Privacy Policy

Effective date: 26 January 2026

1. Who we are

Made Lovely by Sarah is a sub-brand of Mad Potter’s Studio. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our website and services.

Data Controller: Mad Potter’s Studio, trading as Made Lovely by Sarah
Location: Collingham, Newark, Nottinghamshire, UK
Contact email: info@made-lovely.co.uk
Business address for privacy enquiries: 16 The Lawns, Collingham, Newark, NG23 7NT

If you have questions about this policy or your personal data, contact us using the details above.

2. The personal data we collect

We may collect and process the following categories of personal data:

A. Information you provide

  • Name
  • Billing address
  • Delivery address
  • Email address
  • Phone number
  • Order details
  • Messages you send to us, including by email, contact form, or customer support enquiry

B. Personalisation uploads and artwork files

If you order a personalised product, you may upload images, text, logos, or other artwork files for use in creating your order. These files may include personal data, such as photographs of individuals.

Who can access these files

Access to personalisation files is restricted to:

  • the site owner/operator, Mad Potter’s Studio trading as Made Lovely by Sarah; and
  • fulfilment and production purposes only, including printing, quality checks, customer support, and resolving order issues.

We do not use personalisation files for marketing. We do not sell them. We only share them where necessary to fulfil your order or resolve an order-related issue, and only to the minimum extent required.

Use of AI-assisted tools

We may use AI-assisted tools as part of our design workflow to help prepare or refine artwork, layouts, or previews connected with an order or with content shown on the website. Where personal data is involved, we will only do so where necessary for the relevant purpose and with an appropriate lawful basis under UK GDPR. We do not use customer-uploaded images, text, or personalisation files to train AI models.

Uploads relating to other people

If you upload photographs or other content containing personal data relating to another person, you are responsible for ensuring you have the necessary rights, permissions, and any consents required to provide that content for personalisation.

How long we keep personalisation files

We keep personalisation files only for as long as needed to:

  • produce and dispatch your order; and
  • handle reasonable aftercare, such as reprints for damage in transit, quality issues, replacement requests, disputes, or chargebacks.

Unless there is an ongoing issue or legal reason to keep them longer, we typically delete personalisation files within 60 days after dispatch. Where files are deleted from our live systems, residual copies may remain in secure backups for a limited period before being overwritten in the normal backup cycle.

If you send replacement artwork by email, we will use it only to fulfil your request, such as producing a corrected item or reprint. The replacement artwork will be stored alongside your order record for the same retention period described above, then deleted in line with this policy.

If you want us to delete personalisation files sooner, where feasible and where we do not need them to resolve an issue or comply with a legal obligation, contact us at info@made-lovely.co.uk.

C. Payment information

Card payments are processed by Stripe. We do not store full card details. Stripe processes payment and transaction data to complete the purchase and help prevent fraud.

D. Technical and usage data

  • IP address
  • Browser type
  • Device information
  • Pages viewed
  • Links clicked
  • Actions taken on the site
  • Cookie data and similar identifiers

3. How we use your data and our lawful basis

Under UK GDPR, we must have a lawful basis for using personal data. We use your data for the following purposes:

A. Contract

To take steps at your request and to provide what you bought, including:

  • processing, personalising, producing, and delivering orders
  • using uploaded images, text, and other personalisation files to create the product you ordered
  • where relevant, using AI-assisted tools to help prepare or refine order-related artwork, layouts, or previews
  • sending service emails such as order confirmations, dispatch updates, and receipts
  • providing customer support and handling returns, refunds, replacements, and aftercare

B. Legal obligation

To comply with our legal duties, including:

  • keeping accounting and tax records
  • responding to lawful requests
  • meeting consumer law and other regulatory obligations

C. Legitimate interests

For our legitimate business interests, where those interests are not overridden by your rights and interests, including:

  • website security
  • fraud prevention
  • troubleshooting and improving the website
  • understanding how the website is used so we can improve performance, products, and content

D. Consent

Where consent is required, including:

  • marketing emails
  • non-essential cookies and analytics technologies where applicable

You can withdraw consent at any time.

E. Automated decision-making

We do not make solely automated decisions about individuals that produce legal effects or similarly significant effects.

4. Who we share your data with

We share personal data only where necessary to run the business, operate the website, and fulfil orders. This may include:

Ecommerce platform and hosting

  • WordPress and WooCommerce, for website and order management
  • Fasthosts, for hosting and related infrastructure

Payments

  • Stripe, for payment processing and fraud prevention

Email delivery

  • MailerSend, for transactional emails such as order confirmations and dispatch emails

Analytics and performance tools

  • Google Analytics, for website usage analytics where consent has been given
  • Google Search Console, for site performance in Google Search
  • SEMrush, for SEO and website performance insights

Shipping and delivery

  • Royal Mail and other courier services, where needed to deliver orders and provide delivery updates

Professional services

  • Accountants, advisers, insurers, or similar professional service providers where reasonably necessary for compliance and business operations

AI and design tools

Where we use third-party AI or design service providers to process personal data as part of order fulfilment or customer support, we do so only where necessary for that purpose and subject to appropriate contractual and data protection safeguards.

We do not sell your personal data.

5. International data transfers

Some service providers may process personal data outside the UK.

Where personal data is transferred outside the UK to a country that is not recognised by the UK as providing an adequate level of protection, we rely on appropriate safeguards, such as:

  • the UK International Data Transfer Agreement, or
  • the UK Addendum to the EU Standard Contractual Clauses,

together with any additional measures required to help protect personal data.

You can contact us at info@made-lovely.co.uk if you would like more information about the safeguards used for specific providers.

6. How long we keep your data

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, and customer service requirements.

Typical retention periods are:

  • Orders and accounting records: usually 6 years for tax and accounting purposes
  • Customer support messages: as long as needed to resolve the issue and then retained for reasonable business records
  • Personalisation files: usually up to 60 days after dispatch unless we need to keep them longer for aftercare, dispute resolution, replacement requests, or legal reasons
  • Marketing data: until you unsubscribe or withdraw consent, unless we need to retain limited suppression information so we can respect your preferences

7. Your rights

You have rights under UK GDPR, including the right to:

  • access your personal data
  • have inaccurate personal data corrected
  • ask for erasure in some circumstances
  • ask for restriction of processing in some circumstances
  • object to processing in some circumstances
  • receive certain personal data in a portable format in some circumstances
  • withdraw consent where we rely on consent

To exercise your rights, email info@made-lovely.co.uk. We may need to verify your identity before responding.

You also have the right to complain to the Information Commissioner’s Office at ico.org.uk/make-a-complaint.

8. Cookies

We use cookies and similar technologies for:

  • essential site functions, including checkout, account access, and security
  • analytics and performance measurement, where you have given consent

You can manage cookies through our cookie tools where available and through your browser settings. If you disable essential cookies, parts of the site may not work properly.

9. Security

We take reasonable technical and organisational measures to protect personal data, including secure connections, controlled access, and security measures appropriate to the nature of the data we handle. No system is completely secure, but we work to reduce risk.

10. Children

Our website is not intended for children to use independently. However, customers may upload photographs or other personalisation content that includes children as part of an order. We process that content only for order fulfilment, customer support, and related aftercare in line with this policy. If we become aware of information suggesting a child may be at risk of harm, we may share relevant information with appropriate authorities where we believe this is necessary and lawful.

11. Changes to this policy

We may update this Privacy Policy from time to time. The most recent version will be published on this page with an updated effective date.

Shopping Basket
Scroll to Top