AT-A-GLANCE SUMMARY
Plume collects only the data needed to ship orders, keep you informed and improve our rainwear. We never sell personal information, we secure it with industry-standard safeguards, and we honour every GDPR right—from access to erasure—within one month.
Who we are
Plume (“Plume”, “we”, “us”) designs and sells sustainable, feather-light rainwear. For all matters relating to privacy or data protection, email privacy@plumerain.com.
What information we collect
| Category | Identity & contact data | Transaction data | Technical data | Marketing preferences |
| Examples | name, email, shipping address, phone (optional) | products purchased, price, payment method (card details handled by our PCI-compliant processor, never stored on our servers) | IP address, browser type, device identifiers, referral URLs, time-stamps | newsletter opt-in, wish-list items |
| Source | you provide at checkout or account sign-up | payment provider APIs | collected automatically via cookies and security logs | your choices in account or consent banner |
Why and how we use your data
Purpose
- Process and deliver your order, handle returns
- Send service emails (order confirmations, shipping updates)
- Email newsletters or product alerts
- Fraud prevention and site security
- Analytics to improve our website and product range
Lawful basis (GDPR Art 6)
- Contract performance
- Legitimate interest
- Consent (you may unsubscribe anytime)
- Legitimate interest
- Legitimate interest (aggregated, pseudonymised data)
Cookies & similar technologies
We use functional cookies (to remember basket items) and analytic cookies (to understand traffic). Any marketing or tracking cookies load only after your explicit consent via our banner, as required by the EU ePrivacy Directive and related cookie rules.
You can manage cookies anytime in your browser settings.
Sharing your data
We share personal data only with:
- Payment processors (e.g. Stripe, PayPal) to authorise transactions.
- Logistics partners to print labels and deliver parcels.
- Email platforms to send transactional and newsletter messages.
- Analytics providers (Google Analytics 4 with IP-anonymisation).
All partners are bound by contracts that meet Art 28 GDPR requirements and may not use your data for their own marketing.
International transfers
Some partners are located outside the European Economic Area. When data leaves the EEA we rely on:
- the European Commission’s adequacy decisions, or
- Standard Contractual Clauses (SCCs) with supplementary safeguards.
These mechanisms are endorsed by the European Commission for lawful transfer of personal data.
Data retention
We store order records for up to seven years to meet tax and accounting obligations, then delete or anonymise them. Marketing-consent data is kept until you unsubscribe or after 24 months of inactivity, whichever is sooner.
Security measures
Plume applies TLS encryption in transit, AES-256 encryption at rest, firewalled servers and role based access controls. Regular vulnerability scans and staff training support our commitment to GDPR’s integrity and confidentiality principles.
Your rights
Under the GDPR you may:
- Be informed about our processing (this policy).
- Access a copy of your data.
- Rectify inaccuracies.
- Erase your data (“right to be forgotten”).
- Restrict processing
- Object to certain uses, including direct marketing.
- port your data to another provider.
- Object to automated decision-making (Plume makes none).
Exercise any right by emailing privacy@plumerain.com
Children
Plume’s website is not directed at children under 16. We do not knowingly collect their personal data. If you believe a minor has provided us data, please contact us for immediate deletion.
Updates to this policy
We will post any changes on this page and, if significant, email registered customers. Please check back periodically for updates.
Contact us
Questions? Write to privacy@plumerain.com or use our contact form.
