Last updated: April 2026
This policy explains how Lush Lobster, collects, uses and protects your personal information when you visit our site or place an order with us. We are the data controller for the personal information you provide.
Who we are
- Trading name: Lush Lobster
- Contact: info@lushlobster.com
What information we collect
- Order details — your name, delivery address, email, phone number, and what you ordered.
- Card designs — the photos, text and design choices you add to a personalised card, packaged into a PDF so it can be printed and posted.
- Account information — login email and password, saved addresses, order history. Only collected if you choose to create an account.
- Messages you send us by email or the contact form.
- Technical information — IP address, device, browser, referring site, pages viewed, and cookies. See the Cookies section below.
How we use it
- Processing and delivering your order — performance of a contract.
- Customer support — performance of a contract or legitimate interests.
- Fraud prevention and site security — legitimate interests.
- Analytics to improve the site — legitimate interests.
- Marketing emails about new designs and offers — consent. You can unsubscribe at any time.
- Complying with legal and tax obligations — legal obligation.
Who we share it with
We never sell your information. We only share it with the partners we need to run the shop:
- Shopify — e-commerce platform, checkout, store analytics.
- Payment providers — Shopify Payments and any alternative methods you pick at checkout. We don’t store your full card details.
- Royal Mail and other chosen couriers — to deliver orders.
- Precision Proco — our print-on-demand fulfilment partner. They receive your card PDF and delivery address.
- DigitalOcean — hosts the short-lived PDF files of your cards.
- Our email service provider — sends order confirmations and, with your consent, marketing emails.
- Google — Google Tag Manager and the analytics tools configured inside it. See the Cookies section below.
- Law enforcement or regulators — only where we are legally required to.
International transfers
Some of our partners, including Shopify and Google, are based outside the UK/EEA. When your information is transferred internationally we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or transfers to countries the UK considers adequate.
How long we keep it
- Order records — 7 years, to meet UK accounting and tax rules.
- Card design PDFs — deleted from our storage within 30 days of fulfilment.
- Marketing lists — until you unsubscribe or ask to be removed.
- Account data — until you ask us to close your account.
- Analytics — as configured in the tool, typically up to 26 months.
Your rights
Under UK GDPR you can:
- Access the information we hold about you.
- Have inaccurate information corrected.
- Have your information deleted.
- Restrict or object to processing.
- Port your information to another provider.
- Withdraw consent at any time, where we rely on consent.
Email contact@lushlobster.com to exercise any of these. You can also complain to the Information Commissioner’s Office at ico.org.uk, though we’d appreciate a chance to put things right first.
Security
Payment, checkout and account data travels over HTTPS and is processed by Shopify’s PCI-DSS-compliant checkout. Card PDFs are stored in a private, access-controlled bucket and deleted after fulfilment.
Children
The shop is aimed at adults. We don’t knowingly collect information from children under 16. If you think a child has given us personal data, please contact us and we’ll delete it.
Changes
We may update this policy from time to time. The “last updated” date at the top shows when it last changed. For material changes we’ll flag it on the site.
Contact
Questions? Email info@lushlobster.com
How we use cookies on lushlobster.com
Cookies are small text files a website can place on your device to make it work, remember your preferences, and measure how it’s being used. This section explains the cookies we use on this site.
Your choices
Strictly necessary cookies are always on — without them the cart and checkout can’t work. You can block or delete cookies at any time through your browser settings, but doing so may stop parts of the shop from working properly.
Categories we use
Strictly necessary
These cookies are required to operate the shop. They are set when you visit the site, add an item to your basket, sign in, or go through checkout.
- Shopify session and cart cookies — keep your basket and session alive.
- Checkout and fraud prevention — set by Shopify to help prevent fraud at checkout.
- Security tokens — protect form submissions against cross-site request forgery.
Analytics
These help us understand how people use the shop so we can improve it.
- Google Tag Manager — loads the analytics tools listed below.
- Google Analytics 4 — measures page views, traffic sources, and aggregate behaviour. Data is typically retained for up to 14 months.
- Shopify analytics — reports on traffic and referrals in our Shopify dashboard.
Preferences
- Chosen currency, language and recently viewed items — so you don’t have to set them every visit.
Third-party cookies
Most of the non-essential cookies above are set by third parties such as Shopify and Google. We don’t control those cookies directly; please review the providers’ own policies for more detail:
How long cookies last
- Session cookies — deleted when you close your browser.
- Persistent cookies — stored until they expire, usually up to 2 years, or you delete them manually.
- Analytics cookies — retention is set by the provider, typically 6 to 26 months. See the providers’ own policies above.
Managing cookies in your browser
All modern browsers let you view, block, or delete cookies. The exact steps vary by browser — search “manage cookies” in your browser’s help menu, or see aboutcookies.org for general guidance.
Cookies contact
Questions? Email info@lushlobster.com