Privacy Policy
Last updated: July 2026
This policy explains what personal data Framework Supply Co, operated by CLYDE VALLEY CONTRACTS LIMITED, collects when you shop with us, why we use it, and the rights you have. It is written for our worldwide customers under the UK GDPR, EU GDPR where applicable, and the California Consumer Privacy Act (CCPA).
1. Who is responsible for your data
The data controller is CLYDE VALLEY CONTRACTS LIMITED (trading as Framework Supply Co), 82 Finlaystone Road Kilmacolm, PA13 4RB, United Kingdom. For any privacy request, contact support@clydevalley.shop or +44 7452238870.
2. What we collect
- Contact and account data: name, email, phone, shipping address and billing address.
- Order data: items purchased, order value, shipping address, delivery details and order history.
- Membership data: plan, billing interval and renewal status.
- Support and enquiry data: messages you send through our contact and wholesale forms.
- Technical data: IP address, device and browser information, and essential cookie identifiers.
- We do not collect full payment card numbers — see the payment boundary below.
3. Collection sources (where we collect it from)
Our collection sources are:
- Directly from you — at checkout, in the contact and wholesale forms, and in your account.
- Automatically from your device — cookies, local storage and server logs (IP, browser, device).
- From our payment processor (Stripe) — confirmation that a payment succeeded or failed, plus limited card metadata such as card brand and last four digits.
- From our shipping carriers — delivery and tracking status for your order.
4. Why we use it and our legal bases
- To fulfil your order and deliver goods — performance of a contract.
- To operate memberships and process renewals — performance of a contract.
- To provide support and respond to enquiries — legitimate interests and, for forms, your consent.
- To retain checkout details as a re-marketing lead where you consented — consent.
- To meet tax, accounting and consumer-law obligations — legal obligation.
- To secure the site and prevent fraud — legitimate interests.
5. Payment boundary (Stripe / card data)
Card payments are processed by Stripe on Stripe-hosted pages. Framework Supply Co never receives or stores your full card number, expiry or security code. Stripe acts as an independent processor and shares back only the result of a payment and limited metadata. If we later offer PayPal, the same boundary applies — the provider handles card and account credentials, not us.
6. Order fulfilment, shipping and support data
Your shipping address is passed to our fulfilment and shipping carrier partners solely to deliver your order and provide tracking. Order and shipping-address data is used to pick, pack, dispatch and, where needed, redeliver your goods. Returns, exchange and refund requests are handled by our support team using your order, contact and shipping-address data. Billing and card data for orders and memberships is handled by Stripe; we hold only order, plan and status information, never the full card number.
7. Who we share it with (processors)
- Hosting and delivery of this website (our cloud hosting provider).
- Payment processing (Stripe; PayPal if enabled in future).
- Order database and lead storage (our managed database provider).
- Email and transactional messaging providers for order and support correspondence.
- Shipping carriers and fulfilment partners for delivery and tracking.
We do not sell your personal data.
8. International transfers
We ship worldwide, so your data may be processed outside your country, including in the UK, EU and United States. Where data leaves the UK or EEA, we rely on adequacy decisions or Standard Contractual Clauses / the UK International Data Transfer Addendum to protect it.
9. How long we keep it
Order and tax records are kept for the period required by law (typically up to six years). Marketing leads and general enquiry data are kept for up to 24 months, or until you ask us to erase them, whichever is sooner.
10. Your rights (UK GDPR / EU GDPR / CCPA)
You may request access, correction, erasure, restriction, portability, or object to processing, and withdraw consent at any time. California residents may request disclosure of data collected and request deletion. To exercise any right, email support@clydevalley.shop; we respond within statutory timeframes.
11. Do Not Sell or Share
We do not sell or share personal data for cross-context behavioural advertising. There is nothing to opt out of in that respect, but you may still exercise all rights above.
12. Cookies and analytics
We use essential cookies to run the cart, checkout and admin session. See the Cookie Policy for details and choices.
13. Automated decisions and children
We do not make solely automated decisions with legal effect about you. Our store is not directed to children under 13, who may not place orders. Customers aged 13–17 must have the consent of a parent or guardian.
14. Complaints and contact
Contact support@clydevalley.shopwith any concern. UK and EU customers may also complain to their data protection authority (in the UK, the Information Commissioner's Office). Governing law: England and Wales.