Privacy Policy
Privacy Policy
Last updated: 27 May 2026
At Bana Bilaka (“we”, “us”, “our”), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit banabilaka.com or purchase from us. We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.
1. Who We Are
Bana Bilaka is a print-on-demand brand based in London, United Kingdom, celebrating African greatness and pan-African pride through illustrated t-shirts, sweatshirts, and posters.
- Trading name: Bana Bilaka
- Website: banabilaka.com
- Contact / Data Protection Officer (DPO): hello@banabilaka.com
We are the data controller for the personal data we collect through our website.
2. What Data We Collect
We collect the following categories of personal data:
- Identity data: first name, last name
- Contact data: email address, billing address, shipping address, phone number (if provided)
- Transaction data: items purchased, order history, total amount paid (we do not store full card details)
- Technical data: IP address, browser type, device type, time zone, operating system
- Usage data: pages visited, time spent on site, referral source
- Marketing data: preferences regarding marketing emails and communications
- Cookie data: see Section 7 below
3. How We Collect Your Data
- Directly from you: when you place an order, create an account, subscribe to our newsletter, or contact us
- Automatically: via cookies and similar tracking technologies when you browse our site
- From third parties: payment confirmation from Stripe, fulfilment status from Gelato and Printify
4. Legal Basis for Processing
Under UK GDPR and EU GDPR, we process your data on the following lawful bases:
- Contract performance: to process and ship your order
- Legitimate interest: to improve our website, prevent fraud, and respond to enquiries
- Consent: for marketing emails and non-essential cookies (you can withdraw consent at any time)
- Legal obligation: to comply with UK tax, accounting, and consumer protection laws
5. How We Use Your Data
We use your personal data to:
- Process payments and fulfil your orders
- Communicate order confirmations, shipping updates, and tracking information
- Handle customer service requests, returns, and refunds
- Send marketing emails (only with your consent — you can unsubscribe at any time)
- Improve our website, product range, and customer experience
- Detect and prevent fraud or abuse
- Comply with our legal and regulatory obligations
6. Third-Party Sharing
We share your data only with trusted partners who help us run our business. Each partner is contractually required to protect your data and use it only for the purposes we specify.
| Partner | Purpose | Data shared | Location |
|---|---|---|---|
| Shopify | E-commerce platform | Order, contact, transaction data | Canada / EU |
| Stripe | Payment processing | Billing data, payment details | UK / EU / US |
| Gelato | Production & shipping (UK / EU orders) | Name, shipping address, order details | EU (Norway HQ) |
| Printify | Production & shipping (US orders) | Name, shipping address, order details | US |
| Email service provider | Order confirmations & newsletters | Name, email, order info | EU / US |
| Google Analytics | Anonymised website analytics | Usage data, IP (anonymised) | US |
For transfers outside the UK or EU, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards approved by the UK ICO and European Commission.
We will never sell your personal data to third parties.
7. Cookies
We use cookies to make our site work properly and improve your experience. Cookie categories:
- Strictly necessary cookies: required for the site to function (cart, checkout, login). Cannot be disabled.
- Analytics cookies: help us understand how visitors use the site (Google Analytics). Optional.
- Marketing cookies: used to show relevant ads on other platforms. Optional.
When you first visit our site, you will see a cookie banner allowing you to accept or reject non-essential cookies. You can change your preferences at any time via the cookie settings link in our footer.
8. Data Retention
We retain your personal data only for as long as necessary:
- Order data: 7 years (UK tax and accounting requirement under HMRC rules)
- Account data: until you close your account or request deletion
- Marketing data: until you unsubscribe
- Analytics data: 26 months (Google Analytics default)
- Customer service emails: 3 years
After these periods, your data is securely deleted or anonymised.
9. Your Rights
Under UK GDPR and EU GDPR, you have the following rights:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”): request deletion of your data, subject to legal retention obligations
- Right to data portability: receive your data in a structured, machine-readable format
- Right to restrict processing: ask us to pause processing in certain cases
- Right to object: object to processing based on legitimate interest or for direct marketing
- Right to withdraw consent: withdraw consent at any time (does not affect prior lawful processing)
- Right not to be subject to automated decision-making: we do not use automated decision-making or profiling
To exercise any of these rights, email hello@banabilaka.com. We will respond within 30 days.
10. Data Security
We use industry-standard security measures to protect your data, including SSL/TLS encryption, secure payment processing via Stripe (PCI-DSS compliant), restricted access controls, and regular security audits. No method of transmission over the internet is 100% secure, but we work hard to protect your data.
11. Children’s Privacy
Our site is not directed at children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.
12. Complaints
If you are unhappy with how we have handled your data, please contact us first at hello@banabilaka.com. You also have the right to lodge a complaint with:
- UK: Information Commissioner’s Office (ICO) — ico.org.uk
- EU: your local data protection authority
13. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be communicated via email or a site notice.
14. Contact
For any privacy questions, requests, or concerns, contact our Data Protection Officer at hello@banabilaka.com.