Privacy Policy

1. Our commitment to your privacy

Appleyard London (owned and operated by Ecomnova Ltd) is committed to protecting the privacy of our customers and gift recipients. We operate in full compliance with the UK GDPR and the Data (Use and Access) Act 2025.

2. Security & data protection

We take the security of your data seriously. To protect your personal information, Ecomnova maintains a robust security posture aligned with international standards and industry best practices:

• Strategic Governance (ISO/IEC 27001): We operate an Information Security Management System (ISMS) modeled on ISO 27001 standards.
• Technical Defenses: We implement strict technical controls in line with UK Government NCSC Cyber Essentials guidelines.
• Best-Practice Tools: Your data is safeguarded using industry-standard security technologies, including advanced encryption (such as TLS and AES-256), and fully PCI-DSS compliant payment processing.
• Regulatory Compliance: As part of our commitment to data privacy and UK data protection laws, we are fully registered as a data controller with the Information Commissioner’s Office (ICO).

Because the digital landscape is constantly evolving, we use these combined frameworks to maintain a resilient, proactive defense that rigorously safeguards your data against modern threats.

3. Information we collect

3.1 Data Provided by You

• Identity & Contact: Name, email address, phone number, and billing address.
• Order Details: Delivery addresses and personalized gift messages.
• Communication: Records of any correspondence via live chat, email, or telephone.

3.2 Data About Others (Recipients)

When you send a gift, you provide us with the recipient’s name and delivery details. We process recipient data solely for fulfillment, delivery updates, and necessary aftercare. We do not use recipient contact details for marketing purposes unless they independently subscribe to our services. By providing this data, you confirm you have the right to share it with us.

3.3 Automated Collection

When you interact with our website, we use cookies and similar tracking technologies to collect technical data (IP address, browser type) and interaction data (pages viewed, products added to cart).

To provide a seamless experience, we recognize when an order has been started but not completed (e.g., items left in a cart). We may send a limited series of reminder communications to assist you in resuming your order. This includes abandoned browse campaigns where data may be captured based on your site interactions even before a checkout is finalized.

4. How we use your data

We process data based on the following legal grounds:

• Performance of Contract: To process, fulfill, and deliver your orders.
• Legitimate Interests: To perform analytics, prevent fraud, and assist with order recovery. If you begin but do not complete an order, we may use your details to send recovery reminders.
• Consent: For newsletters, promotional offers, and personalized social media advertising.

Cookies and Tracking Technologies: We use cookies and similar technologies (such as web beacons and pixels) to provide our services, understand site performance, and assist with order recovery. For a full list of the cookies we use, please see our cookie policy.

5. Third-Party sharing

We share data with selected service providers to facilitate our business:

• Delivery & Logistics Partners: Courier services requiring recipient details for physical delivery.
• Fulfillment Partners: Who help prepare your order.
• Marketing & Communication Platforms: Third-party tools used for emails, SMS, and advertising.
• Payment Processors: Secure gateways managing transaction authorization.

6. Data retention & anonymization

We retain personal data only for as long as necessary to fulfill the purposes set out in this policy, guided by legal requirements and business necessity.

To maintain reporting integrity while protecting your privacy, our standard practice is to remove personal identifiers (anonymization) rather than performing total deletion of records, ensuring that historical data can no longer be linked to an identifiable individual.

7. Your rights

Under UK data protection law, you have the right to access, correct, or request the erasure of your personal data. You can opt out directly via provided links without needing to exercise a full "right to be forgotten".

To exercise these rights, contact our Data Protection Officer:

Last Updated: May 26, 2026
View previous policy