GDPR & Cookie Policy
Last updated: 28 April 2026
This page explains how Oak & Outdoor uses cookies on oakandoutdoor.co.uk, how we comply with UK GDPR and the Privacy and Electronic Communications Regulations (PECR), and what choices you have about how your data is used. It should be read alongside our Privacy Policy.
We have designed our data practices to be transparent and fair. We do not use your data for any purpose beyond running our business and improving your experience as a customer.
1. What is UK GDPR and Why Does it Apply to Us
The UK General Data Protection Regulation (UK GDPR) is the law that governs how businesses in the United Kingdom collect, store, and use personal data. It applies to any business that processes the personal data of UK residents — which includes Oak & Outdoor, as we sell to customers across the UK.
Under UK GDPR, we are required to:
• Have a lawful basis for every type of data processing we carry out
• Be transparent with you about how we use your data
• Keep your data secure and only for as long as necessary
• Respect your rights over your own personal data
• Register with the Information Commissioner's Office (ICO)
2. Our Lawful Bases for Processing Your Data
UK GDPR requires us to identify a lawful basis for every type of data processing. We rely on the following:
|
Processing activity |
Lawful basis |
What this means |
|
Processing your order |
Contract |
We need this data to fulfil what you have asked us to do |
|
Sending order and delivery updates |
Contract / Legitimate interest |
You expect to receive these communications when placing an order |
|
Sending marketing emails |
Consent |
You have actively opted in. You can withdraw consent at any time. |
|
Website analytics |
Legitimate interest |
We use anonymised data to understand how our site performs |
|
Tax and accounting records |
Legal obligation |
HMRC requires us to retain transaction records for 6 years |
3. What Are Cookies and How We Use Them
Cookies are small text files placed on your device when you visit a website. They help websites remember information about your visit — such as items in your basket, your login status, or your preferences.
We use four categories of cookies on oakandoutdoor.co.uk:
|
Category |
Consent required |
Examples |
Purpose |
|
Essential |
No — always on |
Shopify session, cart, security |
Required for the website to function. Cannot be disabled. |
|
Functional |
Yes |
Currency preference, recently viewed |
Remembers your preferences to improve your experience |
|
Analytics |
Yes |
Google Analytics (_ga, _gid) |
Helps us understand how visitors use our site so we can improve it. Data is anonymised. |
|
Marketing |
Yes |
Meta Pixel, Google Ads |
Allows us to show you relevant adverts on other platforms and measure their effectiveness. |
When you first visit our website, you will be shown a cookie consent banner. You can choose to accept all cookies, or customise your preferences. You can change your cookie settings at any time using the 'Cookie Settings' link in our website footer.
4. Specific Cookies We Use
|
Cookie name |
Provider |
Duration |
Purpose |
|
_shopify_y |
Shopify |
1 year |
Analytics — tracks unique visitors |
|
_shopify_s |
Shopify |
30 minutes |
Session tracking — tracks actions within a session |
|
cart |
Shopify |
2 weeks |
Essential — stores your shopping basket contents |
|
_secure_session_id |
Shopify |
24 hours |
Essential — security and fraud prevention |
|
_ga |
|
2 years |
Analytics — distinguishes users (anonymised) |
|
_gid |
|
24 hours |
Analytics — distinguishes users (anonymised) |
|
_fbp |
Meta |
3 months |
Marketing — used by Meta to deliver and measure adverts |
|
klaviyo |
Klaviyo |
1 year |
Functional — identifies returning email subscribers |
5. How to Manage or Remove Cookies
You have several ways to control cookies:
• Use our cookie banner — shown on your first visit. Accept, decline, or customise by category.
• Use the Cookie Settings link in our website footer at any time to update your preferences.
• Adjust your browser settings — most browsers allow you to block or delete cookies. Note that blocking essential cookies may prevent parts of the website from working correctly.
• Opt out of Google Analytics — visit tools.google.com/dlpage/gaoptout to install the Google Analytics opt-out browser add-on.
• Opt out of Meta advertising — visit facebook.com/ads/preferences to manage your ad preferences.
6. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
Right of access: You can request a copy of the personal data we hold about you at any time. We will respond within 30 days.
Right to rectification: If any data we hold about you is inaccurate or incomplete, you can ask us to correct it.
Right to erasure: You can ask us to delete your personal data where we have no legal obligation to retain it. We will delete it within 30 days.
Right to restrict processing: You can ask us to stop using your data in certain ways while retaining it.
Right to data portability: You can request that we provide your data in a machine-readable format so you can transfer it to another service.
Right to object: You can object to us processing your data on the basis of legitimate interest at any time.
Right to withdraw consent: Where processing is based on your consent (e.g. marketing emails), you can withdraw that consent at any time by clicking unsubscribe or emailing us.
Right to complain: If you are unhappy with how we handle your data, you have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.
To exercise any of these rights, contact us at hello@oakandoutdoor.co.uk. We will not charge you for making a request and will respond within 30 days. In complex cases we may extend this to 60 days but will notify you if so.
7. Data Breaches
In the unlikely event of a personal data breach, we will notify the ICO within 72 hours where the breach is likely to result in a risk to your rights and freedoms. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.
Our website uses Shopify's PCI DSS Level 1 certified infrastructure for payment data, which significantly reduces the risk of payment card data breaches.
8. Children's Data
Our website is not intended for children under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately at sales@oakandoutdoor.co.uk and we will delete it promptly.
9. Updates to This Policy
We review this policy annually and whenever we make changes to how we use data. The 'Last updated' date at the top of this page will reflect any changes. We will notify you of significant changes by email if you are a registered customer or newsletter subscriber.
10. Contact and Complaints
For any questions, concerns, or requests relating to this policy:
Email: sales@oakandoutdoor.co.uk
Website: oakandoutdoor.co.uk
If you are unhappy with our response, you have the right to complain to the Information Commissioner's Office (ICO):
ICO website: ico.org.uk
ICO helpline: 0303 123 1113
Oak & Outdoor · oakandoutdoor.co.uk · sales@oakandoutdoor.co.uk
This policy applies exclusively to oakandoutdoor.co.uk and does not apply to third-party websites we may link to.