Privacy policy

 

Last updated: 21 June 2026

This Privacy Policy explains how Anyora Limited, trading as Anyora, collects, uses, shares, stores and protects personal information when you visit anyora.uk, place an order, communicate with us or otherwise use our store and services.

It also explains your data-protection rights and how to make a complaint.

This policy should be read with our Terms and Conditions, Shipping Policy, Payment Policy, Returns, Refunds and Cancellations Policy, and Cookie Policy.

1. Who we are

Anyora Limited is the controller responsible for the personal information described in this policy, except where another organisation acts as a separate controller for its own service.

Anyora Limited, trading as Anyora
Company number: 16938766
Registered in England and Wales

72 Ambergate Road
Bilston
WV14 0SR
United Kingdom

Email: support@anyora.uk
Telephone: +44 1902 382162
Website: https://anyora.uk
Contact form: https://anyora.uk/pages/contact

Customer-support hours are Monday to Friday, 9:00am to 5:00pm UK time.

In this policy, “Anyora”, “we”, “us” and “our” mean Anyora Limited.

2. When this policy applies

This policy applies when you:

  • visit or use our website;

  • create or use a customer account;

  • place or attempt to place an order;

  • make a payment or receive a refund;

  • contact customer support;

  • request a cancellation, return or refund;

  • make a complaint;

  • subscribe to marketing;

  • receive an abandoned-checkout message where permitted;

  • participate in payment or fraud-verification checks; or

  • otherwise interact with Anyora.

Third-party organisations providing services directly to you may process information under their own privacy notices.

3. Personal information we collect

The information we collect depends on how you interact with us.

Identity and contact information

This may include:

  • your name;

  • email address;

  • telephone number;

  • billing address;

  • delivery address;

  • customer, account or order reference; and

  • communication and marketing preferences.

Order and transaction information

This may include:

  • products, quantities and variants ordered;

  • order date and value;

  • discounts and promotional codes;

  • delivery method and delivery charge;

  • payment status and transaction reference;

  • refunds, cancellations and returns;

  • delivery and tracking information;

  • chargebacks and payment disputes; and

  • customer-service records connected with the order.

Payment-related information

Payments may be processed by Shopify Payments, PayPal or another payment provider displayed during checkout.

The payment provider normally collects complete payment credentials directly.

Anyora normally receives only limited transaction information, such as:

  • payment status;

  • transaction reference;

  • payment-method type;

  • billing information;

  • limited or masked card details;

  • refund and dispute information; and

  • fraud, risk or authentication indicators.

Anyora staff do not normally have access to complete card numbers or card security codes.

Do not send us complete card numbers, card security codes, banking passwords or digital-wallet credentials.

Customer-account information

Where you choose to create an account, we may process:

  • account contact information;

  • login and authentication information;

  • saved addresses;

  • account preferences;

  • order history; and

  • activity within the account.

Creating an account is optional and is not required to place an order.

Communications and support information

This may include:

  • emails;

  • contact-form submissions;

  • telephone enquiries;

  • complaints;

  • cancellation, return and refund communications;

  • photographs or videos supplied as evidence of damage, defects or incorrect delivery;

  • privacy-rights requests; and

  • data-protection complaints.

Customer-support calls are not currently recorded.

We do not currently provide support through live chat, WhatsApp, Facebook Messenger or another messaging service.

Marketing information

This may include:

  • whether and when you subscribed;

  • the wording and method used to collect consent;

  • your marketing preferences;

  • marketing messages sent;

  • unsubscribe or objection requests;

  • abandoned-checkout information; and

  • limited technical information associated with communications, such as device information or approximate location, where collected lawfully.

We do not currently send SMS marketing.

Technical and usage information

Depending on your choices and our website configuration, this may include:

  • IP address;

  • browser and device information;

  • operating system;

  • approximate location derived from an IP address;

  • referring website;

  • pages viewed;

  • dates and times of visits;

  • website and checkout interactions;

  • cookie and consent choices;

  • account and session information;

  • security logs; and

  • fraud or authentication information.

4. Sensitive information

We do not normally need special-category information, such as information about:

  • health;

  • ethnicity;

  • religion;

  • political opinions;

  • trade-union membership;

  • genetic or biometric identifiers;

  • sex life; or

  • sexual orientation.

We also do not normally need information relating to criminal allegations or convictions.

Please do not provide this information unless it is genuinely necessary and we have requested it.

If unnecessary or excessive sensitive information is supplied, we may delete, redact or restrict it.

Where we need to process special-category or criminal-offence information, we will identify an appropriate lawful basis and any additional legal condition required.

5. Information about other people

You may provide another person’s information, for example where you ask us to deliver an order to them.

Only provide information that is accurate, necessary and that you are authorised to provide.

Where appropriate, you should make the other person aware that their information has been provided to Anyora and direct them to this policy.

6. How we obtain personal information

We may obtain information:

  • directly from you;

  • automatically from your use of our website, subject to applicable consent choices;

  • from Shopify and Shopify services;

  • from Shopify Payments, PayPal and other payment providers;

  • from Shop Pay where you use that service;

  • from Royal Mail, Evri or another delivery provider used for your order;

  • from fraud-prevention and authentication services;

  • from banks and payment networks in connection with a dispute;

  • from Google and Microsoft services used for analytics or advertising;

  • from professional advisers;

  • from public authorities; and

  • from other lawful sources where necessary.

Where we obtain information from another source, we will provide any privacy information required by law unless an applicable exception applies.

7. Why we use personal information and our lawful bases

Processing and fulfilling orders

We use identity, contact, order, payment-status and delivery information to take steps requested before entering into a contract and to perform our contract with you.

This includes:

  • receiving and reviewing orders;

  • confirming availability;

  • processing payment;

  • dispatching and delivering goods; and

  • providing order-related support.

Payments and refunds

We use transaction, billing and payment-status information to:

  • perform the purchase contract;

  • process or verify payments;

  • issue refunds; and

  • comply with accounting, tax and financial obligations.

Customer accounts

We use account information to provide the optional account service you requested and for our legitimate interests in administering customer relationships and making repeat purchases easier.

You can purchase without creating an account.

Customer service, cancellations and returns

We use order, contact, communication and supporting evidence to:

  • perform our contract;

  • comply with consumer-law obligations;

  • investigate problems; and

  • pursue our legitimate interests in resolving enquiries and disputes fairly.

Legal, tax and accounting records

We retain relevant order, payment, refund and business records where necessary to comply with tax, accounting, product-safety, regulatory and other legal obligations.

Fraud prevention and security

We use transaction, account, device and security information for our legitimate interests in:

  • preventing fraud;

  • protecting customer accounts;

  • securing the store;

  • protecting Anyora;

  • protecting payment systems; and

  • preventing unauthorised transactions or misuse.

Where a particular check is legally required, we rely on the relevant legal obligation.

Website operation and improvement

We use necessary technical, performance and security information for our legitimate interests in operating, maintaining, protecting and improving the website.

Where consent is required for a cookie, pixel or similar technology, we obtain consent for that storage or access.

Service communications

We use contact, order, payment, account and delivery information to send necessary communications, including:

  • order acknowledgements;

  • payment and refund updates;

  • dispatch and delivery information;

  • account-security notices;

  • responses to enquiries;

  • return instructions;

  • complaint updates; and

  • product-safety notices.

These are service communications rather than direct marketing.

Marketing

We send promotional emails only where you have provided valid consent.

The marketing option is optional and is not preselected for United Kingdom customers.

You may place an order without agreeing to marketing.

Where consent is required under electronic-marketing law, consent is also our data-protection lawful basis for using your information for that marketing.

Abandoned-checkout emails

We send an abandoned-checkout email only where you have subscribed to email marketing and the communication is legally permitted.

An abandoned-checkout email will identify Anyora and provide a simple way to unsubscribe.

We do not treat an abandoned checkout as a completed order.

Analytics and advertising

Subject to your cookie choices, we may use:

  • Google Analytics;

  • Google Ads;

  • Google Tag Manager;

  • Microsoft Advertising or Bing Ads; and

  • Shopify analytics, measurement and network services.

These services may process information about:

  • your device;

  • browser;

  • IP address;

  • website activity;

  • advertising interactions;

  • purchases; and

  • consent choices.

Where consent is required for analytics, advertising, attribution, profiling or similar technologies, we use those technologies only after the required consent has been obtained.

8. Information required to place an order

We need certain information to process an order, including:

  • your name;

  • delivery address;

  • email address;

  • order details; and

  • information required by the selected payment provider.

If you do not provide required information, we may be unable to accept, fulfil, deliver or support the order.

You do not have to:

  • create a customer account; or

  • consent to marketing

to place an order.

9. Shopify

Our online store is hosted through Shopify.

For core ecommerce services, Shopify may process customer information on our behalf to provide services including:

  • website hosting;

  • shopping-basket functionality;

  • checkout;

  • customer accounts;

  • order administration;

  • communications;

  • fraud detection;

  • platform performance;

  • store security; and

  • store administration.

Shopify may also act as a separate controller for certain consumer-facing or enhanced services it provides directly, including Shop, Shop Pay and certain Shopify Enhanced Services.

Shopify explains its own processing in its Consumer Privacy Policy and privacy controls.

10. Shopify Network Intelligence and Enhanced Services

Shopify Network Intelligence is enabled for our store.

When these services are enabled, Shopify may process information from your interactions with:

  • Anyora;

  • Shopify;

  • Shop;

  • Shop Pay;

  • other participating Shopify merchants; and

  • Shopify-supported advertising or measurement services.

Depending on the service, Shopify may use the information for:

  • security and fraud prevention;

  • improved checkout services;

  • personalisation;

  • measurement;

  • product recommendations;

  • advertising-related services; and

  • improving Shopify and merchant services.

For some of this processing, Shopify may act as a separate controller and determine its own purposes and lawful bases.

We obtain consent before non-essential storage or access technologies are used where consent is legally required.

You may manage relevant choices through our cookie-preferences control and the privacy options made available by Shopify.

11. Shop and Shop Pay

The Shop sales channel and Shop Pay are enabled.

If you choose to use Shop or Shop Pay, Shopify may process information including:

  • your email address;

  • telephone number;

  • billing and delivery addresses;

  • payment information;

  • order information;

  • account information; and

  • authentication or security information.

Shopify provides these services under its own consumer privacy terms.

Using Shop Pay is optional. You may select another available payment option.

12. Payment providers

Shopify Payments, PayPal and other payment providers displayed during checkout may process information to:

  • authorise and complete payments;

  • authenticate customers;

  • verify payment methods;

  • prevent fraud;

  • issue refunds;

  • manage disputes and chargebacks;

  • meet financial and regulatory requirements; and

  • protect payment-system security.

A payment provider may act as a separate controller under its own privacy notice.

Apple Pay and Google Pay may also process transaction and wallet information under their own privacy notices where you select those services.

13. Delivery providers

We use Royal Mail and Evri and may use another suitable provider disclosed during the ordering or delivery process.

We share information needed to deliver, track and investigate orders, including:

  • the recipient’s name;

  • delivery address;

  • telephone number where reasonably necessary;

  • email address where reasonably necessary;

  • delivery instructions;

  • parcel information; and

  • tracking information.

Delivery providers may use email addresses or telephone numbers to send delivery notifications.

They may act as separate controllers for parts of their delivery and legal-compliance activities.

14. Marketing communications

We may send promotional emails about Anyora products, promotions and store news where you have provided valid consent.

Our marketing checkbox is optional and is not preselected for United Kingdom customers.

You may stop marketing at any time by:

  • selecting the unsubscribe option in a marketing email;

  • changing an available preference setting; or

  • contacting support@anyora.uk.

Every marketing email will provide a simple unsubscribe method.

Your withdrawal or objection does not prevent us from sending necessary order, payment, delivery, security, return or safety communications.

We may retain limited suppression information so that your opt-out continues to be respected.

15. Email measurement

We do not currently use marketing-email opening or link-click tracking.

Our email and messaging provider may nevertheless process limited technical information necessary to send, secure and operate the service, such as:

  • device information;

  • IP-derived approximate location;

  • delivery status; and

  • security information.

We will update this policy and obtain any legally required consent before introducing additional email-tracking technologies.

16. Cookies and similar technologies

We use cookies, pixels, local storage and similar technologies to operate and protect the website and, subject to your choices, to measure and improve it.

Our Shopify cookie banner is displayed to United Kingdom visitors and provides options to:

  • accept;

  • decline; or

  • manage preferences.

We request consent before using a storage or access technology where consent is required.

Consent may not be required where a statutory exception applies, including where the technology is:

  • used solely to transmit a communication;

  • strictly necessary to provide a service you requested; or

  • covered by another applicable legal exception.

We require consent for advertising, cross-service tracking, behavioural profiling, advertising attribution and other non-exempt technologies.

You may change or withdraw your choices through the cookie-preferences control.

Our separate Cookie Policy provides further information about the technologies used, their providers, purposes and durations.

17. Who we share information with

We may disclose personal information where reasonably necessary to:

  • Shopify and its relevant subprocessors;

  • Shopify Payments;

  • PayPal;

  • Shop and Shop Pay;

  • Apple Pay and Google Pay where selected;

  • banks and card networks;

  • Royal Mail, Evri and other delivery or returns providers;

  • Shopify’s messaging and communication services;

  • Google;

  • Microsoft;

  • security, authentication and fraud-prevention providers;

  • website and technical-support providers;

  • accountants, insurers, solicitors and other professional advisers;

  • courts, regulators, tax authorities and law-enforcement bodies;

  • prospective purchasers and advisers in connection with a genuine business sale or restructuring; and

  • another recipient where you direct or authorise us to disclose the information.

A processor acting only on our behalf may use information only for the contracted services, in accordance with our instructions and applicable law.

Anyora does not sell personal information to third parties in exchange for money.

18. International transfers

Shopify, PayPal, Google, Microsoft and other organisations supporting the store operate internationally.

Personal information may therefore be processed outside the United Kingdom.

Where Anyora makes a restricted international transfer, we use a legally recognised transfer arrangement where required.

Depending on the circumstances, this may include:

  • transfer to a country or organisation covered by UK adequacy regulations;

  • the UK International Data Transfer Agreement;

  • the UK Addendum to approved standard contractual clauses;

  • binding corporate rules; or

  • another lawful transfer mechanism.

Where required, we also assess whether the transfer provides an appropriate level of protection.

Contact support@anyora.uk for further information about safeguards relevant to information controlled by Anyora and how to obtain a copy.

19. How long we retain information

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected.

Information may be retained longer where required by:

  • law;

  • an HMRC enquiry;

  • fraud investigation;

  • regulatory action;

  • an ongoing complaint;

  • a contractual dispute;

  • legal proceedings; or

  • a court order.

When information is no longer required, we delete it, anonymise it or securely restrict its use.

Our usual retention periods are as follows.

Orders, payments, refunds and accounting records

These records are normally retained for six years from the end of the company financial year to which they relate.

They may be retained longer where required for tax, accounting, fraud investigation, litigation or another legal reason.

Customer accounts

An inactive customer-account profile is normally deleted or anonymised two years after the customer’s last account activity.

Information connected with an order may continue to be retained under the order and accounting retention period.

Routine customer enquiries

Routine enquiries that are not connected with an order, complaint or legal matter are normally retained for 12 months after the enquiry is closed.

Order-related support, returns and disputes

Records required to manage an order, return, chargeback, contractual complaint or potential legal claim may be retained for up to six years after the relevant transaction.

Abandoned checkouts

Abandoned-checkout information is normally retained for up to three months.

If the checkout becomes a completed order, the resulting order information is retained under the order-record period.

Marketing information

Active marketing-subscription information is retained while you remain subscribed.

Evidence of marketing consent and related compliance information may be retained while marketing continues and for three years after consent is withdrawn or the final relevant marketing communication.

Marketing suppression information

Minimum suppression information may be retained for as long as reasonably necessary to ensure that an unsubscribe or objection continues to be honoured.

This will normally be limited to the relevant contact identifier, opt-out status and date.

Fraud and security information

Routine fraud and security records are normally retained for up to 24 months.

Records connected with confirmed fraud, chargebacks, account misuse, police enquiries, disputes or legal proceedings may be retained for up to six years after the matter closes or longer while proceedings remain active.

Cookie and consent records

Cookie-consent and preference records are normally retained for up to two years or the shorter period configured in the relevant system.

Consent may be requested again earlier where our technologies or purposes materially change.

Privacy-rights requests

Records of privacy-rights requests are normally retained for three years after the request is closed.

We avoid retaining unnecessary copies of identity evidence.

Data-protection complaints

Ordinary data-protection complaint records are normally retained for three years after closure.

Records connected with an ICO investigation, serious security incident, threatened litigation or legal proceedings may be retained for up to six years after closure or longer while the matter remains active.

20. Information security

We use reasonable technical and organisational measures designed to protect personal information.

These may include:

  • encrypted website connections;

  • secure hosted checkout;

  • access controls;

  • authentication;

  • restricted administrative access;

  • established payment providers;

  • security and fraud monitoring;

  • data minimisation;

  • staff confidentiality requirements; and

  • incident-management procedures.

No internet transmission or storage system can be guaranteed to be completely secure.

Keep your passwords, devices and account-access methods secure and contact us promptly if you suspect unauthorised account access.

21. Automated processing

Payment, authentication and fraud-prevention providers may use automated systems to assess transactions and produce security or risk indicators.

Automated indicators may assist Anyora’s staff, but Anyora does not currently refuse or cancel an order solely through automated processing where the decision would produce a legal or similarly significant effect.

A person will meaningfully review such an Anyora decision.

A payment provider may separately make an automated payment or fraud decision under its own privacy notice.

If Anyora introduces significant solely automated decision-making, we will provide the information and safeguards required by law, including where applicable:

  • information about the decision;

  • an opportunity to make representations;

  • human intervention; and

  • an opportunity to contest the decision.

22. Your data-protection rights

Depending on the processing and lawful basis, you may have the right to:

  • request access to your personal information;

  • request correction of inaccurate or incomplete information;

  • request deletion;

  • request restriction of processing;

  • object to processing based on legitimate interests;

  • object to direct marketing at any time;

  • request portability of certain information;

  • withdraw consent where processing is based on consent;

  • make representations about certain significant automated decisions;

  • request human intervention where applicable; and

  • complain to the Information Commissioner’s Office.

These rights are not absolute.

An exception may apply where information must be retained or processed for legal obligations, fraud prevention, contractual claims or another lawful purpose.

23. Your right to object to marketing

You have an absolute right to object to the use of your personal information for direct marketing, including related direct-marketing profiling.

When you object, we will stop using your information for that purpose.

You may use an unsubscribe option or contact support@anyora.uk.

Where we rely on legitimate interests for another purpose, you may object on grounds relating to your situation.

We will stop the relevant processing unless we demonstrate compelling legitimate grounds or the information is needed to establish, exercise or defend legal claims.

24. Exercising your rights

You may make a privacy request verbally or in writing.

For efficient handling, you may:

  • email support@anyora.uk;

  • write to our registered address; or

  • telephone +44 1902 382162.

You may use the subject “Privacy Request”, but this is not required.

Please provide enough information for us to understand the request and identify the relevant records.

We may request reasonable proof of identity where necessary.

We normally respond without undue delay and within one calendar month.

Where reasonable identity evidence is required, the response period begins when we receive it.

The law may permit an extension of up to two additional months where a request is complex or numerous.

We will notify you within the initial response period if an extension applies.

For a subject access request, we may pause the response period where clarification is reasonably necessary to identify the information requested.

We will seek clarification promptly and explain the effect on the deadline.

Requests are normally handled free of charge.

The law may permit a reasonable fee or refusal where a request is manifestly unfounded or excessive.

25. Data-protection complaints

You may complain to Anyora if you believe we have handled personal information incorrectly or failed to respect a data-protection right.

You may submit a complaint:

  • by email to support@anyora.uk;

  • through our contact form;

  • by telephone on +44 1902 382162; or

  • by post to our registered address.

You may use the subject “Data Protection Complaint”, but this is not required.

We will:

  • facilitate the making of your complaint;

  • acknowledge it within 30 days of receipt;

  • take appropriate steps to investigate without undue delay;

  • keep you appropriately informed;

  • consider the relevant evidence; and

  • communicate the outcome without undue delay.

You also have the right to complain to the Information Commissioner’s Office, the United Kingdom’s data-protection supervisory authority.

26. Children’s information

Customers must be at least 18 years old to place an order or independently create a customer account.

We do not knowingly invite people under 18 to subscribe independently to marketing.

Our products are not currently age restricted, and a parent or legal guardian may place an order for products intended for or used by a child.

We recognise that children or teenagers may browse the publicly available website.

We do not knowingly use children’s information for behavioural advertising or marketing.

Contact support@anyora.uk if you believe that a child has supplied personal information inappropriately.

27. Third-party links

Our website may link to websites or services controlled by other organisations.

Those organisations are responsible for their own privacy practices.

Review their privacy information before providing personal information.

This policy does not govern an independent third-party service merely because it is linked from Anyora.

28. Changes to this policy

We may update this policy when our services, providers, technologies, legal obligations or processing practices change.

The revised policy will be published with an updated “Last updated” date.

Where a material change affects how we use information already collected, we will provide further notice or obtain consent where required before beginning the new use.

29. Contact us

For privacy questions, rights requests or data-protection complaints, contact:

Anyora Limited, trading as Anyora
Company number: 16938766
Registered in England and Wales

72 Ambergate Road
Bilston
WV14 0SR
United Kingdom

Email: support@anyora.uk
Telephone: +44 1902 382162
Contact form: https://anyora.uk/pages/contact

Customer-support hours are Monday to Friday, 9:00am to 5:00pm UK time.