Privacy policy
THE BLACKENED TEETH
Privacy and Cookies Policy
This Privacy and Cookies Policy explains how The Blackened Teeth Ltd collects, uses, shares and protects your personal data when you visit our website at www.theblackenedteeth.com, place an order with us, sign up for our marketing emails, or otherwise interact with us. It also explains how we use cookies and similar technologies, and your legal rights and how to exercise them.
We are committed to protecting your personal data and handling it in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU GDPR (where applicable to processing of personal data of EEA-based individuals), and the Privacy and Electronic Communications Regulations 2003 (PECR).
This Policy should be read alongside our Terms and Conditions of Sale.
1. Who we are
The Blackened Teeth Ltd ("The Blackened Teeth", "we", "our", "us") is the data controller responsible for your personal data. This means we decide how and why your personal data is processed.
Our details:
• Company name: The Blackened Teeth Ltd
• Company number: 12421448
• Registered office: Unit 27-28 Aberaman Industrial Estate, Aberaman, CF44 6DA, United Kingdom
• VAT number: GB360187505
• Email: contact@theblackenedteeth.com
For consumers in the European Economic Area, our designated representative under Article 27 of the EU GDPR is Easy Access System Europe OÜ, Mustamäe tee 50, 10621 Tallinn, Estonia. They can be contacted at gpsr.requests@easproject.com regarding the processing of personal data of EEA-based individuals.
2. Personal data we collect
We collect and process the following categories of personal data:
Information you give us
• Contact details: name, billing address, shipping address, email address, telephone number.
• Account information: username, password, account preferences and settings (if you create an account).
• Order information: items purchased, order history, returns and exchanges.
• Payment information: payment card details (collected and processed by our payment providers — see section 5), billing address, and transaction history. We do not store full payment card numbers ourselves.
• Marketing preferences: your consent to receive marketing emails and your preferences regarding the type of content you wish to receive.
• Communications: the content of any messages you send us via email, contact forms, or social media direct messages.
Information collected automatically
• Device and connection information: IP address, browser type and version, operating system, device type, and other technical identifiers.
• Usage information: pages you visit on our website, items you view or add to your cart, time spent on pages, the website you came from, and the website you go to next.
• Cookie data: information collected through cookies and similar technologies — see section 8 for full details.
Information from third parties
• Payment confirmation and fraud-prevention data from our payment providers (Shopify Payments, PayPal, Klarna, Clearpay).
• Delivery status updates from our couriers and ShipStation.
• Engagement data from Klaviyo (e.g. whether you opened an email or clicked a link).
• Aggregate audience and conversion data from Meta and Google (where you have consented to advertising cookies).
3. How we use your personal data and our lawful basis
Under UK GDPR, we must have a "lawful basis" for processing your personal data. The lawful bases we rely on are:
|
What we do |
Lawful basis |
Categories of data |
|
Process and fulfil your orders, take payment, arrange delivery and handle returns |
Performance of a contract |
Contact, payment, order, delivery |
|
Manage your account on our website (if you create one) |
Performance of a contract |
Account, contact, order |
|
Provide customer support and respond to enquiries |
Performance of a contract / Legitimate interests (responding to you) |
Contact, communications, order |
|
Send you marketing emails about new products, offers and our editorial content (The Dark Read) |
Consent (new sign-ups) / Legitimate interests under PECR soft opt-in (existing customers, similar products) |
Contact, marketing preferences, engagement |
|
Show you targeted advertising on Meta and Google platforms based on your interaction with our website |
Consent (via cookie banner) |
Device, usage, cookie data |
|
Analyse how our website is used so we can improve it |
Consent (for non-essential analytics cookies) |
Device, usage, cookie data |
|
Detect and prevent fraud, secure our website, and protect against misuse |
Legitimate interests |
Device, payment, order |
|
Comply with our legal obligations (e.g. tax records, VAT returns, customs declarations, consumer law) |
Legal obligation |
Order, payment, contact |
|
Establish, exercise or defend legal claims |
Legitimate interests |
Any relevant data |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your rights and freedoms. You can ask us for more information about this assessment by contacting us using the details in section 13.
4. Marketing communications
We use Klaviyo to send marketing emails. We will only send you marketing emails if:
• you have given us specific consent (for example, by signing up to our newsletter); or
• you are an existing customer who bought a similar product from us, you were given the opportunity to opt out at the point of purchase, and you have not opted out (this is the "soft opt-in" permitted under PECR Regulation 22(3)).
You can withdraw your consent or opt out at any time by:
• clicking the "unsubscribe" link at the bottom of any marketing email we send you;
• updating your preferences in your account; or
• emailing contact@theblackenedteeth.com.
If you opt out of marketing, we will still send you transactional and service emails (for example, order confirmations, dispatch notifications, and customer service responses), as these are necessary for us to perform our contract with you.
5. Who we share your personal data with
We share your personal data with the following categories of recipients, who act as our processors (handling data on our behalf and under our instructions) or, in some cases, as separate data controllers:
E-commerce and website hosting
• Shopify Inc. (Canada and United States) — hosts our website, processes orders and customer accounts. Shopify acts as our processor for most purposes and as a separate controller for certain enhanced features (e.g. Shop Pay).
Payment processing
• Shopify Payments — for credit and debit card transactions through our website.
• PayPal (Europe) S.à r.l. et Cie, S.C.A. — for PayPal transactions.
• Klarna Bank AB — for "buy now, pay later" transactions. Klarna acts as a separate data controller and may carry out credit checks; please see Klarna's privacy policy at https://www.klarna.com/uk/privacy.
• Clearpay Finance Limited — for "buy now, pay later" transactions. Clearpay acts as a separate data controller and may carry out credit checks; please see Clearpay's privacy policy at https://www.clearpay.co.uk/en-GB/privacy-policy.
Order fulfilment and delivery
• ShipStation (a brand of Auctane LLC, United States) — order management and shipping label generation.
• Royal Mail and other carriers (e.g. DPD, Evri, FedEx, UPS, depending on the destination and service selected) — to deliver your order.
Email marketing
• Klaviyo Inc. (United States) — to send marketing emails and manage subscriber lists.
Advertising and analytics
• Meta Platforms Ireland Limited (operating Facebook and Instagram) — for targeted advertising via the Meta Pixel and Conversions API. Only applies where you have consented to advertising cookies.
• Google Ireland Limited (Google Ads and Google Analytics) — for advertising and website analytics. Only applies where you have consented to the relevant cookies.
Accounting and tax
• Xero (UK) Limited — for accounting and bookkeeping records.
• HM Revenue & Customs and other tax authorities, where required for VAT returns, customs declarations and other legal obligations.
Compliance and product safety
• Easy Access System Europe OÜ (Estonia) — our designated EU Responsible Person under the General Product Safety Regulation, and our Article 27 EU GDPR representative.
Other circumstances
• Professional advisers (e.g. lawyers, accountants, insurers) where reasonably necessary for the running of our business.
• Law enforcement, regulators or other public authorities where we are legally required to do so.
• A buyer or successor in the event of a sale, merger, restructuring or insolvency of our business.
We require all our processors to handle your personal data securely and only in accordance with our instructions and applicable data protection law.
6. International transfers
Many of the third parties listed in section 5 are based outside the United Kingdom and the European Economic Area, particularly in the United States and Canada. This means your personal data may be transferred to and processed in countries that do not have the same level of data protection as the UK.
When we transfer personal data outside the UK or EEA, we rely on one or more of the following safeguards:
• Adequacy decisions: where the destination country (or a specific framework within it, such as the UK Extension to the EU-US Data Privacy Framework) has been recognised by the UK government as providing an adequate level of protection.
• Standard Contractual Clauses (UK Addendum or International Data Transfer Agreement): contractual safeguards approved by the UK Information Commissioner.
• Standard Contractual Clauses approved by the European Commission: where the EU GDPR applies to the transfer.
You can ask us for more information about the specific safeguards we rely on for any particular transfer by contacting us using the details in section 13.
7. How long we keep your personal data
We keep your personal data only for as long as we need it for the purposes set out in this Policy, after which it is securely deleted or anonymised. The main retention periods we apply are:
|
Type of data |
Retention period |
|
Order, transaction and tax records |
6 years from the end of the relevant tax year (HMRC requirement) |
|
Account information |
While your account is active, plus 2 years after last activity |
|
Marketing data |
Until you withdraw consent or unsubscribe, plus a short period to record the opt-out |
|
Customer service correspondence |
3 years from the date of the last contact |
|
Website analytics and cookie data |
Up to 14 months (Google Analytics default) or as set out in section 8 |
|
Records relating to legal claims |
6 years from the end of the relevant matter (Limitation Act 1980) |
8. Cookies and similar technologies
We use cookies and similar technologies on our website. We do not place any non-essential cookies on your device until you have given us your consent through our cookie banner.
What are cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, to make them work more efficiently, and to provide information to website owners.
We also use other similar technologies including:
• Pixels: tiny pieces of code that help us understand how you interact with our website and our marketing emails.
• Local storage: a way for websites to store information in your browser, similar to cookies but with more storage.
• Software development kits (SDKs): code embedded in our website by third parties to provide functionality such as advertising or analytics.
In this section, "cookies" refers to all of these technologies.
Categories of cookies we use
We group cookies into four categories. You can choose which categories to accept (other than strictly necessary cookies, which are required for the website to work) using our cookie banner or the cookie settings link in the footer of our website.
Strictly necessary cookies
Essential for our website to function. They allow you to navigate the site, add items to your cart, log in to your account, and complete a purchase. They do not require your consent.
Functional cookies
Enable enhanced functionality and personalisation, such as remembering your preferences (e.g. currency or language) and recognising you when you return.
Analytics cookies
Help us understand how visitors use our website by collecting information anonymously or in aggregate. Only set if you give your consent.
Marketing and advertising cookies
Used to show you adverts relevant to your interests, both on our website and on other websites you visit (such as Facebook, Instagram and across the Google Display Network), and to measure the effectiveness of our advertising. Only set if you give your consent.
Cookies on our website
The tables below list the main cookies set on our website. Cookie names and durations may change from time to time as our providers update their products.
Strictly necessary
|
Cookie name |
Provider |
Purpose |
Duration |
|
_shopify_y, _y |
Shopify |
Identifies unique visitors and supports core site functionality |
1 year |
|
_shopify_s, _s |
Shopify |
Identifies the visitor session |
30 minutes |
|
cart, cart_sig, cart_ts, cart_ver |
Shopify |
Stores the contents of your shopping cart |
Up to 2 weeks |
|
_secure_session_id |
Shopify |
Manages your secure session |
24 hours |
|
secure_customer_sig |
Shopify |
Used when you log in to your customer account |
20 years |
|
storefront_digest |
Shopify |
Used for password-protected storefronts |
Session |
|
checkout_token |
Shopify |
Identifies your checkout |
1 year |
|
_cmp_a |
Shopify |
Stores your cookie consent preferences |
1 year |
Functional
|
Cookie name |
Provider |
Purpose |
Duration |
|
cart_currency |
Shopify |
Remembers your preferred currency |
2 weeks |
|
localization |
Shopify |
Remembers your country and language preferences |
1 year |
|
keep_alive |
Shopify |
Keeps your session active across regions |
2 weeks |
Analytics
|
Cookie name |
Provider |
Purpose |
Duration |
|
_shopify_sa_t, _shopify_sa_p |
Shopify |
Shopify analytics relating to marketing and referrals |
30 minutes |
|
_landing_page |
Shopify |
Records the page you arrived on |
2 weeks |
|
_orig_referrer |
Shopify |
Records the website you came from |
2 weeks |
|
_ga, _ga_<container-id> |
Google Analytics |
Distinguishes unique users and tracks site usage |
2 years |
|
_gid |
Google Analytics |
Distinguishes users for analytics |
24 hours |
|
__kla_id |
Klaviyo |
Identifies a unique browser for email campaign attribution |
2 years |
Marketing and advertising
|
Cookie name |
Provider |
Purpose |
Duration |
|
_fbp |
Meta (Facebook/Instagram) |
Identifies browsers for advertising and analytics via the Meta Pixel |
3 months |
|
_fbc |
Meta (Facebook/Instagram) |
Stores the click ID from a Facebook ad for attribution |
2 years |
|
_gcl_au |
Google Ads |
Used by Google AdSense to measure ad efficiency |
3 months |
|
_gcl_aw |
Google Ads |
Stores Google Ads click conversion data |
90 days |
|
IDE, test_cookie |
Google (DoubleClick) |
Used for ad targeting and measurement |
Up to 13 months |
In addition to cookies, our marketing partners (Meta and Google) may use pixels and similar technologies. These send data about your interaction with our website to those partners so they can show you relevant advertising and measure ad performance. They are only activated if you have consented to marketing cookies.
Managing your cookie preferences
On our website
When you first visit our website, our cookie banner asks for your consent before any non-essential cookies are set. You can accept all cookies, reject all non-essential cookies, or customise your preferences by category. You can change your cookie preferences at any time by clicking the "Cookie settings" link in the footer of our website.
In your browser
You can also manage cookies through your browser settings. Most browsers let you block or delete cookies, although doing so may stop parts of our website working properly. Instructions for the main browsers are available at:
• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Edge: https://support.microsoft.com/en-gb/microsoft-edge
Opting out of advertising
You can also opt out of personalised advertising directly with our advertising partners:
• Meta: through the ad preferences in your Facebook or Instagram account at https://www.facebook.com/adpreferences
• Google: at https://adssettings.google.com
• Industry-wide opt-out: https://www.youronlinechoices.com (Europe) or https://optout.aboutads.info (US-based ad networks)
Third-party cookies
Many of the cookies on our website are set by third parties (such as Google, Meta and Klaviyo). These third parties act as separate data controllers for the data collected through their cookies, and their use of that data is governed by their own privacy policies:
• Shopify: https://www.shopify.com/legal/privacy
• Klaviyo: https://www.klaviyo.com/legal/privacy
• Meta (Facebook/Instagram): https://www.facebook.com/privacy/policy
• Google: https://policies.google.com/privacy
9. Your rights
Under UK and EU data protection law, you have the following rights in relation to your personal data:
• Right of access: to ask for a copy of the personal data we hold about you.
• Right to rectification: to ask us to correct inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"): to ask us to delete your personal data in certain circumstances.
• Right to restrict processing: to ask us to limit how we use your personal data in certain circumstances.
• Right to data portability: to ask us to provide your personal data in a structured, commonly used and machine-readable format, or to transfer it to another organisation.
• Right to object: to object to our processing of your personal data on the grounds of legitimate interests, or for direct marketing (you can opt out of direct marketing at any time without giving a reason).
• Right to withdraw consent: where we rely on your consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of any processing carried out before you withdrew your consent.
• Rights relating to automated decision-making: we do not currently make any decisions about you based solely on automated processing that produce legal or similarly significant effects. If this changes, we will update this Policy and inform you.
To exercise any of these rights, please contact us using the details in section 13. We will respond to your request within one calendar month, although we may extend this by up to two further months for complex or numerous requests (and will let you know if we do).
We may need to ask you to verify your identity before responding to your request, to make sure your data is not given to the wrong person.
10. Complaints
If you are unhappy with how we have handled your personal data, please contact us first using the details in section 13 so that we can try to resolve the matter.
You also have the right to complain to a data protection regulator:
• In the UK: the Information Commissioner's Office (ICO). Website: https://ico.org.uk. Helpline: 0303 123 1113.
• In the EEA: the data protection authority of the country where you live, work or where the alleged infringement took place. A list of EEA authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.
11. Children's data
Our website and Services are not directed at children, and we do not knowingly collect personal data from anyone under the age of 16.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us using the details in section 13 and we will delete it.
12. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include encryption of payment data in transit, access controls, and regular reviews of our security practices.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. We recommend that you do not send sensitive information to us via unsecure channels and that you keep any account credentials confidential.
13. Contact us
If you have any questions about this Policy, would like to exercise your rights, or have any other data protection concerns, please contact us:
• By email: contact@theblackenedteeth.com
• By post: The Blackened Teeth Ltd, Unit 27-28 Aberaman Industrial Estate, Aberaman, CF44 6DA, United Kingdom
For data protection enquiries from EEA-based individuals, you may also contact our Article 27 representative:
• Easy Access System Europe OÜ, Mustamäe tee 50, 10621 Tallinn, Estonia
• Email: gpsr.requests@easproject.com
14. Third-party websites
Our website may contain links to third-party websites (for example, our social media profiles, partner websites, or articles we reference). This Policy does not apply to those websites. We encourage you to read the privacy policies of any third-party website you visit.
15. Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will post the updated Policy on our website and update the "Last updated" date below. Where the changes are significant, we will also notify you by email or through a prominent notice on our website.
This Privacy and Cookies Policy was last updated on 23 April 2026.
