Privacy Policy

Harbor is an online greeting card retailer based in the United Kingdom, operating at harborcards.com.

We are the data controller for the personal information you provide to us.

We collect the following personal data:

• Email address — when you sign up for festival reminders or place an order

• Name and delivery address — when you place an order

• Payment information — processed securely by Stripe; we never store card details

• Order history — to fulfil your orders and handle any queries

• IP address and browser data — collected automatically for security and analytics

We use your data for the following purposes:

• To process and fulfil your orders (legal basis: contract)

• To send festival reminders and occasional news, where you have given explicit consent (legal basis: consent)

• To respond to customer service enquiries (legal basis: legitimate interest)

• To comply with legal obligations such as tax and fraud prevention (legal basis: legal obligation)

We will never sell your data to third parties or use it for any purpose beyond what is stated here.

If you have signed up to receive festival reminders, your email address is stored with MailerLite, our email marketing provider. You gave explicit consent at the point of sign-up by ticking the consent checkbox.

You can unsubscribe at any time by clicking the unsubscribe link in any email we send, or by emailing us at hello@harborcards.com. We will remove you from our list within 5 working days.

We share your data only where necessary to operate our service:

• Stripe — payment processing (stripe.com/gb/privacy)

• Our print and fulfilment partner — to produce and deliver your order

• MailerLite — email marketing, festival reminders (mailerlite.com/privacy)

All third parties are required to handle your data securely and in compliance with applicable data protection law.

• Order data — retained for 7 years to comply with HMRC requirements

• Email subscribers — retained until you unsubscribe

• Customer service emails — retained for 2 years

When data is no longer needed, it is securely deleted.

Under UK GDPR you have the right to:

• Access the personal data we hold about you

• Correct any inaccurate data

• Request deletion of your data ("right to be forgotten")

• Restrict or object to how we use your data

• Withdraw consent at any time (where processing is based on consent)

• Receive your data in a portable format

• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, contact us at hello@harborcards.com. We will respond within 30 days.

Our website uses only essential cookies necessary for the site to function (such as your shopping cart). We do not use advertising or tracking cookies. No cookie consent banner is required for essential cookies only.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. Our site is served over HTTPS. Payment data is handled entirely by Stripe and never passes through our servers.

We may update this policy from time to time. Any significant changes will be noted at the top of this page with a revised date. Continued use of our site after changes constitutes acceptance of the updated policy.