Privacy Policy

We respect privacy, full stop. We only use your information to run your order properly, protect the community from fraud, and improve the experience. This policy explains what we collect, why we collect it, how we use it, and the choices you have.

This policy is designed to meet transparency requirements under UK data protection law, including the UK GDPR and the Data Protection Act 2018. 

Who we are

We are Source Nest Online Limited trading as Source Nest. We are the data controller for personal data collected through our website and customer support channels. Our store is hosted on Shopify, which acts as a processor for customer personal data in many cases, subject to Shopify’s data processing terms. 

What information we collect

We collect information in a few buckets.

Information you give us

• Name, billing address, delivery address, email address, phone number

• Order details, including what you bought and when

• Messages you send to us, including customer support queries, complaints, and return requests

• Where relevant for investigations, declarations you complete such as a non receipt declaration for a delivery dispute

Information collected automatically when you use our site

• Device and browser information, IP address, and usage data

• Cookies and similar technologies, depending on your choices and settings 

Information from third parties involved in fulfilling your order

• Delivery updates and proof of delivery from carriers

• Payment status and fraud signals from payment providers and checkout partners

CCTV and security data

• We operate CCTV in our premises, including packing and dispatch areas, for security, quality control, dispute resolution, and fraud prevention.

How we use your information

We use your information for these purposes.

To process and deliver your orders

• Take payment, confirm orders, pick and pack, dispatch, deliver, and handle customer service

To handle returns, refunds, faults, and disputes

• Assess eligibility, inspect returns, process refunds, and manage complaints

• Investigate delivery issues and resolve genuine loss or damage claims

To prevent fraud and protect the community

• Detect and prevent scams, chargeback abuse, return fraud, and non delivery fraud

• Use dispatch records, tracking, delivery evidence, and CCTV to verify packing and dispatch events

• Where appropriate, support investigations with carriers, payment providers, and relevant authorities

To improve the Services

• Analytics, debugging, performance, and customer experience improvements

Marketing and brand updates

• If you opt in, we may send email or SMS marketing. You can unsubscribe at any time. Electronic marketing and cookies must meet PECR and UK GDPR standards. 

Our lawful bases for processing

We rely on lawful bases recognised under UK GDPR, depending on what we are doing. 

Contract

• To take payment, fulfil your order, deliver, and provide support

Legal obligation

• To keep records for tax and compliance purposes. As a UK limited company, we generally keep company and accounting records for at least 6 years from the end of the relevant financial year, and longer where required. 

Legitimate interests

• To keep our services secure, prevent fraud, protect customers, improve the site, and enforce our terms, provided your rights do not override those interests

Consent

• For non essential cookies and certain marketing, where required under PECR and UK GDPR 

Cookies and similar technologies

We use cookies and similar tools to make the site work, keep it secure, and understand what is working. Some cookies are essential, for example basket and security features. Non essential cookies, such as analytics and marketing cookies, are only used where you consent. You can change your cookie preferences at any time through our cookie settings. 

Who we share your information with

We do not sell your personal information. We share it only when it is necessary to run the store, deliver your order, or protect the business and customers.

Service providers

• Shopify and associated ecommerce infrastructure providers 

• Payment providers and fraud screening partners

• Delivery carriers and fulfilment partners

• Customer support and communications tools

Fraud prevention, dispute handling, and enforcement

• If we reasonably suspect fraud or attempted fraud, we may share relevant information with payment providers, carriers, ecommerce platforms, and fraud prevention partners, and we may report matters to law enforcement

• If a matter involves theft or suspected criminal conduct, we may request a crime reference number and we may cooperate with police enquiries

• Any sharing is done on a lawful basis and in a way that is proportionate to the issue being investigated

Delivery disputes and non receipt declarations

If tracking shows a parcel is marked delivered but you say you have not received it, we will investigate. We may ask you to complete a non receipt declaration and provide supporting information so we can open or progress a carrier investigation. This is used for verification and fraud prevention. It is not intended to remove or limit your statutory rights.

International transfers

Some of our service providers may process data outside the UK. Where this happens, we use appropriate safeguards such as recognised transfer mechanisms and contractual protections, consistent with the approach used by major ecommerce processors. Shopify’s data processing terms address international processing and safeguards. 

How long we keep your information

We keep personal data only as long as needed for the purposes above.

Typical retention examples

• Order, payment, and accounting records are usually kept for at least 6 years in line with company record keeping requirements 

• Customer support messages are retained for as long as needed to manage your request and protect against disputes

• CCTV is retained for a limited period and accessed only where needed for security, dispute resolution, or fraud prevention, unless it must be kept longer for an ongoing investigation

Your rights

You have rights over your personal data, including the right to be informed, access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision making. You can also withdraw consent at any time where we rely on consent. 

If you want to exercise your rights, contact us and we will respond in line with applicable time limits.

Marketing choices

If you receive marketing from us, you can unsubscribe at any time using the link in the message or by contacting us. If you opt out, we may still contact you about your order or account because that is service messaging, not marketing.

Security

We use technical and organisational measures to protect personal data. No system is perfectly secure, but we take security seriously and restrict access to data on a need to know basis.

Children

Our Services are not intended for children, and you must be 18 or over to place an order. We do not knowingly collect personal data from children for marketing purposes.

How to complain

If you are unhappy with how we handle your data, contact us first and we will try to resolve it. You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection. 

Changes to this policy

We may update this policy to reflect changes in our practices, our services, or the law. The latest version will always be posted on our website.

Contact us

Source Nest Online Limited trading as Source Nest

Email: info@sourcenest.co.uk

Telephone: +44 7438 814289

Registered office: 85 Great Portland Street, First Floor, London, W1W 7LT, United Kingdom

Company registration number: 16601924

VAT number: GB 509603495