top of page


Welcome to Get It All Boutique! This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our website, its functions and content associated with. This privacy policy applies to and regardless of the domains, systems and devices used (e.g., desktop or mobile).


What is Personal Data?

Personal data is all data that can be related to you personally, e.g., name, e-mail addresses, user behaviour. The personal data of users processed within the scope of our website includes inventory data (e.g., names, e-mail addresses and addresses), usage data (e.g., the websites visited on our website, interest in our products) and content data (e.g., information in the contact and booking form).


Who is responsible for data processing and whom can I contact?


The responsible party is:


Get It All Boutique

Plymouth, United Kingdom




Contact, Facebook, Instagram


What sources and data do we use?

We process personal data that we receive from you in the course of our business relationship.


Relevant personal data are contact data (name, e-mail, telephone number and other contact data), as well as other data you share with us on a voluntary basis. In addition, this may also include contractual data, advertising and sales data, documentation data, data about your use of our services offered as well as content data.


What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”) and the UK`s Data Protection Act (“DPA”):


  • For the fulfilment of contractual obligations, Art. 6 para. 1 b GDPR

    • Personal data is processed for the purpose of providing the service we provide,

    • The purposes of the data processing are primarily based on the service we provide, namely, to deliver your order.


  • Within the framework of our legitimate interests, Art. 6 para. 1 f GDPR

Where necessary, we process your data beyond the actual performance of the contract in order to safeguard legitimate interests of us or third parties. Examples:

  • Ensuring IT security and IT operations,

  • Measures for business management and further development of services and products,

  • Defence against third-party claims and enforcement of own claims.


  • Based on your consent, Art. 6 para. 1 a GDPR

    • Insofar as you have given us your consent to process personal data for certain purposes, passing on data to third parties, sending newsletters, advertising etc., this processing is lawful on the basis of your consent.

    • Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.


Who receives my data?

Within Get It All Boutique, those that need your data to fulfil our contractual and legal obligations will receive access to it.


Processors used by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of service providers, IT services, telecommunications, and sales and marketing. Where we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.


Data is only passed on to third parties within the framework of legal requirements. We only pass on users' data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business or you have consented to the transfer of data.


How long will my data be stored?

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.


In addition, we are subject to various storage and documentation obligations, which result from the minimum statutory retention periods and HMRC, among others. The retention and documentation periods specified there are 2 to 6 years.


Are data transferred to a third country or to an international organisation?

Data is not transferred to third countries (countries outside the UK).


What data protection rights do I have?

Every data subject has


  • the right to information according to Art. 15 GDPR,

  • the right to rectification according to Art. 16 GDPR,

  • the right to deletion according to Art. 17 GDPR,

  • the right to restriction of processing pursuant to Art. 18 GDPR, and

  • the right to data portability under Art. 20 GDPR.


Furthermore, you can revoke consent, in principle with effect for the future.


Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO.


Finally, you also have a right to object according to Art. 21 GDPR. This applies, on grounds relating to data processing on the basis of our legitimate interest and also to profiling.


If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.


You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us in writing. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.


Direct Advertising

In individual cases, we process your personal data to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.


Automated decision-making in individual cases

As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 of the GDPR for the establishment and implementation of the business relationship. Should we use such procedures in individual cases, we will inform you of this separately, insofar as this is required by law.


Is there an obligation for me to provide data?

Within the scope of our business relationship, you are only required to provide personal data that is necessary for the establishment, implementation, and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.


Contacting us

When contacting us (via contact form social media or email), your details will be processed for the purpose of handling the contact enquiry. Your details will be stored in our customer relationship management system ("CRM system").



On our website, we offer you the opportunity to register by providing Personal Data. The data is entered in the registration form is transmitted to us and stored and includes your full name, your e-mail address, and your password. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures. You can delete your account at any time either by using the delete function in your account or by contacting us. 


Storage of data in your account

For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen. You can store this data in your account. In addition, we use your data to maintain our customer database so that only accurate data is stored by us. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.


Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you.


Guest order

You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.


We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you.


Financial Information

To make a purchase, you may need to provide a valid payment method (e.g., credit or debit card). Your payment information will be collected and processed by our authorised payment vendor Wix. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions. Accordingly, the data is processed on the basis of our contractual relationship.


Order confirmation/dispatch confirmation

In order to process the contract and provide you with our services, for example the web shop or to send you your order, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you.



Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.


You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.


Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out. 


Access data and log files

We collect data on each access to the server on which our website is located (so-called server log files) on the basis of our legitimate interests. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the operating system you are using, referrer URL (previously visited page), IP address and the requesting provider. This is used to defend against third-party claims and to enforce our own claims.


Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.


Cookies and Reach Measurement

Cookies are pieces of information that are transmitted from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. For further information about the cookies we use, please refer to our Cookie Policy.


Integration of third-party services and content

Within our website, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our website within the meaning of our legitimate interest in order to integrate their content and services (hereinafter uniformly referred to as "content").


This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.


We endeavour to only use content whose respective providers only use the IP address to deliver the content.


Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.


The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:


  • Analytics: Google Analytics by Google Inc

  • Tag management: Google Tag Manager by Google Inc

  • eCommerce, Payment, Chat and Newsletter: Wix by

  • Content Delivery Network, Content Management System: Wix by

  • Mapping: Google Maps by Google Inc

  • Advertising: DoubleClick by Google Inc


Online presences in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.


Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification. This Privacy Policy was last updated on Tuesday, 29 November 2022

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, please contact us.



bottom of page