Last updated: 26/10/25
1. Who we are
House Unpacked (“we”, “us”, “our”) is the data controller for the personal data collected via this website: https://houseunpacked.com
You can contact us via our contact us page. Use the subject line ‘DATA REQUEST’ for privacy/data inquiries.
2. What personal data we collect & why
House Unpacked is committed to protecting your privacy whilst using our website. We collect personal information that you provide to us and the information stated below.
Manual Data Collection:
| Source | Data Collected | Purpose |
|---|---|---|
| Contact forms | Name, email, message | Respond to inquiries |
| Free digital products | Name, email | Deliver requested product |
| Paid digital products | Name, email, billing info (processed by Stripe) | Deliver purchased products; payment processing |
| Email marketing | Name, email | Send marketing communications (with opt-in consent) |
| Comments | Name, email, website (optional), comment content | Moderation and discussion context |
Automatic Data Collection:
| Source | Data Collected | Purpose |
|---|---|---|
| Website server | IP address, browser type, device type, user agent | Website security and spam prevention |
| Cookies | See cookie section below | Essential functionality or consented non-essential tracking |
| Email service (MailerLite) | IP address, approximate location, device/browser type (collected automatically for marketing emails) | Measuring engagement, improving marketing communications |
Note: Custom code snippets are small pieces of code added to our website to improve functionality or add new features. Some of these snippets may collect information about website usage or interactions. At present, the code we use does not collect personal data, but future snippets could include features that do. If that changes, we will update this Privacy Policy accordingly.
3. Legal Basis for Processing
| Processing Activity | Legal Basis | Notes |
|---|---|---|
| Contact forms | Legitimate interest | Minimal data collected; only used to respond to your query |
| Delivering digital products (via email) | Contractual necessity | Required to provide the product requested |
| Payment processing | Contractual necessity | Stripe processes payments; we do not store card details |
| Email marketing | Explicit consent | You may withdraw consent at any time |
| Comment moderation and spam protection | Legitimate interest | Protects website and users from spam or malicious content |
| Website security | Legitimate interest | Protects users and our website from unauthorized access or attacks |
4. Cookies
Cookies are small data files saved on your device (i.e. laptop, phone etc) when you visit a website. We use cookies and similar tracking technologies on our website to ensure the site functions properly, to remember your preferences, and to analyse how our website is used.
For more information about the types of cookies we use and how you can manage your cookie settings, please see our Cookie Policy. Non-essential cookies are only set if you provide consent via the cookie banner or settings.
Legal basis: Necessary for functionality (essential cookies) or consent (non-essential).
We use CookieYes, a cookie consent management tool, to manage visitor consent and count page views. CookieYes automatically counts pageviews up to the Free plan limit (5,000 per month) and records whether visitors accept, decline, or dismiss the cookie banner. No personal information is collected by CookieYes on the Free plan.
Separately, our marketing emails (sent via MailerLite) may include invisible tracking pixels to measure engagement, such as IP address, approximate location, and device type. This tracking only applies to subscribers who have opted in to marketing communications.
5. Data Storage and Third Party Services
Our website is created on WordPress and we use Bluehost as our hosting server. We use WordPress plugins (i.e software) and third-party services on our website that may collect or process personal data, including contact forms, comments, email marketing, and security tools. In future, we may also use analytics plug-ins. These plugins may collect information such as names, email addresses, messages, IP addresses, and website usage data. All data collected is processed only for the purposes stated in this policy and in accordance with the plugin provider’s privacy policies.
Where personal data is transferred outside the UK/EU, these transfers are protected by Standard Contractual Clauses (SCCs) approved under UK GDPR, ensuring that your data is adequately safeguarded.
Some of the key plug-ins we use are:
- WPForms, a plug-in (i.e. software), to generate our forms that you enter your information into. When you submit a form, your data is stored in our WordPress database, hosted securely on Bluehost servers, which provide secure infrastructure for storing and processing your information
- Security plugins to keep our website secure and plugins for site functionality. This data is stored on our website server. It is not transmitted to third parties.
- Cloudflare (Website Speed and Security): We use Cloudflare to improve site performance and protect against security threats. Cloudflare may collect and process information such as IP addresses, browser type, and device information to deliver content more efficiently and provide security features. Some of this data may be processed on servers outside the UK/EU. Cloudflare only stores non-sensitive information (e.g, images, style sheets) and does not store personal data from checkout pages, forms, or account information. For more information, please see Cloudflare’s privacy policy
- MailerLite (an email service provider) to send you automated emails when you complete a form on our website. The information you enter is processed in accordance with MailerLite’s privacy policy
- Stripe (an independent data controller for payment data): When you make a purchase and submit your details, Stripe stores this information on its secure servers to process payments and handle refunds, disputes, and compliance with financial regulations. You may also see Stripe Link, a feature of Stripe, which allows returning customers to autofill their saved payment information using their email. All payment information is handled securely by Stripe in accordance with their privacy policy. We do not store card details on our site
- Website backups: To protect our website from data loss, malware, and unauthorised changes, we use CodeGuard. This is a service that creates a secure backup of our website, including content, forms and database information. For further information, please see CodeGuard’s privacy policy
- Cookies are stored on your device’s browser (see our Cookie Policy).
| Data/Service | Storage Location | International transfer? |
|---|---|---|
| Website forms, comments,(WPForms, Gravatar), security logs | On our website database, hosted on Bluehost services (US) | US* |
| Cloudflare (website speed and security) | Cloudflare edge servers (global) | Yes, some processing may occur outside the UK/EU; safeguarded by Cloudflare privacy practices |
| Sending emails & marketing (MailerLite) | MailerLite’s EU-based servers | If data is transferred outside the UK/EU, protected by Standard Contractual Clauses |
| Payment processing (Stripe) | Stripe’s UK/EU servers | Some processing may occur in the US, safeguarded by Standard Contractual Clauses (SCC) |
| Website backups (CodeGuard) | CodeGuard: Amazon Web Service’s Simple Storage Service (US) Local backups: stored securely on UK-based devices | Yes. All transfers outside the UK/EU are safeguarded by Standard Contractual Clauses (SCCs) |
*Bluehost’s servers are located in the United States. Transfers of personal data to Bluehost are protected by UK Standard Contractual Clauses (SCCs) approved under UK GDPR, ensuring adequate protection of your data.
Embedded content and social media links:
Posts on this site may include embedded content (i.e articles, images). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you independently, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content. These websites should have their own privacy policy that you should read. We are not responsible for any data collected by embedded third-party content, which is governed by the third-party’s own privacy policy.
For example, we have links to our Instagram and Pinterest page on our website. These can be found in the top menu (the social media icons in the top right hand corner) and in the footer. When you click on these icons, you will be redirected to Instagram and Pinterest, who have their own privacy policy that you should read.
Analytics:
We may implement analytics in the future to improve our website. Custom code snippets may involve additional analytics, tracking, or functionality as defined by the code. If we do, we will update this Privacy Policy with details on the data collected and how you can opt out.
6. Data Retention
The below table outlines how long we store your data for. You can request deletion of your data at any time (see section 9).
| Data Type | Retention Period | Reason |
|---|---|---|
| Forms & transactional emails | 1 year | Business/administrative purposes |
| Marketing email subscribers | Until unsubscribed | Consent-based communications |
| Comments & metadata | Indefinite Comments may be reviewed and removed periodically | Maintains discussion context; legitimate interest balanced with right to deletion |
| Security logs | 6–12 months | Security monitoring and threat prevention |
| Local website backups* | 12 months | Restore website if needed |
| Cookies | Per Cookie Policy | Technical/functional necessity |
*Backups stored on third-party servers (CodeGuard) are retained according to their respective policies: CodeGuard’s privacy policy
7. Data Protection and Security
We aim to protect your personal information through a system of organisational and technical security measures.
To protect our website and users from unauthorised access, we use security plugins (software that enables protection on our website) that collect and store certain security-related information. This may include IP addresses of visitors, failed login attempts, or any suspicious or potentially malicious activity. It is stored on our website servers and used solely for security purposes. It is not shared with third parties.
Further examples of protection we use include using password-protected systems, access restriction to authorised personnel, regular backups and updates. We review and update security measures regularly in line with industry best practice.
Please note that despite our best efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information on our website is at your own risk. You should only access our website within a secure environment.
Data Breach Notification:
In the event of a personal data breach, we will assess the situation promptly and take all reasonable steps to mitigate any risks. Where required by law, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.
If the breach is likely to result in a high risk to your rights and freedoms, we will also inform affected individuals without undue delay. We take the security of your personal data seriously and have measures in place to prevent unauthorised access, loss, or misuse.
8. Who do we share your data with?
We only share information with your consent, to comply with laws, to protect your rights, or to fulfil our website services.
We only share and disclose your information in the following situations:
- Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Third-Party Service Providers. We may share your data with third party service providers, who perform services and require access to such information to do that work. Examples include: email delivery and services (i.e. MailerLite), hosting services (Bluehost), and the payment processor (Stripe). Visitor comments may be checked through an automated spam detection service. We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect data about how you interact with the Sites over time. This information may be used to, among other things, analyse and track data, determine the popularity of certain content and better understand online activity.
Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
9. What rights you have over your data?
Under UK data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us via our contact us page with the headline ‘DATA REQUEST’ if you wish to make a request.
10. Children’s Privacy
Our website is not intended for children under 13. We do not knowingly collect data from children under this age. Parents or guardians may contact us to request deletion of any data collected from their child.
Any personal data from children under 13 is processed only with verified parental consent in accordance with UK data protection law.
11. Do we update this privacy policy?
We may update this privacy policy from time to time. The revised date is always indicated at the top and bottom of this page. We encourage you to review our privacy policy frequently to stay informed on how we protect your information.
Our privacy policy was last updated on 26/10/25.