Privacy Policy

We keep this short and honest. Here’s exactly what data we collect, why we collect it, and what we do with it.

Who we are

Those 2 Runners is Kayleigh & Chris, based in the North East of England. We run those2runners.com. If you ever want to get in touch about anything in this policy, email us at hello@those2runners.com and we’ll come back to you.

For UK GDPR purposes, Those 2 Runners is the data controller for the information described below.

What we collect — and why

When you sign up to the newsletter

We ask for your email address. That’s it. We use it to send you our newsletter (only when we have something worth telling you) and we store it with our email provider, MailerLite. We also note where you signed up (homepage or checkout) so we know how you came to find us.

  • Lawful basis: your consent (you hit subscribe). You can unsubscribe any time using the link at the bottom of every email.

When you use the contact form

We ask for your nameemail addresssubject and your message. We use these to reply to you and to keep a record of the conversation. The message comes straight to our inbox — we don’t use it for anything else and we don’t share it.

  • Lawful basis: our legitimate interest in answering you and your consent to be contacted in reply.

When you buy something from the shop

We ask for what we need to take payment and post the order to you: namebilling & shipping addressemailphone (optional), and the order details. Your card details are never seen or stored by us — they’re handled directly by our payment provider (see “Who we share data with” below).

  • Lawful basis: to fulfil our contract with you (sending the thing you bought) and to meet UK tax & accounting law.

When you visit the site

Like most websites, we collect a small amount of technical information automatically — IP address, browser type, the pages you looked at. We use this for security, troubleshooting, and to understand how the site is being used (via Google Analytics — see “Cookies” below).

  • Lawful basis: our legitimate interest in keeping the site running and improving it.

Who we share your data with

We use a small number of trusted third parties to actually run the website. We don’t sell or rent your data to anyone, ever.

  • MailerLite — runs our newsletter. They store your email and any signup info. (Privacy policy)
  • WooPayments — processes card payments. We never see your full card details. (Privacy policy)
  • Royal Mail (or whichever courier we use for that order) — receives your name and shipping address to deliver your parcel.
  • Google Analytics (GA4) — gives us anonymised usage stats. (Privacy policy)
  • Our hosting provider — stores the site and order data securely. Data centres are in the UK/EU.

Some of these services are based outside the UK (e.g. Woocommerce and Google). When data is transferred internationally it’s covered by standard contractual clauses or equivalent UK GDPR safeguards.

We may also share data if we’re legally required to (e.g. a request from HMRC or a court order) — we’ll only ever share the minimum needed.

Embedded content

Our site embeds YouTube videos and our Instagram & Facebook feed. When you view these, the relevant platform may set its own cookies and collect data about you — exactly as if you’d visited their site directly. We don’t control that. If you’re logged in to YouTube or Instagram, they may also track your interaction with the embed. Have a look at their respective privacy policies if you’d like the detail.

Cookies

We use a few cookies, kept to the minimum we actually need:

  • Essential — for the cart and checkout to work. Without these the shop can’t function.
  • Analytics (Google Analytics 4) — anonymised stats so we can see what people read and where they bounce. You can opt out via your browser settings or a “Do Not Track” preference.
  • WordPress login cookies — only if you happen to have a login on the site.

How long we keep your data

  • Newsletter subscribers: until you unsubscribe or ask us to remove you.
  • Contact form messages: kept in our inbox for as long as we need to handle the conversation — usually up to 2 years, then deleted.
  • Order records: kept for 6 years because UK tax law requires us to.
  • Analytics data: retained by Google for the standard GA4 retention period (currently up to 14 months).

Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you
  • Correct any data that’s wrong or out of date
  • Delete your data (“right to be forgotten”) — except where we have to keep it for legal reasons (e.g. order records for tax)
  • Object to or restrict how we use it
  • Take your data with you (data portability)
  • Withdraw consent at any time (for example, unsubscribing from the newsletter)

To use any of these rights, email us at hello@those2runners.com and we’ll sort it within 30 days.

Security

We use HTTPS for everything, keep our software up to date, and only share data with reputable third parties who are themselves GDPR-compliant. That said, no online service is 100% bulletproof — we’ll always do our best to protect your info, but we can’t guarantee absolute security.

Changes to this policy

If we change anything material, we’ll update this page and the “last updated” date below. Significant changes will be mentioned in the newsletter.