Privacy Policy

Privacy Policy

Since the passing of the Data Protection Act in 1998, UK companies have been legally required to treat any personal data they hold on individuals (whether in physical or electronic form) in accordance with the provisions of the act. These requirements have been enhanced and extended by the EU General Data Protection Regulations (GDPR), which became law in the UK on May 25th 2018.

At The Boho Shop we take the privacy of our customers very seriously; we’re committed to ensuring that the information we collect and use is appropriate and does not constitute an invasion of your privacy. The following statement sets out how and why we collect, store and process data which could personally identify an individual, as well as your rights in respect of any such data.



The Boho Shop

Registered Address:


SY23 3AE


Tina Phillips is registered as a ‘Data Controller’ with the Information Commissioner’s Office in accordance with the provisions of the General Data Protection Regulations (GDPR) and the Data Protection Act. Our registration number is ZA144458. Further details relating to this registration are available from


We collect the name, address, telephone and email addresses of our customers. We endeavour to keep all such information as accurate and up-to-date as we can.


We collect information so that we can manage our customers’ accounts and carry out our contractual obligations to them when they order our products, and so that we can keep them informed of new products and offers which we believe are likely to be of interest to them. We also use such information to send marketing communications to those who have expressed interest in our products, provided that they have consented to receive such communications.

You can update your communication preferences and/or unsubscribe from marketing communications at any time, either by contacting us at: or by clicking the ‘Unsubscribe’ link at the bottom of marketing emails.


The legal basis for collecting and processing your personal data is one or more of the following:

Consent – you have voluntarily given us the information and given us your permission to use it for marketing purposes and/or to answer an enquiry– OR
Contractual – we need to collect and process data including personal information in order to perform our contractual obligations when you order products from us – OR
‘Legitimate Interest’ – if you have opened an account with us, we may communicate with you from time to time to inform you of offers, promotions etc. which we think may be of interest to you – subject to your right to opt out of such communications at any time.


Information is collected when you create an account with us and give us information or when you request other information and give us your details in order to fulfil the request. You may give us this information by filling in a form (either paper or on our website), or by communicating with us via phone, post, email or other electronic means.


We will never under any circumstances sell or rent your personal data to any third party, and we will only pass on such data when necessary for the operation of our business or to fulfil our legal obligations.

We may, for example, share data with

*         The Boho Shop employees and sales agents, for the purposes set out above

*         Courier companies engaged by us to deliver goods you have ordered from us

*         Companies providing email marketing services which we use to communicate with you

*         Our legal representatives, in the (hopefully very unlikely!) event of any legal action between us

*         Any statutory body or other third party to whom we are obliged to disclose such data in order to comply with our legal and regulatory obligations


We won’t retain your data longer than is reasonably necessary or legally required.

If you have contacted us with a question about our products, we will retain your data only for as long as needed to fulfill your request.

Data which is no longer required is disposed of securely. You can at any time request that we erase all personal data we hold on you; our ability to comply fully with such a request will depend on our regulatory and legal obligations.


The GDPR stipulates that companies should not transfer personal data outside the EU unless it is to:

a) a country which the EU regards as ‘Adequate’ in its Privacy and Data Protection regulations; or
b) an organisation whose Privacy and Data Protection policies and practices are accredited by a certification scheme approved by the EU; or
c) an organisation which has signed a binding contractual commitment to process personal data in compliance with the requirements of the GDPR.

This web site is hosted by SiteGround, a European company. We use Mailchimp, an American company, to send marketing emails, and personal data uploaded by us to their site, is stored on their servers in the U.S. Mailchimp are members of the EU-US Privacy Shield Framework, and as such are authorised to receive and process data from EU countries. For more details about the Privacy Shield Framework, go here.


Cookies are small text files which are saved by web sites on the hard drive of computers or other devices visiting those sites. They may be either ‘session’ cookies, which are deleted when the user closes their browser, or ‘persistent’ cookies which remain until their pre-set expiry date (unless deleted by the user before that date). Nearly all web sites use a combination of these cookies to enhance the experience of users – for example, on the trade section of our web site cookies are used to remember that you’ve logged in, and what you’ve added to your shopping basket.

We also use cookies to analyse visitor traffic on our web site (e.g. to see which pages are looked at most often), to enable us to improve user experience and the service we offer. Another cookie records the fact that you have accepted our site’s use of cookies, so you don’t get asked to do so again every time you visit the site – this cookie lasts for 30 days on your computer, unless you delete it before that. As part of this process IP addresses are collected (these allow, for example, analysis of which countries visitors are accessing the site from); these are not linked to any personally identifiable data, and no such data is collected or stored by the cookies used on our site. We are not able to identify any individual from traffic data or site statistics.

Some sites use third-part cookies, for example when their site hosts content or adverts from other companies. We don’t host any adverts, but our site contains links to our Facebook & Instagram, web pages. Clicking one of those links may result in one or more cookies being placed on your computer when you land on those pages; these will be subject to the cookie policies of those companies, which you can read on their web sites. Our site uses Google Analytics cookies to analyse traffic to and within the site to help us improve it. You can if you wish opt out of being tracked by Google Analytics (across all websites, not just ours) – visit this page for more details.

You can configure your web browser not to accept any cookies (although doing so may affect your ability to use this and other sites as you wish to); you can also delete any or all stored cookies from within your browser at any time.

More information about cookies, including how to block them or delete them, can be found at at


The security of your personal information is of the utmost importance to us. Data held by us is protected by a combination of electronic access controls and firewall technology. Where we have a need to share your data with third parties as described above, we verify that they will process the data only for the purposes for which it is shared, and will treat it in conformity with the requirements of the GDPR.


You have the following rights in respect of your personal data held by us:

*         To be informed about how we obtain and use your information

*         To request a copy of all the personal information we hold about you, and (except in exceptional circumstances) to receive this within 30 days of making the request.

*         To have any outdated or incorrect data concerning yourself rectified promptly on bringing this to our attention.

*         To request that we erase any personal data we hold about you (please note that this is subject to our legal and regulatory obligations – records of our financial transactions, for example, which may contain personally identifiable data, must be held for seven years from the end of the tax year in which the transaction took place)

*         To unsubscribe from marketing communications at any time, either by contacting or by clicking the ‘Unsubscribe’ link at the bottom of marketing emails.

*         Where the processing of your data is based on consent, the right at any time to withdraw that consent.

Credit card details are entered on a secured third-party site via PayPal or Stripe. The Boho Shop does not have access to, or store, any customer credit card or payment details. All refunds are processed via the payment gateways

PayPal Privacy Policy:


If you are unhappy with how we have handled your personal data, please contact us using our contact details and we will endeavour to resolve the matter to your satisfaction. If we’re unable to do so, you have the right to complain to the Information Commissioner’s Office (ICO) about any business at any time if you believe there is a problem with the way your data is being handled. See the ICO website for further details.

Keep Up To Date

Join our mailing list to receive exclusive member discounts, new product news and special offers

I will never give away, trade or sell your email address. You can unsubscribe at any time.