top of page
PRIVACY POLICY

Last Updated: 25/02/26

 

At Blueprints By Avana, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal information we collect about you, how we use it, who we share it with, and what rights you have in relation to it.

 

This policy applies to all personal data we collect when you visit our website, create an account, place an order, contact us, or interact with us in any other way. Please read it carefully. By using our website, you acknowledge that you have read and understood this Privacy Policy.

 

We are the data controller responsible for your personal data. Our full details are set out in Section 1 below.

 

1. Who We Are

Blueprints By Avana is a UK-based online retailer of Christian-inspired apparel, art prints, home goods, stationery, and related products. We are registered in England and Wales and operate as the data controller for all personal data collected through our website and services.

 

Registered Business Name: Avana Zeph Ltd

Registered Address: 20-22 Wenlock Road London N1 7GU, United Kingdom

Email: info@blueprintsbyavana.com

Website: www.blueprintsbyavana.com

 

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at the email address above.

 

2. The Legal Framework

We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws require us to have a valid lawful basis for processing your personal data. The lawful bases we rely on are:

 

  • Performance of a contract: processing is necessary to fulfil an order you have placed with us or to take steps you have requested before placing an order;

  • Legal obligation: processing is necessary for us to comply with a legal requirement, such as tax or accounting obligations;

  • Legitimate interests: processing is necessary for our legitimate business interests (for example, fraud prevention, security, and improving our services), provided those interests are not overridden by your rights and interests;

  • Consent: you have given us clear and freely given consent to process your data for a specific purpose, such as receiving marketing emails. You may withdraw your consent at any time.

 

3. Personal Data We Collect

3.1 Information You Give Us Directly

We collect personal data that you provide to us when you:

  • Register for an account on our website (name, email address, password);

  • Place an order (name, billing address, delivery address, email address, phone number, and payment details);

  • Contact our customer service team via email, contact form, or social media;

  • Sign up to receive our newsletter or marketing communications;

  • Enter a competition, giveaway, or complete a survey;

  • Leave a product review or submit user-generated content;

  • Return goods or make a complaint.

 

3.2 Information We Collect Automatically

When you visit our website, we automatically collect certain technical and usage information, including:

  • Your IP address and approximate geographic location;

  • Browser type and version, and operating system;

  • Pages you visit on our site, how long you spend on each page, and the links you click;

  • Referring website (i.e., how you arrived at our site);

  • Device type (desktop, mobile, tablet) and screen resolution;

  • Cookie identifiers and session data (see Section 8 for our Cookie Policy).

 

This information is collected using cookies, web beacons, and similar tracking technologies. It helps us understand how our website is used, improve your experience, and identify and prevent fraud.

 

3.3 Information from Third Parties

We may receive personal data about you from third parties in limited circumstances, including:

  • Payment processors (e.g., Stripe, PayPal) who confirm payment status and provide fraud signals;

  • Delivery and fulfilment partners who update us on the status of your shipment;

  • Social media platforms, where you have chosen to interact with us through those channels;

  • Analytics providers who help us understand website usage patterns.

 

We do not purchase personal data from data brokers or other third-party sources for marketing purposes.

 

3.4 Special Category Data

We do not intentionally collect any special category data about you (which includes information about racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or sexual orientation). As a Christian-themed retail business, we do not use your personal data to infer or record your religious beliefs. Please do not share sensitive personal information with us unless strictly necessary for your order or enquiry.

 

4. How We Use Your Personal Data

The table below sets out in detail the categories of personal data we collect, the purposes for which we use it, our lawful basis for doing so, and how long we retain it.

 

Type of Data / Purpose / Activity / Lawful Basis / Retention

Name, email, address, phone number / Processing and fulfilling your order; sending order and dispatch confirmations

Performance of a contract / 7 years (tax/legal)

Payment data (card type, last 4 digits — not full card details) / Processing payment and preventing fraud / Performance of a contract; Legal obligation / 7 years

Name, email, delivery address / Managing returns, refunds, and complaints / Performance of a contract; Legal obligation / 

7 years

Email address, name, preferences / Sending marketing emails and newsletters (where you have opted in) / Consent / 

Until you withdraw consent

IP address, browser type, pages visited, device data / Website analytics; improving user experience; fraud prevention / 

Legitimate interests / Up to 26 months

Account login details (hashed password, username) / Managing your customer account / Performance of a contract / 

Duration of account + 2 years after closure

Name, email, message content / Responding to enquiries, complaints, and customer service requests / Legitimate interests; Legal obligation / 3 years

Name, email address / Running competitions, giveaways, or surveys / Consent / 6 months after conclusion

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

 

5. Marketing Communications

5.1 How We Use Your Data for Marketing

We will only send you marketing emails, newsletters, or promotional communications if you have given us your explicit consent to do so. You may opt in to receive marketing communications when you create an account, place an order, or sign up via our website.

 

Our marketing communications may include information about new products, faith-based content, promotions, seasonal offers, and company news. We will never sell your contact details to third parties for their marketing purposes.

 

5.2 Withdrawing Consent

You can opt out of marketing communications at any time by:

  • Clicking the 'unsubscribe' link at the bottom of any marketing email;

  • Logging into your account and updating your communication preferences;

  • Contacting us directly at info@blueprintsbyavana.com.

 

Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdrew consent. Please note that even after opting out of marketing, we may still need to send you service-related communications (such as order confirmations and dispatch notifications).

 

5.3 Retargeting and Advertising

We may use third-party advertising platforms (such as Meta Ads or Google Ads) to show you advertisements based on your visits to our website. This is done using cookies and tracking pixels. You can opt out of this type of advertising by adjusting your cookie preferences on our website or through the relevant platform's settings (see Section 8).

 

6. Who We Share Your Data With

We do not sell your personal data. We may share your data with carefully selected third parties only where necessary to operate our business and fulfil your orders. These third parties include:

 

Fulfilment and delivery partners: We share your name and delivery address with the postal and courier services we use (e.g., Royal Mail, DPD, DHL) to deliver your order. International orders may be passed to local delivery networks in your country.

 

Payment processors: We use third-party payment providers (e.g., Stripe, PayPal) to process transactions securely. These providers receive your payment card details and related data. We do not store your full card details on our systems. Our payment providers are PCI DSS compliant.

 

Print-on-demand partners (if applicable): Where products are produced on demand, your name and delivery address may be shared with our print fulfilment partner so they can produce and ship your order directly.

 

Website and technology providers: We use third-party platforms to host our website and operate our store.  These providers may process your data on our behalf as data processors under a data processing agreement.

 

Email service providers: We use a third-party email marketing platform to send you transactional and marketing emails. These providers process your email address and name on our behalf.

 

Analytics providers: We use services such as Google Analytics to understand how visitors use our website. These providers may collect data using cookies and tracking technologies. We have configured these services to anonymise IP addresses where possible.

 

Legal and regulatory authorities: We may disclose your personal data to courts, law enforcement agencies, or regulatory authorities where required to do so by law, or to protect the rights, property, or safety of our business, customers, or others.

 

All third parties with whom we share data are required to keep your information confidential and secure, and to use it only for the purposes specified. Where they act as data processors on our behalf, they are bound by a data processing agreement.

 

7. International Transfers of Personal Data

Some of our third-party service providers are based outside the United Kingdom. This means that when we share data with them, your personal data may be transferred to and stored in countries outside the UK, including countries that may not have the same data protection standards.

 

Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place, which may include:

  • Transfers to countries recognised by the UK Information Commissioner's Office (ICO) as providing an adequate level of data protection;

  • The use of UK International Data Transfer Agreements (IDTAs) or equivalent contractual clauses approved by the ICO;

  • Reliance on the supplier's binding corporate rules (BCRs) where applicable.

 

Please note: when you place an order for delivery to a country outside the UK, it is necessary to share your name and delivery address with the relevant delivery network operating in that country. This transfer is necessary for the performance of your contract with us.

 

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website operators. Our website uses cookies and similar technologies to improve your experience, remember your preferences, and analyse how our site is used.

 

8.2 Types of Cookies We Use

Strictly necessary cookies: These are essential for our website to function and cannot be switched off. They include cookies that remember items in your basket and enable you to complete a purchase. These do not require your consent.

 

Performance and analytics cookies: These cookies collect information about how visitors use our site, such as which pages are visited most often. We use this data to improve our website. These may include Google Analytics cookies.

 

Functional cookies: These allow our website to remember choices you have made (such as your preferred currency or language) and provide enhanced features.

 

Targeting and advertising cookies: These are used to deliver relevant advertising to you on third-party platforms. They remember that you have visited our website and may share this information with advertising networks such as Meta and Google.

 

8.3 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your preferences at any time through the cookie settings tool on our website.

 

You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, please note that blocking all cookies may affect the functionality of our website, including your ability to add items to your basket or complete a purchase.

 

For more information about managing cookies, visit www.allaboutcookies.org or your browser's help documentation.

 

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

As a general guide:

  • Order and transaction records: retained for 7 years from the date of the transaction, to comply with HMRC tax requirements;

  • Customer account data: retained for the duration of your account, plus 2 years following account closure or last activity;

  • Marketing data: retained until you withdraw your consent or opt out;

  • Customer service correspondence: retained for 3 years from the date of the last communication;

  • Website analytics data: typically retained for up to 26 months, depending on the provider;

  • Fraud prevention records: may be retained for up to 6 years where required by law or to defend legal claims.

 

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

10. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Use of SSL/TLS encryption for all data transmitted through our website;

  • Secure, password-protected systems with restricted access to personal data on a need-to-know basis;

  • Regular review of our information security policies and practices;

  • Use of reputable third-party payment processors who are PCI DSS compliant;

  • Staff awareness of data protection obligations.

 

While we do everything we reasonably can to protect your data, no transmission of data over the internet is completely secure. You are responsible for keeping any account login details confidential. Please notify us immediately if you believe your account has been compromised.

 

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly without undue delay.

 

11. Your Data Protection Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. We will respond to any request within one calendar month of receipt, free of charge.

 

Right of Access (Subject Access Request): You have the right to request a copy of the personal data we hold about you, along with information about how we use it.

 

Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.

 

Right to Erasure ('Right to be Forgotten'): You have the right to request that we delete your personal data where there is no good reason for us to continue processing it, where you have withdrawn consent, or where we have processed it unlawfully. This right is not absolute and does not apply where we are required to retain data to comply with a legal obligation.

 

Right to Restriction of Processing: You have the right to ask us to suspend processing of your personal data in certain circumstances, for example while we are verifying its accuracy.

 

Right to Data Portability: Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

 

Right to Object: You have the right to object to our processing of your personal data where we rely on legitimate interests as the lawful basis. You also have an absolute right to object to processing for direct marketing purposes at any time.

 

Rights in relation to automated decision-making: You have the right not to be subject to decisions based solely on automated processing (including profiling) where the decision produces legal or similarly significant effects. We do not currently carry out such automated decision-making.

 

To exercise any of these rights, please contact us at [Your Contact Email] with your full name, email address, and a description of your request. We may need to verify your identity before processing your request.

 

You will not normally be required to pay a fee to exercise your rights. However, if your request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee or refuse to comply with the request.

 

12. Right to Lodge a Complaint

If you are unhappy with how we have handled your personal data or believe we have acted in breach of data protection law, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

 

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: www.ico.org.uk

 

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at info@blueprintsbyavana.com and we will do our best to resolve any issues promptly.

 

13. Children's Privacy

Our website is not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13. If you are under 13, please do not use our website or submit any personal data to us.

 

We recommend that parents and guardians supervise their children's online activities. If we become aware that we have collected personal data from a child under the age of 13 without verifiable parental consent, we will take steps to delete that information as quickly as possible.

 

For customers aged 13 to 17, we recommend that a parent or guardian reviews this Privacy Policy on their behalf.

 

14. Third-Party Websites and Links

Our website may contain links to third-party websites, including social media platforms, partner organisations, and payment providers. This Privacy Policy applies only to our website. We have no control over third-party websites and are not responsible for their privacy practices or content.

 

We encourage you to read the privacy policy of any third-party website you visit. Linking to a third-party site does not indicate our endorsement of that site or its privacy practices.

 

15. Social Media

We operate official accounts on social media platforms including Instagram, Facebook, Pinterest, TikTok. When you interact with us on social media - for example by commenting, messaging, liking, or sharing our content - those platforms will process your data in accordance with their own privacy policies. We encourage you to review the privacy settings and policies of any social media platform you use.

 

We may use social media platforms for targeted advertising to users who have visited our website or who match a profile of our typical customers. This is managed through the platform's advertising tools and is subject to your preferences on those platforms. You can opt out of this through our cookie settings or through the platform's ad preference settings.

 

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the services we offer. When we make significant changes, we will notify you by posting the revised policy on our website with an updated 'Last Updated' date. We may also notify you by email where appropriate.

 

We encourage you to review this Privacy Policy periodically. Your continued use of our website after any changes have been posted constitutes your acknowledgement of the updated policy.

 

17. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

 

Blueprints By Avana

Avana Zeph Ltd

20-22 Wenlock Road London N1 7GU, United Kingdom

info@blueprintsbyavana.com

www.blueprintsbyavana.com

 

We will acknowledge your request promptly and respond within one calendar month.

bottom of page