Privacy policy

WearFlags — Privacy Policy

Last updated: March 2026

WearFlags (201cwe201d, 201cus201d, or 201cour201d) is a fashion retail brand registered in the United Kingdom. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit or make a purchase from our website, operated through Shopify. We are committed to processing your data in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. WearFlags acts as the data controller in relation to the personal information you provide to us.

1. Information We Collect

We collect personal information that you provide directly to us when you place an order, create an account, subscribe to our newsletter, or contact our customer support team. This includes your full name, email address, delivery address, billing address, phone number, and payment details (processed securely by our payment provider, Stripe — we do not store full card details on our servers). We also collect information automatically when you browse our website, including your IP address, browser type and version, device identifiers, pages viewed, time spent on each page, referral source, and other diagnostic data. This technical information is collected using cookies and similar tracking technologies, as described in Section 4 below. If you contact us directly, we may retain records of that correspondence, including any attachments or content you provide.

2. How We Use Your Information

We use your personal information for the following purposes: to process and fulfil your orders, arrange delivery, and send you order confirmations and shipping updates; to manage your account and provide customer support; to communicate with you about your purchases and respond to your enquiries; to send you marketing communications (only where you have given your consent or we have a legitimate interest to do so, and you may opt out at any time); to personalise your shopping experience and improve our website; to comply with our legal obligations, including financial and tax record-keeping; and to detect and prevent fraud and security incidents. Our legal bases for processing under the UK GDPR are: performance of a contract (order fulfilment), compliance with legal obligations, our legitimate interests (fraud prevention, improving our services), and your consent (marketing communications and non-essential cookies).

3. Cookies & Tracking Technologies

We use cookies and similar technologies to ensure our website functions correctly and to analyse how visitors use our site. Essential cookies are required for the operation of our website, including session management, shopping cart functionality, and security. These cookies cannot be disabled as they are strictly necessary for the site to work. We do not use non-essential cookies without your prior consent. Our website also loads analytics scripts that help us understand visitor behaviour in aggregate, and advertising pixels from Meta (Facebook/Instagram) and Google Ads, which we use to measure the effectiveness of our marketing campaigns and to show you relevant advertisements. You can manage your cookie preferences through our cookie consent tool. For more information about the cookies we use, please see our Cookie Policy. You may also manage browser cookies directly through your device settings, though disabling essential cookies may affect your ability to use our website.

4. Third-Party Services & Order Fulfilment

To operate our business efficiently and deliver your orders as quickly as possible, we work with a number of trusted third-party service providers. Our e-commerce platform is provided by Shopify Inc., which hosts our storefront and processes order data on our behalf. Payment processing is handled securely by Stripe, Inc., which is PCI DSS-compliant. To show you relevant advertising, we share limited data with Meta Platforms, Inc. (Facebook and Instagram Ads) and Google LLC (Google Ads), in accordance with your cookie consent preferences and our advertising purposes. These platforms may set their own cookies and use data in accordance with their respective privacy policies. For shipping and order delivery, we partner with established logistics carriers. To enable efficient fulfilment and fast delivery, our logistics network operates across multiple international distribution hubs, including facilities in the United States, the United Kingdom, continental Europe, and China, routing each order from the centre with the best availability closest to you. All products handled across our network are subject to the same rigorous quality and packaging standards regardless of origin. All third-party service providers are contractually required to process your data only as instructed by us, and we ensure that appropriate data processing agreements are in place in accordance with UK GDPR requirements. We never sell, rent, or exchange your personal information to any third party for their own commercial purposes.

5. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Order and transaction records are retained for a period of seven years to comply with UK tax and financial regulations. If you create an account with us, your account data is kept for as long as your account remains active. Marketing communication data is retained until you withdraw your consent or unsubscribe. When your information is no longer required, it is securely deleted or anonymised.

6. Your Rights Under UK GDPR

As a data subject under the UK GDPR, you have the following rights in relation to your personal information: the right to access the personal data we hold about you; the right to rectification of inaccurate or incomplete data; the right to erasure ('right to be forgotten') in certain circumstances; the right to restriction of processing; the right to data portability; the right to object to processing based on legitimate interests or for direct marketing; and the right not to be subject to solely automated decision-making that produces legal or similarly significant effects. To exercise any of these rights, please contact us at support@wearflagsoficial.com. We will acknowledge your request within 48 hours and fulfil it within one month (30 days) as required by UK GDPR, unless an extension is justified. There is no charge for exercising these rights in ordinary circumstances.

7. International Data Transfers

As we operate with global service providers, some of your personal data may be transferred to and processed in countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements. These safeguards include the use of the UK's International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), adequacy decisions where applicable, and binding corporate rules where relevant. By submitting your information to us, you acknowledge that your data may be transferred to third-party processors operating internationally, always under legally compliant frameworks.

8. Data Security

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect it. Our website uses SSL/TLS encryption for all data transmission. Our e-commerce platform (Shopify) operates with enterprise-grade security infrastructure, including regular penetration testing and PCI DSS compliance for payment data. Access to personal data within our organisation is limited on a need-to-know basis, and all staff handling personal data are trained on data protection obligations. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay, in accordance with UK GDPR obligations.

9. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal information from individuals under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at support@wearflagsofficial.com and we will take steps to delete such information. This age threshold reflects the minimum age of consent for data processing under UK GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you by email (if you have an account with us) or by posting a prominent notice on our website. We encourage you to review this page periodically. The 'Last updated' date at the top of this policy indicates when it was most recently revised. Continued use of our website following any changes constitutes your acknowledgment of the updated policy.

11. Contact Us & Regulatory Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact our team at: support@wearflagsofficial.com. We aim to respond to all data-related enquiries within 48 hours. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters. You can contact the ICO at www.ico.org.uk or by telephone on 0303 123 1113.