Privacy Policy
Last updated: April 2026
This privacy policy explains how Igloo Labs Limited (“we”, “us”, “our”), trading as Chocolate Fountains North London, collects, uses, and protects your personal data when you use our website or hire equipment from us.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
The data controller is Igloo Labs Limited, a company incorporated in England and Wales. You can contact us at help@chocolate-fountains.co.uk.
2. What data we collect
When you make a booking, we collect:
- Identity data: first name, last name
- Contact data: email address, phone number
- Booking data: event type, rental dates, quantity of fountains, add-ons selected
- Transaction data: total amount paid, Stripe session ID (we do not store card details — these are processed directly by Stripe)
- Technical data: browser type, device type, and pages visited (via standard server logs)
3. How we use your data
We use your personal data to:
- Process and manage your booking (contractual necessity)
- Communicate with you about your booking, collection, and return (contractual necessity)
- Process refunds or handle cancellations (contractual necessity)
- Comply with our legal obligations (legal obligation)
- Improve our website and services (legitimate interest)
We do not use your data for marketing unless you have separately given us consent to do so. We do not sell your data to third parties.
4. Third-party processors
We share data with the following third parties only to the extent necessary to deliver our service:
- Stripe, Inc. — payment processing. Stripe processes your payment card details directly under their own privacy policy. We only receive a session ID and transaction confirmation.
- Supabase, Inc. — database hosting. Your booking data is stored in a Supabase-hosted database in the EU.
- Vercel, Inc. — website hosting and serverless compute. Our website is hosted on Vercel's infrastructure.
All processors are contractually required to handle your data in accordance with UK GDPR.
5. How long we keep your data
We retain booking records for 7 years to comply with HMRC accounting obligations. After this period, data is securely deleted. Technical server logs are retained for up to 90 days.
6. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Erase your data (where we have no legal obligation to retain it)
- Restrict or object to our processing
- Data portability — receive your data in a machine-readable format
- Withdraw consent at any time (where processing is based on consent)
To exercise any of these rights, email us at help@chocolate-fountains.co.uk. We will respond within 30 days.
7. Cookies
Our website uses only technically necessary cookies required for the site to function (for example, to maintain session state during booking). We do not use tracking or advertising cookies.
8. Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data is transmitted over HTTPS. Payment data is handled exclusively by Stripe and never passes through our servers.
9. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top of this page indicates when it was last revised. Continued use of our website following any changes constitutes acceptance of the updated policy.
10. Complaints
If you have a concern about how we handle your data, please contact us first at help@chocolate-fountains.co.uk. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.