Privacy Policy

Pet Parlour – petparlour.ie

Last updated: [11/06/26]

1. Who we are

Pet Parlour is an independent pet food and accessories retailer based in Terenure, Dublin. We operate the website petparlour.ie and our shop at Rear 88 Terenure Road North, Terenure, Dublin 6W, D6W VY73. For the purposes of the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018, the data controller is:

Pet Parlour, Rear 88 Terenure Road North, Terenure, Dublin 6W, D6W VY73

If you have any questions about this policy or how we handle your personal data, contact us at info@petparlour.ie or write to us at the address above.

2. The personal data we collect

We collect personal data in the following circumstances:

• When you place an order — your name, billing and delivery address, email address, phone number, order details and payment information (processed securely by our payment providers – we never see or store full card numbers).
• When you create an account — your login details, order history, saved addresses and payment tokens held by our payment providers.
• When you take out a subscription — recurring order details, billing schedule and payment method references.
• When you book a nutrition chat with Stephen — your name, email address and appointment details, processed through Google Calendar.
• When you sign up to our newsletter — your email address and any preferences you indicate.
• When you shop in store — purchase details may be linked to your customer record through our Lightspeed point-of-sale system, so that in-store and online purchase histories are kept together.
• When you browse the website — technical data such as your IP address, browser type and pages visited, collected through cookies and similar technologies (see our Cookie Policy), and security logs maintained to protect the site.

3. Why we use your data and our legal grounds

Under the GDPR we must have a lawful basis for each use of your personal data. These are:

• Performance of a contract — processing and delivering your orders, managing your account and subscriptions, handling returns and refunds, and providing the nutrition chat service you have booked.
• Legal obligation — retaining transaction, invoice and tax records as required by Irish Revenue, and complying with consumer protection law.
• Consent — sending you marketing emails when you have opted in, and placing analytics and advertising cookies. You can withdraw consent at any time – unsubscribe links appear in every marketing email, and cookie preferences can be changed via the cookie settings link on our website.
• Legitimate interests — keeping our website secure, preventing fraud, responding to enquiries, and maintaining a single customer purchase history across our shop and website so we can serve you better.

4. Who we share your data with

We never sell your personal data. We share it only with service providers who help us run the business, each acting under a data processing agreement, and with authorities where the law requires it. Our principal service providers are:

Service provider	Purpose	Location	Transfer safeguard
Nexcess (Liquid Web LLC)	Website hosting	United States	EU–US Data Privacy Framework / SCCs
Stripe	Card, Apple Pay and Google Pay payment processing	United States / Ireland	EU–US Data Privacy Framework
PayPal	Payment processing	Luxembourg (EEA)	Within EEA
Revolut Bank UAB	Payment processing	Lithuania (EEA)	Within EEA
Google (Google Ireland Ltd)	Business email (Google Workspace), website analytics (Google Analytics 4), advertising (Google Ads), nutrition chat booking (Google Calendar)	Ireland / United States	EU–US Data Privacy Framework
MailerLite	Email newsletters and marketing	Lithuania (EEA)	Within EEA
Xero	Accounting and invoicing	New Zealand	EU adequacy decision
Lightspeed Commerce	Point-of-sale system linking in-store and online purchases	Canada	EU adequacy decision
Defiant Inc. (Wordfence)	Website security and threat monitoring	United States	EU–US Data Privacy Framework / SCCs
[Backup storage provider – confirm UpdraftPlus destination]	Encrypted website backups	[Confirm]	[Confirm]

5. International transfers

Some of our service providers are located outside the European Economic Area. Where that is the case, transfers are protected by an EU adequacy decision (New Zealand, Canada), the EU–US Data Privacy Framework, or Standard Contractual Clauses approved by the European Commission, as set out in the table above.

6. How long we keep your data

We keep personal data only as long as necessary for the purpose it was collected, or as long as the law requires:

Data category	Retention period	Reason
Orders, invoices, payment and refund records	6 years from the end of the tax year	Legal obligation – Irish Revenue record-keeping requirements (Taxes Consolidation Act 1997, s.886; VAT Consolidation Act 2010) and EU consumer guarantee rights
Customer account data	While your account remains active; deleted on request where no legal obligation applies	Contract performance
Subscription records	Duration of the subscription plus 6 years for associated financial records	Contract and legal obligation
Nutrition chat booking details	6 months after the appointment	Legitimate interest in managing bookings
Marketing list data (MailerLite)	Until you unsubscribe; inactive contacts reviewed every 6 months	Consent
General enquiries and correspondence	6 months after the matter is resolved	Legitimate interest
Website analytics (Google Analytics 4)	2 months (user-level data)	Consent
Security and access logs (Wordfence)	6 months	Legitimate interest in site security
Abandoned cart data	6 months	Legitimate interest / consent for reminder emails

Where data is no longer needed it is securely deleted or anonymised.

7. Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased where there is no legal reason for us to keep it;
• restrict or object to certain processing, including direct marketing;
• receive your data in a portable format;
• withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at info@petparlour.ie. We will respond within one month. If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Data Protection Commission (dataprotection.ie), Ireland’s supervisory authority.

8. Customers in Northern Ireland and the UK

We deliver to Northern Ireland. If you are in the United Kingdom, your personal data is protected by the UK GDPR and the Data Protection Act 2018 (UK), and you have equivalent rights to those described above. UK customers may also complain to the Information Commissioner’s Office (ico.org.uk).

9. Cookies

Our website uses cookies and similar technologies. Details of every cookie we use, its purpose and its duration are set out in our Cookie Policy, and you can change your preferences at any time using the cookie settings link in the website footer.

10. Security

Our website is served over an encrypted (HTTPS) connection, payment details are handled exclusively by PCI-DSS compliant payment providers, and we maintain firewall, malware-scanning and access controls on our systems. While no system can be guaranteed absolutely secure, we take the protection of your data seriously and review our measures regularly.

11. Children

Our website and services are not directed at children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time to reflect changes in our services or the law. The latest version will always be published on this page with the date of the most recent revision shown at the top.