Privacy Policy
Last updated: May 2026
Who we are
A. Mylne & Co. (“we”, “us”) is the data controller for personal data collected through this website. We are a yacht design consultancy based in the United Kingdom.
Contact: [email protected]
What data we collect and why
We collect only what is necessary to operate this website and fulfil your orders. The table below describes each type of data, why we collect it, and the legal basis under UK GDPR.
| Data | Purpose | Legal basis |
|---|---|---|
| Name, email address, password | Creating and operating your account | Contract |
| Address, phone number, profile photo | Delivery of physical orders; personalisation of your account | Consent (you provide this voluntarily in your profile) |
| Additional email addresses | Linking purchases made under different addresses to your account | Consent |
| Purchase records (design, drawing, date, amount) | Fulfilling your order; providing download access; financial records | Contract; Legal obligation |
| Payment card details | Processing payment | Contract — handled entirely by Stripe; we never see or store your card details |
| Privacy consent timestamp | Recording that you agreed to this policy at registration | Legal obligation |
Cookies
This website uses only strictly necessary cookies to keep you signed in to your account. These are session cookies set by our authentication provider (Supabase) and do not track you across other websites. No consent is required for strictly necessary cookies under UK law.
We do not use advertising, analytics, or tracking cookies.
Who we share your data with
We do not sell your personal data. We share it only with the following processors, under written data processing agreements:
- Supabase Inc. — database and file storage hosting. Data is held in the EU (Frankfurt, Germany). Supabase acts as a data processor on our behalf. Their DPA is available at supabase.com/privacy.
- Stripe Inc. — payment processing. Stripe is an independent data controller for payment data. Their privacy policy is available at stripe.com/gb/privacy.
How long we keep your data
- Account and profile data — kept for as long as your account is active. Deleted promptly when you close your account.
- Purchase records — retained for 7 years in anonymised form to meet UK financial and tax record-keeping obligations, even after account closure.
- Profile photo — deleted immediately when you close your account or replace it.
Your rights
Under UK GDPR you have the following rights. To exercise any of them, email [email protected]. We will respond within one month.
- Access — request a copy of all personal data we hold about you. You can also download this directly from your account profile page.
- Rectification — correct inaccurate data. You can update most details yourself in your profile.
- Erasure — ask us to delete your personal data. You can do this yourself from your profile page. Note that anonymised purchase records are retained for legal reasons.
- Portability — receive your data in a machine-readable format (JSON). Available via the Download My Data button in your profile.
- Objection — object to processing based on legitimate interests.
- Restriction — ask us to pause processing while a complaint is resolved.
- Withdraw consent — where processing is based on consent (profile data), you may withdraw it at any time by deleting that data from your profile or closing your account.
Right to complain
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
ico.org.uk/make-a-complaint — 0303 123 1113
We would, however, appreciate the chance to address your concerns before you contact the ICO — please email us first at [email protected].
Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top of this page will always reflect the most recent version. Significant changes will be notified to registered users by email.