Departments

Who we are

Run by Design Privacy Policy
Last updated: 2 January 2025

This Privacy Policy explains how Run by Design collects, uses, and shares your information when you purchase from or interact with the shop (https://runbydesign.co.uk). By using this site, you agree to the terms of this Privacy Policy. If you disagree, please stop using the site immediately.

We may update this policy occasionally, with the latest update shown at the top of this page.

This Privacy Policy does not apply to third-party services that we do not own or control, such as Printify, Woocommerce and Stripe.

Printify produce and dispatch the item(s) ordered direct to the customer’s address. They act as the “data processor” for our customers: this means they only process data to help Run by Design provide our service to you, or in accordance with your instructions, or as required by law.

Data Storage Location

Our website is hosted at hostinger.co.uk, a company operating their services across 10 data centres, located around the globe. All personal data is processed by them in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). For more information on their privacy policy, please contact them at gdpr@hostinger.com

Information We Collect

To process your order, we collect details such as:

– Your name, email address, postal address, payment information, and order details.

– Additional information you provide if you contact us directly.

Contact Forms

Information submitted through our contact forms on our website and booking portal are sent to our company email, hosted by Hostinger.co.uk.

These submissions are used for both customer service and marketing purposes. The client will have to confirm they accept this, before submitting their message.

Why We Collect Your Information

We use your information:

– To process and deliver your orders, resolve disputes, and provide customer support.
– When you give consent, such as subscribing to news updates (you can revoke this at any time).
– To comply with legal obligations (e.g.tax, law).
– For legitimate business purposes such as improving our services. 

Google Analytics

We use Google Analytics on our site for anonymous reporting of site usage so, no personalised data is stored. Google Analytics privacy policy https://support.google.com/analytics/answer/6004245?hl=en-GB.


If you would like to opt-out of Google Analytics monitoring your behaviour on our website please use this link: Google Analytics Opt-out.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Third Party Access to Your Data

We do not share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us. Please see below:

Stripe
For the purpose of validating and getting your purchase information required to process payment for our massage therapy sessions, using their API to register your validated support data.

Stripe is a payment gateway which enables us to take payment from all leading credit and debit cards. It adheres to the standards set by PCI-DSS, as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our website and its service providers.

MailerLite
MailerLite provides the email marketing platform we use to handle marketing communications. The data they receive is limited to the data you explicitly provide and consent to being sent, using an opt-in facility.

MailerLite typically records the email address, IP address and timestamp associated with every subscriber or contact who completes and submits the form.

Their data storage centre is located in the European Union and has an information storage security certificate (ISO 27001).

MailerLite has incorporated all the necessary controls and procedures for personal data processing security required by GDPR into their systems.

Sharing Your Information

We share your information only when necessary, including:

– With Printify: to produce and ship your orders and Stripe to process your payment.
– Third-Party Service Providers: Limited sharing with trusted services like Printify.
– In Business Transfers: If our business is sold or merged, your information may be shared as part of that process.
– To Comply with Laws: To respond to legal requests, prevent fraud, or protect safety and rights.

Data Retention

We keep your information only as long as needed to provide our services or to meet legal obligations. Generally, this is for five (5) years. 

In the meantime you can ask us, or third parties, to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you; or by emailing us at sales@runbydesign.co.uk,  at any time.

If you request a password reset, your IP address will be included in the reset email.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Visitor comments may be checked through an automated spam detection service.

How Long Do We Retain Your Data

When you register on our booking portal, the metadata is retained until you decide to tell us to remove it. We use this data so that we can process and approve your bookings and to send automatic reminders.

If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or request we delete your personal information at any time by issuing a “subject access request” (SAR), a written request sent to our email address shown at the top of this page.

We will respond to this request within 14 days. Website administrators can also see and edit that information.

International Data Transfers

Your information may be stored or processed outside your country, including in the US, where data protection laws may differ.

Your Rights

If you live in certain regions, including the EU, you have rights such as:

– Access: Request a copy of your information.
– Correction or Deletion: Ask to update or delete your data (unless legal requirements prevent deletion).
– Object: Decline certain processing, including marketing communications.
– Complain: Report concerns to your local data protection authority if you are in the EU.

Under the General Data Protection and Retention (2018) legislation, regarding how your personal data is processed, all individuals have;

the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object.

Security Measures

We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorisation.

All computers, software applications, website back end and emails are password protected with anti-virus protection plus firewalls utilised to protect your data.

In case of a data breach, system administrators will immediately take all necessary steps to ensure system integrity, contact affected users and will attempt to reset passwords, if required.

Resources

Further information: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/

Contact Us

If you have any privacy concerns, contact us through the Run by Design website.

Buy Custom Running Apparel
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.