exercise any of these rights, email us at hello@pearlatea.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Cookies
Our website uses the following types of storage:
- Essential (localStorage) — we store your shopping cart and login session locally in your browser. This is required for the website to function and cannot be disabled.
- Firebase Authentication cookies — used to keep you logged in to your account.
- Analytics — Firebase Analytics may set cookies to help us understand how visitors use our site. No personally identifiable information is shared with third-party advertising networks.
You can clear cookies and localStorage at any time through your browser settings, though this will log you out and clear your cart.
9. Data Security
We take the security of your data seriously. Your data is stored on Google Firebase servers with industry-standard encryption. Payment data is handled entirely by Stripe and is never stored on our systems. Access to our database is restricted to authorised personnel only.
While we take all reasonable steps to protect your data, no internet transmission is 100% secure. If you believe your account has been compromised, please contact us immediately.
10. Children's Privacy
Our website is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a new "Last updated" date. We encourage you to review this page periodically.
12. Contact & Complaints
For any questions, data requests, or complaints regarding your privacy, please contact us:
- Email: hello@pearlatea.com
- Phone: +44 1709 511080
- Post: Pearla Tea 茶, 331 Doncaster Road, Dalton, Rotherham, S65 2UE
If you are not satisfied with our response, you have the right to complain to the ICO at ico.org.uk/make-a-complaint.