Top Menu


Updated 20th May 2018

This is our updated Privacy Policy, which sets out how we handle your personal information if you’re a Nights In iron customer or a visitor to our website, in accordance with the General Data Protection Regulations (GDPR), effective from 25th May 2018.

These regulations aim to increase accountability for organisations who handle personal data. Individuals are granted specific rights regarding their personal information, and how it is collected, stored, used, shared and protected. You can read more about the GDPR requirements on the Information Commissioner’s Office website.

We’ve tried to make this policy as transparent and ‘readable’ as possible. If you don’t understand any part of it, think that something in this policy is wrong or missing, or have any questions regarding your personal data, please contact us.


  • We, us, Nights New Era Ltd or Nights In Iron  – this company and the people directly involved in running it.
  • You – our customer or visitor to our website.
  • Policy – this Privacy Policy.
  • Our website or site – this website
  • Customer – any person or company who places an order with us.
  • Visitors – any person who visits our website or social media profiles.

The type of personal information we collect

  • Name, email address, postal address, telephone number when a customer places an order for one or several of our products.
  • Payment details, delivery address and billing address when a customer places an order for one or more of our products.
  • IP addresses, location (by country), browser type and other web analytics data when someone visits our website.
  • Name, email anddress and general queries via a general contact form on our website.
  • Name and email address when a visitor or customer subscribes to our newsletter on our website.
  • Specific marketing permissions when a visitor or customer subscribes to our newsletter on our website.
  • Basic contact details (usually name and email address) when we run online competitions or ‘giveaways’, on our blog, Facebook page or other social media accounts.

How we collect personal information

We collect personal information directly when you provide it to us – as described above; automatically as you navigate through the website, or when you interact with our social media or blog posts.

Personal information we collect about you from others

Although we generally collect personal information directly from you, on occasion, we also collect certain categories of personal information about you from other sources. In particular:

  • Financial and/or transaction details from our payment providers PayPal (located in Luxembourg) and PayPoint (located in the UK) in order to process or record a transaction.
  • Third party service providers (like Google and Facebook) who are located in the US, who may provide basic browsing information as you navigate through our site, or other information when you interact with our social media profiles. This information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider.

Why we collect your personal information

We need to collect and use your personal information:

  • To fulfil our contractual obligations to our customers and to fulfil orders of our products.
  • To contact customers during the purchasing process, to provide details of the order status, resolve any processing issues and clarify details where necessary (eg delivery information or special requests).
  • To create accounts for our customers to grant access to certain services (eg website customer account).
  • To verify identity and prevent unauthorised access to our website or certain services.
  • To monitor visitor traffic to our site and to secure our site against malicious human and automated visitors.

We also need to collect personal information where this is necessary for purposes which are in our legitimate interests.

These interests include:

  • Operating our website and our business.
  • Protecting our website.
  • Providing customers with the information and products described on the website.
  • Verifying your identity when customers or visitors sign in to any of our online services.
  • Responding to support requests, and helping facilitate the resolution of any disputes.
  • Updating customers and newsletter subscribers with operational news and information about our website, services and products (e.g. to notify you about changes to our website content, legal documentation, products, the company, website disruptions or security requirements.
  • Carrying out technical analysis to determine how to improve our website and the services we provide or resolve any technical problems.
  • Monitoring activity on this website, in order to identify potential fraudulent activity and prevent spam and ‘hacking’.
  • To ensure compliance with our website Terms of Use.
  • Managing our relationship with our customers and visitors, e.g. by responding to your comments or queries submitted to us on our website or asking for your feedback.
  • Managing our legal and operational affairs (including, managing risks relating to content and fraud matters).
  • Improving our products and services.
  • Providing general administrative and performance functions and activities.

We may be required by law to collect personal information when responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.

When we disclose your personal information

There may be certain circumstances in which we need to disclose customer personal information to a third party, for example:

  • To regulators and government authorities in connection with our compliance procedures and obligations.
  • A purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase.
  • A third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity.
  • A third party, in order to enforce or defend our rights, or to address financial or reputational risks.
  • A rights holder in relation to an allegation of intellectual property infringement or any other infringement.
  • Other recipients where we are authorised or required by law to do so.

We will also pass certain personal information (usually only name and address) to delivery companies, in order to fulfil our contract.

Where we transfer and/or store your personal information

We are based in the United Kingdom, and customer and visitor data is processed and stored in the UK. Personal data provided via our website is stored in a database on our web server, which is located in Nottinghamshire, UK. The data centre is secured by 24/7 security and biometric  and swipe card security in all areas. The website is protected by a firewall, SSL encryption and other industry best practice measures. Local digital personal data is stored on password-protected computers located in our main office in Somerset, UK and subsidiary offices in Dorset, UK and Aquitaine, France. Hard copy personal data documents are stored in locked cabinets in private offices, and are only accessible by people directly involved in the running of the business.

How we keep your personal information secure

We do our best to keep all information secure, especially any personal data. Most of our data is kept in digital form. All digital personal information (including names, addresses, telephone numbers and email addresses) is stored on a protected local computer network, to which only people engaged in activities directly relating to the business have access. The internet connection, local area network (LAN), computer terminals and documents containing personal data are all password protected and never routinely shared via email or stored on ‘cloud’ services.

Our website is secured by an SSL Certificate which uses end to end encryption on every page. We have a website security package which includes a firewall, ‘brute force’ attack protection, file system and database enhanced security and an instant alert system which notifies us of any unexpected changes to our website files and database.

Our host provider is UK-based company with a UK-based data centre with biometric passkeys and 24/7 security.

Our back up procedure involves the copying of personal and other data locally (not via WIFI/internet or any ‘cloud’ services), to cabled, physical external hard drives. These back up drives are kept separately in locked, secure locations to which only the business owner has access.

Occasionally we collect or print personal data in hard copy form, usually for creating delivery labels and notes.

Third Party Services

We occasionally use third party services as part of providing services to our clients. Some of these have access to your personal information – either provided by us or by you. These third parties include:

Baloogi Studio – website hosting provider and website developer. Our web developer has access to all of our website files and databases. When engaging in development, design or trouble-shooting activities the developer may need to access the areas of our site when personal information is stored (eg contact and order details). Bank and credit/debit card details are not stored on our server and our web developer has no access to these. We only deal with one person at Baloogi Studio, and no other person outside Nights In Iron has authorised access to our website. You can read the Baloogi Studio Privacy Policy here.

PayPal – payment processing provider. Our customers have the option to make payment via Paypal (located in Luxembourg, EU). You can read the PayPal Privacy Policy here.

PayPoint – payment processing provider. Our customers have the option to make payment via PayPoint (located in UK, Ireland and Romania). You can read the PayPoint Privacy Policy here.

AwStats – website analytics application. AwStats is an ‘open source’ log file analyser, which operates on the website server, collecting and logging website traffic information. It does not use cookies, or any kind of tracking code, and collects anonymous data which helps us to monitor visitor traffic to our website.

Google Analytics – website analytics application. Google analytics collects website visitor data via tracking code on the website and by using cookies. You can read the Google Privacy Policy here.


Communications regarding your personal information

Where we have your consent to do so (e.g. if you have subscribed to our email newsletter), we send you communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided at the bottom of the communication itself.

You also have choices about cookies. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our sites may not work properly in your case. You can find out more about what cookies are at the All About Cookies website.

Cookies and web analytics

We currently use cookies on our website to collect anonymous web traffic data, such as:

  • Your IP address or proxy server IP address
  • The domain name you requested
  • The name of your internet service provider is sometimes captured depending on the configuration of your ISP connection
  • The date and time of your visit to the website
  • The length of your session
  • The pages which you have accessed
  • The number of times you access our site within any month
  • The file URL you look at and information relating to it
  • The website which referred you to our site
  • The operating system which your computer uses.

We currently use Google Analytics tracking code and Facebook ‘pixels’ on our website, to monitor traffic and enable certain intergation functions between our social media profiles and our website. We have a ‘Cookies Declaration’ (in accordance with the PECR 2011) which provides information about the cookies used and the ability to disable them.

How you can access your personal information

Under the GDPR guidelines, you have the right to:

  • Request access to the personal data we hold about you.
  • Request corrections of any errors in that data.
  • Request erasure of the personal data we hold about you.

To make any of these requests, please contact us via our data request form.

Information about children

Our website and services are not suitable for children under the age of 16 years, so if you are under 16 we ask that you do not use our website or give us your personal information.
If you are from 16 to 18 years, you can browse our site but you’ll need the supervision of a parent or guardian to request a quotation or become a client. It’s the responsibility of parents or guardians to monitor their children’s use of our website.

Information you make public or give to others

If you make your personal information available to other people, we can’t control or accept responsibility for the way they will use or manage that data. There are lots of ways that you can find yourself providing information to other people, like when you post a public message on a forum thread, share information via social media, or make contact with another via a website or directly by email. Before making your information publicly available or giving your information to anyone else, think carefully. If you’re sharing information via another website, check the privacy policy for that site to understand its information management practices.

How long we keep your personal information

We retain your personal information for as long as is necessary to provide the products and services to you and others, and to comply with our legal obligations. If you no longer want us to keep your personal information, provide you with any services, or contact you with any newds or promotions, you can request that we erase your personal information and (where applicable) close your online customer account. Please note that if you request the erasure of your personal information we may retain some information from deleted accounts (in a static, archived form) as necessary to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Use and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

When we need to update this policy

We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices. When we do change the policy, we’ll notify you about the changes, via our newsletter (if we have your consent) or here on this page. A copy of the latest version of this policy will always be available on this page.

How you can contact us

If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact us via our Personal Data contact form. Alternatively, you can write to us at: Nights In Iron, Clear Springs Farm, Stoke Trister, Wincanton BA9 9PQ, UK.

Reporting Concerns

If you have unresolved concerns you also have the right to complain to data protection authorities. In the UK, the relevant authority is the Information Commissioner’s Office.