Privacy policy

Privacy Policy

Last updated: 25 May 2026

Lockhone ("we", "us", "our") is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.

We are the data controller responsible for your personal data when you shop at lockhone.com. For all data-protection matters, contact herofactory64@gmail.com.

1. What we collect

  • Contact details: name, billing address, shipping address, phone number, email.
  • Order information: items purchased, transaction value, payment confirmation (we do NOT store full card numbers β€” these go directly to Shopify Payments, Apple Pay, Google Pay, Shop Pay, PayPal, or Klarna).
  • Account information: if you create an account β€” username, password (hashed), preferences, order history.
  • Communications: messages you send us (email, contact form, social DMs).
  • Device + usage information: IP address, browser type, pages viewed, time spent β€” collected via cookies and similar technologies.

2. How we collect it

  • Directly from you at checkout or via our contact form.
  • Automatically when you browse β€” via Shopify analytics, Meta Pixel, TikTok Pixel, Google Analytics 4, and Klaviyo cookies.
  • From our suppliers, payment processors, and fulfilment partners when they confirm dispatch or delivery.

3. Legal bases for processing

  • Contract performance: processing your order, communicating shipping updates, handling returns.
  • Legitimate interests: improving the store, preventing fraud, responding to enquiries, basic analytics.
  • Consent: marketing emails, marketing SMS, non-essential cookies (you can withdraw at any time).
  • Legal obligation: complying with HMRC tax records, fraud-prevention duties, and law-enforcement requests.

4. Who we share it with

We share your personal data only with the following categories of recipient, each bound by their own privacy obligations:

  • Shopify (Canada) β€” store hosting, checkout, payment processing. See Shopify's Privacy Policy.
  • Payment providers β€” Shopify Payments, Apple Pay, Google Pay, Shop Pay, PayPal, Klarna.
  • Fulfilment suppliers β€” CJ Dropshipping (Hong Kong/China) and other product-specific suppliers who ship your order directly. They receive name, shipping address, and order details only.
  • Couriers β€” Royal Mail, Evri, DPD, DHL, or local-country equivalents.
  • Klaviyo (USA) β€” email + SMS marketing, only if you opt in.
  • Meta, TikTok, Google β€” advertising platforms, via pixels. You can opt out via cookie preferences.
  • Authorities β€” when required by law, court order, or to investigate fraud.

5. International transfers

Some recipients above are outside the UK/EEA. Where personal data is transferred internationally, we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other recognised safeguards as required under UK GDPR Article 46.

6. How long we keep it

  • Order records: 6 years (HMRC requirement).
  • Account data: until you delete your account, then 30 days of soft-delete buffer.
  • Marketing data: until you unsubscribe + 12 months suppression.
  • Support emails: 3 years.
  • Analytics: aggregated after 14 months; individual records anonymised.

7. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (the "right to be forgotten"), subject to our legal retention duties.
  • Restrict processing.
  • Object to processing for direct marketing β€” we will stop immediately.
  • Data portability β€” receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Complain to the Information Commissioner's Office (ICO) β€” ico.org.uk β€” tel 0303 123 1113.

To exercise any of these rights, email herofactory64@gmail.com. We respond within one calendar month.

8. Cookies

We use:

  • Strictly necessary cookies (cart, checkout, session) β€” no consent required.
  • Analytics cookies (Shopify, Google Analytics 4) β€” consent required, opt-out via cookie banner.
  • Marketing cookies (Meta Pixel, TikTok Pixel, Klaviyo) β€” consent required, opt-out via cookie banner.

You can manage cookie preferences at any time via your browser settings or our cookie banner.

9. Children

Our site is not intended for under-16s. We do not knowingly collect data from children. If you believe we hold data about a child, contact us immediately.

10. Security

All data in transit is encrypted via TLS. Payment data is handled by PCI-DSS-compliant providers (we never store full card numbers). No system is 100% secure β€” we recommend strong, unique passwords on any account you create.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email (where you have an account) or via a banner on the site for 30 days.

12. Contact

Lockhone
Email: herofactory64@gmail.com
Website: lockhone.com
For data-protection matters, mark your email "Data Protection Request".