Kirsty Lloyd ~ May Annella Privacy Policy

Effective Date: 14th August 2025

Welcome to May Annella! This Privacy Policy explains how I, Kirsty Lloyd, trading as May Annella, collect, use and protect your information when you visit my website, May Annella (the “Site”), and when you create an account or make a purchase from me.

I am committed to protecting your privacy and handling your data responsibly and transparently.

My Contact Details

  • Name: Kirsty Lloyd, trading as May Annella
  • Email: Kirsty@mayannella.com
  • Website: May Annella
  • Mailing Address: 113 Cherry St #92768, Seattle, WA 98104-2205, USA. While I am based in Scotland, this mailing address is provided by my email service to meet global privacy regulations for email marketing.

The Personal Information I Collect

I collect and process various types of personal information, which you provide directly to me or which is automatically collected from your use of the site.

  • Identity & Contact Data: Your name, email, billing, and shipping addresses.
  • Transaction & Financial Data: Details about products you’ve purchased and payment confirmations. Your payment information is securely processed by my trusted third-party payment processors, Stripe and PayPal. To ensure the highest level of security, they are certified as PCI Level 1 Service Providers. I never store your full payment card details on my website’s servers. Limited bank account details may be collected temporarily for processing a refund.
  • Account Data: If you create an account, this includes your username, password, order history, and preferences.
  • Usage & Technical Data: Information about how you use my website, your IP address, browser type, and location. This data is collected automatically by my website hosting and analytics service and is used to monitor site performance, improve security, and understand visitor behavior.
  • Marketing Data: Your preferences for receiving marketing communications.
  • Visual Data: With your explicit consent, I may use photographs of your finished products featuring my artwork. You also have the option to upload a personal profile image avatar to your account. You have the right to withdraw this consent at any time.

Why I Collect and Use Your Data ~ The Legal Basis

I collect and use your personal information for specific reasons and only when I have a lawful basis to do so under UK GDPR.

  • To Fulfill Your Order (Contract): I must process your data to fulfill a contract with you, for example, to process your payment and deliver your products.
  • Contact and Inquiry Data: When you fill out a contact or inquiry form, I collect your name, email, and any other information you provide. The purpose is to respond to your inquiry.
  • ​​Order and Customer Data: I collect information during the checkout process, including your name, billing and or delivery address, email and order details. The purpose is to process and ship your order, manage your customer account and provide customer support.
  • Marketing Data: If you have an email newsletter opt-in, I collect your email address with your consent to send marketing communications. I use a third party service for this and you can withdraw your consent at any time.
  • Security and Website Data: For website security, I process technical data to ensure the security and stable operation of my website. This includes protecting against malicious activity, spam and fraud. This is where I use services like Cloudflare Turnstile.
  • Analytics and Usage Data: I collect non personally identifiable information about how visitors use the site. This is done in a privacy friendly way, without personal identifiers, to understand how people interact with the site and improve it.
  • For My Legitimate Interests: I process your data to run my business effectively and securely. This includes using anonymised data to improve my website, protect against fraud, and manage my business operations. This never overrides your fundamental rights.
  • With Your Consent: I will always ask for your clear consent before sending you marketing emails or using photographs of your products for promotional purposes. I also require your explicit consent if you choose to save your payment details for future use. You have the right to withdraw this consent at any time by clicking the unsubscribe link in an email or by contacting me directly.
  • To Comply with the Law: I may need to process your data to comply with legal obligations, such as for tax and accounting purposes.

How and Why I Share Your Information

I will never sell your personal data. I share it only with trusted third-party partners to provide my services and fulfill my obligations to you. These partners are required to use your data only for the specific purposes for which it was provided.

Fulfilment & Shipping: Your address and contact details are shared with my fulfilment and shipping partners to deliver your order. These partners include Prinfab, The Print Space, and Shippy Pro.

Payment Processing: I use third party payment processors Stripe and Pay Pal to handle transactions. Your payment information is securely transferred to them for processing. If you consent to it, they also store your payment details to facilitate future purchases.

Email Marketing: For sending newsletters and marketing communications, I use a third party email service. Your name and email address are shared with this provider, Kit.

Website Hosting & Data Storage: My website, including the customer data you provide, is hosted on servers provided by Hostinger. Hostinger is my data processor, meaning they process your data on my behalf by providing the storage and infrastructure for my website and its database. They also collect your IP address in server logs to ensure the security and stability of the site.

I also use a privacy friendly analytics tool that collects anonymised data about how visitors use the site. This tool does not use cookies and does not collect any personal information, such as IP addresses. The data is stored locally on my server and is used to understand how people interact with my site and to improve it.

Website Security: To protect my website from spam and abuse on my contact forms and sign ups, I use Cloudflare Turnstile. This service analyses technical signals from your device to distinguish human users from automated bots. Cloudflare Turnstile is a privacy preserving tool that does not use cookies or collect personal data for tracking or advertising purposes.

International Data Transfers

Some of my service providers are based outside the UK, for example, in the United States. When your data is transferred internationally, I ensure it is protected by appropriate legal safeguards, such as the UK-U.S. Data Bridge or standard contractual clauses approved by the UK government. These measures are designed to provide the same level of data protection as in the UK.

How I Store and Retain Your Data

I keep your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting or reporting requirements.

  • Order & Tax Data: I keep transaction data for up to 6 years plus the current year to comply with UK tax laws.
  • Account Data: I keep your account information for as long as your account is active. If you close your account, I will securely delete your data unless a legal obligation requires me to keep it.

Cookies and Tracking

My website uses cookies and similar technologies. For detailed information on the types of cookies I use, their purpose, and how to manage your preferences, please see my separate Cookie Policy.

Your Data Protection Rights

Under the UK GDPR, you have important rights regarding your personal information. You can exercise these rights free of charge.

  • Your right of access: You have the right to ask for copies of your personal information.
  • Your right to rectification: You have the right to ask me to correct information you think is inaccurate or incomplete.
  • Your right to erasure: You have the right to ask me to erase your personal information in certain circumstances.
  • Your right to restrict processing: You have the right to ask me to restrict the processing of your information in certain circumstances.
  • Your right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability: You have the right to ask that I transfer the information you gave me to another organisation or to you.
  • Your right to withdraw consent: If I am relying on your consent to process your personal data, you have the right to withdraw that consent at any time.

I will respond to all requests within one month. To exercise any of these rights, please contact me at Kirsty@mayannella.com.

How to Complain

f you have any concerns about my use of your personal information, please contact me first at Kirsty@mayannella.com so I can try to resolve it for you.  You also have the right to lodge a complaint with the ICO, the UK’s data protection regulator.

The ICO’s address: Information Commissioner’s Office Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: https://www.ico.org.uk

Updates to This Policy

I may update this Privacy Policy periodically. Any changes will be posted on this page with an updated effective date. I encourage you to review this policy regularly to stay informed about how I protect your information

Still Have Questions?

Don’t hesitate to reach out! I’m here to help you bring your vision to life.

Get in Touch