Naturally Delicious Yak Chews ðŸĶī
Angs

Compliance

GDPR Compliance

This page is maintained by Angs Collection LTD and describes the practical steps we take to comply with the UK GDPR and the Data Protection Act 2018. It is informational and is not a certification.

1. Controller & contact

Angs Collection LTD (Company No. 17062256) is the data controller. For any data-protection enquiry, contact info@angs.store.

We are not currently required to appoint a statutory Data Protection Officer, but the founder is the named point of contact for all data matters.

2. Principles we follow

We process personal data in line with the UK GDPR principles:

  • lawfulness, fairness and transparency;
  • purpose limitation — only for the reasons stated in our GDPR Policy;
  • data minimisation — we only collect what we need;
  • accuracy — kept up to date;
  • storage limitation — held only as long as needed;
  • integrity and confidentiality — protected by appropriate security;
  • accountability — we document our decisions.

3. Records of processing (Article 30)

We maintain an internal Record of Processing Activities covering:

  • categories of data subject (customers, newsletter subscribers, enquirers);
  • categories of personal data and purposes;
  • lawful basis for each activity;
  • retention periods;
  • recipients and any international transfers.

4. Technical & organisational measures

  • HTTPS (TLS) across the entire site and checkout.
  • Passwords stored using salted one-way hashing — never in plain text.
  • Role-based access to the admin dashboard, restricted to authorised staff.
  • Two-factor authentication enabled on admin and payment-provider accounts.
  • Regular software updates and dependency patching.
  • Backups taken by our platform providers and access-logged.
  • Staff briefed on data-handling, phishing awareness and incident reporting.

5. Processors & sub-processors

We use the following key processors. Each is bound by a data-processing agreement:

ProcessorPurposeLocation
Shopify Inc.Storefront, checkout, order dataCanada / EU
Shopify Payments / StripePayment processingUK / EU / US (SCCs)
Royal Mail / DPD / EvriOrder fulfilment & deliveryUK
Email service providerTransactional & marketing emailEU / US (SCCs)
Analytics providerAggregate site analyticsEU / US (SCCs)

6. Handling data subject requests

Requests to access, correct, delete or port personal data should be sent to info@angs.store. We verify identity, log each request, and respond within 30 days (extendable by 60 days for complex requests, with notice).

7. Personal-data breach procedure

  • Internal report to the founder within 24 hours of detection.
  • Risk assessment (severity, categories of data, number of subjects).
  • Notification to the ICO within 72 hours if the breach is likely to result in a risk to individuals.
  • Notification to affected individuals without undue delay if the risk is high.
  • Post-incident review and remediation.

8. International transfers

Where personal data leaves the UK/EEA we rely on UK International Data Transfer Agreements, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions, as appropriate.

9. Children's data

Our products are intended for adult purchasers. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Reviewing & updating

We review our compliance posture at least annually and after any significant change to our processing. For the details of what we collect and your rights, see our GDPR Policy.