📦FREE SHIPPING ON ORDERS OVER £49.99

Privacy Policy

Privacy Policy

Last updated: [01.01.2026]

This Privacy Policy explains how BumpHeaven, operated by BDM-Commerce Ltd (“we”, “us”, “our”), collects, uses and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

BDM-Commerce Ltd
164 Leigh Hunt Drive
London
England
N14 6DQ
United Kingdom

📧 Email: support@bumpheaven.co.uk

BDM-Commerce Ltd is the data controller responsible for your personal data.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Identity data (name, billing address, shipping address)
Contact data (email address, phone number)
Order and transaction data
Payment data (processed securely by third-party payment providers)
Technical data (IP address, browser type, device information)
Usage data (interactions with our website)
Communication data (emails, contact form messages)

We do not knowingly collect data from children under the age of 16.

3. How We Use Your Data

We process your personal data for the following purposes:

To process and fulfil orders
To manage payments and prevent fraud
To communicate with you regarding your order
To provide customer support
To comply with legal and regulatory obligations
To improve our website and services
To send marketing communications only where consent has been given

4. Legal Basis for Processing

We process your data under one or more of the following legal bases:

Performance of a contract
Legal obligation
Legitimate interests (e.g. fraud prevention, service improvement)
Consent (for marketing communications)

You may withdraw your consent at any time.

5. Sharing Your Data

We may share your personal data with trusted third parties, including:

Payment service providers (e.g. Stripe, Shopify Payments)
Shipping and logistics partners
IT, hosting and platform providers
Professional advisers where legally required

All third parties are required to handle your data securely and in compliance with UK GDPR.

We do not sell your personal data.

6. International Data Transfers

Some service providers may process data outside the UK.
Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent legal protections.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and tax requirements.

8. Your Rights Under UK GDPR

You have the right to:

Access your personal data
Request correction of inaccurate data
Request erasure of your data (where applicable)
Restrict or object to processing
Request data portability
Withdraw consent at any time

To exercise your rights, please contact us using the details above.

9. Cookies

Our website uses cookies to improve functionality and user experience.

You can manage or disable cookies through your browser settings.
For more information, please refer to our Cookie Policy (if applicable).

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse.

However, no online transmission is entirely secure, and we cannot guarantee absolute security.

11. Marketing Communications

You will only receive marketing emails if you have actively opted in.

You can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us directly.

12. Complaints

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

🌐 https://www.ico.org.uk

We would, however, appreciate the opportunity to address your concerns directly first.

13. Changes to This Policy

We reserve the right to update this Privacy Policy at any time.
Any changes will be posted on this page with an updated revision date.