Foundation 14a

Privacy Policy

Privacy Policy for 14a.org.uk

Last updated: [ 24.11.2025]

1. Introduction / Who We Are

Welcome to 14a.org.uk (“we”, “our”, “us”). We are Fourteen-A Ltd trading as 14a, registered in the United Kingdom at:
Registered Address:

42 Friars Road

Newport

NP20 4EZ
Email: contact@14a.org.uk
If you have any questions about this Privacy Policy or our data practices, you can contact us at the above address or email.

We are the data controller for the personal data we collect via this website.

2. What Data We Collect

We collect different types of personal data when you interact with our store, including:

a) Data you provide:

  • Name
  • Email address
  • Postal address
  • Telephone number
  • Payment information (processed via our payment provider — we do not store full card details on our servers)
  • Order history

b) Data collected automatically:

  • IP address
  • Browser type and version
  • Device type
  • Usage data (pages visited, time spent, clicks)
  • Cookies and similar technologies (see our Cookie Policy / section below)

c) Data from third parties (if applicable):

  • For example, if you use third-party login (social login) or payment services, we may receive data from those services (subject to what you permit).

3. Why We Process Your Data (Purposes)

We process your personal data for the following purposes:

  1. Order fulfilment: to process and deliver your orders, communicate with you about your orders, and provide customer service.
  2. Payment processing: to complete financial transactions via our payment provider.
  3. Customer account & relationship: to manage your account, send you order confirmations, marketing (if you consent), and service updates.
  4. Website improvement & analytics: to understand how people use our site and to improve our service (via usage data, analytics).
  5. Legal & compliance: to comply with legal obligations, prevent fraud, and for record-keeping (e.g., for tax).
  6. Marketing (optional): if you sign up for our newsletter or marketing communications, to send you offers, updates, and promotions (based on your consent, where required).

4. Lawful Basis for Processing

Depending on the context, we rely on different lawful bases under UK GDPR:

  • Contractual necessity: for processing data necessary to deliver your order, manage your account, and process payments.
  • Legitimate interests: for analytics, fraud prevention, improving our website and services. We carefully assess that our legitimate interests do not override your rights and freedoms.
  • Consent: where required (e.g., for marketing communications, non-essential cookies) — you have the right to withdraw your consent at any time.
  • Legal obligation: where we must process data to comply with laws (e.g., keeping transaction records for tax purposes).

5. Who We Share Your Data With

We may share your personal data with:

  • Payment processors / financial institutions — to take payments and manage refunds.
  • Delivery / courier companies — to deliver your orders (they receive your name, address, phone number as necessary).
  • Service providers / subcontractors — such as IT providers, email processors, analytics services.
  • Law enforcement or regulatory bodies — if required by law or regulation.
  • Professional advisors — for example, our accountants or lawyers when needed.

We ensure that any third parties we share data with are subject to appropriate contractual agreements requiring them to protect your data.

6. International Transfers

If applicable: We may transfer your data outside the UK (for example, to service providers). When we do so, we ensure there are adequate protections in place (e.g., standard contractual clauses, or the recipient is in a country with an adequacy decision) to keep your data safe.

7. Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes for which we collected it, taking into account legal, accounting, or reporting requirements. For example:

  • Order information and transaction records: kept for [X] years (for tax / accounting)
  • Customer account data: retained as long as your account is active, or for a reasonable period after account closure to handle any questions / disputes
  • Marketing data: we retain until you unsubscribe or withdraw consent
  • Analytics data: retained in anonymised or pseudonymised form for trend analysis

8. Your Rights

Under UK data protection law, you have a number of rights regarding your personal data, including:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): in certain circumstances, you can ask us to delete your data.
  • Right to restrict processing: you can ask us to limit how we use your data in certain situations.
  • Right to object: you can object to processing based on legitimate interests, or to direct marketing.
  • Right to data portability: you can ask for a machine-readable copy of your data.
  • Right to withdraw consent: if we rely on consent for processing (e.g., marketing), you can withdraw it any time — withdrawing does not affect processing done before you withdrew.
  • Right to complain: if you have a concern, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Their website is https://ico.org.uk.

To exercise any of these rights, please contact us at contact@14a.org.uk (or our address above).

9. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. Some are strictly necessary for the functioning of the site (e.g., shopping cart), others are optional (e.g., analytics).

  • We will explain to you what cookies we use, what they do, and how you can control them.
  • We will ask for your consent before placing non-essential cookies (in line with PECR). ICO+1
  • You can manage your cookie preferences via our cookie banner / settings.

For more information, please see our Cookie Policy (link to your separate cookie page) or the “Cookies” section on this site.

10. Automated Decision-Making / Profiling

We do not use automated decision-making or profiling that has legal or similarly significant effects on you.

(Or, if you do:) We may use automated decision-making (or profiling) [explain the purpose, logic, and how decisions are made]. You have the right to request human intervention, express your point of view, and challenge the decision.

11. Security

We take appropriate technical and organisational measures to protect your personal data from loss, misuse, or unauthorized access. These include secure servers, encrypted connections (HTTPS), access controls, and regular security reviews.

However, no system is 100% secure — if you believe that your data is in any way compromised, please contact us immediately at contact@14a.org.uk.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Post the updated policy here, with a new “Last updated” date
  • If the changes are significant, we may also send you a notice (for instance, if you are a customer with an account)

We encourage you to check this page regularly to stay informed about how we use your data.

13. Children

Our services are not intended for children under the age of 18. If you are under 18, you should only use our website with the involvement of a parent or guardian.

If you believe we have collected data relating to a child under 18 without appropriate consent, please contact us and we will delete the data or take other appropriate action.

14. Contact & Complaints

If you have any questions about this Privacy Policy or how we handle your data, please get in touch:

If you believe that we have not complied with data protection laws, you also have the right to make a complaint to the Information Commissioner’s Office (ICO): https://ico.org.uk.