This Privacy Policy explains how WP Nesting (“we”, “us”, “our”) collects, uses, shares and protects personal data when you use https://www.wpnesting.com (the “Website”), purchase our products/services, or interact with us. We are based in the United Kingdom and aim to comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

Data controller: WP Nesting
Registered address: Bulleigh Barton Farm, Ipplepen, Newton Abbot, TQ12 5UA
Contact email: info@wpnesting.com

1. What personal data we collect

We may collect the following categories of personal data:

  • Identity & contact data: name, email address, telephone number, billing address (and shipping address if used).
  • Account data: username, password (stored in encrypted/hashed form), account preferences.
  • Order & subscription data: products/services purchased, order history, subscription status, renewals, invoices, customer notes.
  • Payment-related data: payment status, transaction references and payment method type. We do not receive your full card number; card payments are processed by our payment providers.
  • Communications: messages you send us (e.g., contact forms, email support), and our replies.
  • Technical & usage data: IP address, device/browser information, approximate location (derived from IP), referral source, pages viewed, actions taken, timestamps, and logs.
  • Cookies & similar technologies: identifiers and preferences stored on your device (see “Cookies” below).

2. Where we get your personal data from

  • Directly from you when you create an account, place an order, start a subscription, fill out forms, or contact support.
  • Automatically when you browse the Website (e.g., via cookies, server logs, analytics tools if enabled).
  • From service providers involved in delivering our services (e.g., payment providers confirming payment status, fraud prevention tools if used).

3. How we use your personal data and our lawful bases

Under UK GDPR, we must have a lawful basis for processing your personal data. We typically rely on the following:

  • To provide our services and fulfil your orders/subscriptions (create accounts, take payments, provide access, manage renewals, customer service).
    Lawful basis: performance of a contract.
  • To manage billing, taxes and record-keeping (invoices, accounting, fraud prevention where required).
    Lawful basis: legal obligation; and/or legitimate interests.
  • To maintain and secure the Website (monitoring, preventing abuse, troubleshooting, backups).
    Lawful basis: legitimate interests.
  • To improve our Website and customer experience (analytics, performance, testing, product improvements).
    Lawful basis: legitimate interests; and/or consent (where cookies/technologies require it).
  • To send service messages (order confirmations, renewal reminders, important account notices).
    Lawful basis: performance of a contract; legitimate interests.
  • To send marketing messages (newsletters, offers) where permitted.
    Lawful basis: consent; and/or legitimate interests (where “soft opt-in” applies under PECR for existing customers, subject to the right to opt out).
  • To comply with legal requests (law enforcement or regulatory requests where valid).
    Lawful basis: legal obligation.

4. Subscriptions and recurring payments

If you purchase a subscription, we process data needed to create and manage your subscription (including renewals, cancellations, and payment status). Depending on your payment method, our payment provider may store a token or reference to your payment method to enable recurring billing. We do not store full card details on our servers.

5. Marketing preferences

You can opt out of marketing at any time by using the “unsubscribe” link in our emails, adjusting your account preferences (if available), or contacting us at info@wpnesting.com.

We may still send you non-marketing service messages where necessary (e.g., payment confirmations, security notices, or changes to our terms).

6. Cookies and similar technologies

We use cookies and similar technologies to make the Website work, remember preferences, support checkout/cart functionality, and understand usage. WooCommerce uses cookies to support essential features such as the shopping cart and checkout.

  • Strictly necessary cookies: required for core site functions (e.g., cart/checkout, security).
  • Functional cookies: remember your preferences and settings.
  • Analytics cookies (optional): help us understand how the Website is used and improve it.
  • Marketing cookies (optional): used to measure campaigns or show relevant offers.

You can control cookies through your browser settings. Please note that disabling strictly necessary cookies may prevent parts of the Website (such as the checkout) from working properly.

7. Who we share personal data with

We may share personal data with trusted third parties where needed to operate our business and deliver our services, such as:

  • Payment providers: [e.g., Stripe / PayPal / other – list your actual providers].
  • Website hosting and infrastructure providers: Hosting provider, content delivery networks (CDNs), email delivery providers.
  • Customer support tools: helpdesk/ticketing systems.
  • Email marketing providers: Such as Mailchimp.
  • Analytics providers: only if enabled and permitted by cookie choices (e.g., Google Analytics).
  • Fraud prevention/security services: to protect the Website and customers.
  • Professional advisers: accountants, insurers, lawyers where necessary.
  • Regulators/law enforcement: where we have a legal obligation or valid request.

We only share the minimum necessary data and require service providers to protect it and use it only for providing services to us.

8. International data transfers

Some of our service providers may process data outside the UK. Where personal data is transferred internationally, we will take steps to ensure appropriate safeguards are in place (for example, UK-approved contractual safeguards such as the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses, and/or adequacy regulations).

9. How long we keep your personal data

We keep personal data only for as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting obligations. Typical retention periods include:

  • Orders, invoices, and tax records: usually up to 6 years (to meet UK tax/accounting requirements).
  • Account data: for as long as your account remains active (and a reasonable period afterward if needed for legitimate purposes).
  • Subscription records: for the duration of the subscription and thereafter as required for records, disputes, and compliance.
  • Support communications: for as long as needed to resolve issues and maintain service records.
  • Marketing data: until you unsubscribe/withdraw consent or we otherwise stop using it.

10. Your data protection rights (UK GDPR)

Subject to certain conditions, you have rights including:

  • Right of access – request a copy of your personal data.
  • Right to rectification – correct inaccurate or incomplete data.
  • Right to erasure – request deletion of your data where applicable.
  • Right to restrict processing – ask us to limit processing in certain circumstances.
  • Right to data portability – receive certain data in a portable format.
  • Right to object – object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent – where we rely on consent (e.g., some cookies/marketing), you can withdraw it at any time.

To exercise your rights, contact us at info@wpnesting.com. We may need to verify your identity before responding.

11. Complaints

If you have concerns about how we handle your data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Telephone: 0303 123 1113

12. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. However, no internet transmission is completely secure, and you should also take care to protect your account credentials.

13. Children

Our Website and services are not intended for children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us.

14. Automated decision-making

We do not generally use automated decision-making (including profiling) that produces legal or similarly significant effects. If this changes, we will update this Policy and provide required information.

15. Third-party links

The Website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before providing them with personal data.

16. Changes to this Privacy Policy

We may update this Policy from time to time. The “Last updated” date above shows when it was most recently revised. If changes are significant, we may provide additional notice (for example, via the Website or email).

17. Contact us

If you have questions about this Privacy Policy or our data practices, contact:
WP Nesting
Email: info@wpnesting.com
Address: Bulleigh Barton Farm, Ipplepen, Newton Abbot, TQ12 5UA

Last updated: 27 February 2026