Privacy Notice

Papilio (Heritage) Ltd is a company registered in England and Wales.  In this policy we are also referred to as “we” or “us”.


This privacy policy applies whether you visit us in person or interact with us online.


How we use your data:

Papilio (Heritage) Ltd uses your personal data:

  • to manage any loyalty card account that you hold with us

  • to manage bookings or take orders

  • for crime and fraud prevention, detection and related purposes

  • for market research - e.g. to help us understand which areas our customers come from and where we need to advertise, to identify which products are selling well and trends in purchases

  • for any situation where we have a legal right or duty to use or disclose your details (e.g. in case of any situation involving the police or a legal dispute)

  • to contact you electronically about our latest news and other products or services that may be of interest to you (these emails are usually only once a month,) and are with your permission when you sign up for a loyalty card or enter a competition etc

  • to manage any returns

  • to contact you in response to any query

  • for recruitment purposes

  • to respond to emails or social media messages

What data do we collect?

We only hold data that helps us to deliver products and services to you.  This includes:

  • your name, date of birth and title

  • your contact details including your address, telephone number and e-mail address

  • a record of your transactions, bookings and products purchased

  • any survey responses

  • any communications with us via email, website, social media, writing, text etc!!

  • interaction with our social media or website

  • interaction with our email newsletter (region opened, date/time opened, links clicked)

  • website cookies 

  • photographs you have provided or we have taken with your consent

Your rights:

You have the following rights:

  • to opt out of any marketing communications (you can easily unsubscribe at any time by clicking the ‘unsubscribe’ button on the bottom of our newsletter emails

  • to ask us to update any of the personal data we hold on you

  • to ask us for a copy of the data we hold about you

  • to request that we delete your personal data (so only as there is no longer a legal reason we must retain it)

If you wish to use any of these rights please contact us via the contact form on our website or emailing

How we look after your data:

We understand that protecting your data is really important and work to ensure we keep that data safe and secure.  

This includes:

  • any devices with access to your data are password protected

  • limiting the number of staff with access to your data

  • only the company Directors having access to all data

  • training staff in handling your data

  • disposing of any data securely

  • any data which is not electronic that has to be held for more than 48 hours is kept in safes/filing cabinets and away from the shop floor.

  • security applications on applicable devices

Sharing data with third parties:

  • In order to operate our loyalty card system and manage our email marketing list it is necessary for to use IT and marketing service providers.  Your details are held shared with them and held on servers used by them.  These providers have provided evidence to us of their data protection policies and security measures.  They cannot use your data outside of our accounts and cannot contact you directly in any situation. 

  • Some of these providers do hold the data outside of the EU, however this is covered and protected under the ‘Privacy Shield’ (a EU-U.S program).

  • If it necessary to share your details with public authorities (e.g. police) or insurance companies this will be done securely and with a chain of evidence.

  • If Papilio at Heritage is ever sold as an ongoing concern your data will be transferred to the new owners.  This is to allow loyalty cards etc to continue to operate. 

  • We will never sell our customer data to third parties as a marketing list (except in the case of sale of business as mentioned above).


How long will we keep your data?

We will not keep your data for longer than is necessary.  Financial and legal rules are different for each type of data however the longest period is normally 6 years.


The data protection officer is Tabi Marsh, any queries please get in touch with her.


This policy was last updated May 2018