PRIVACY POLICY (UK)

Creations – Theo Fabergé Website
Operated by: St. Petersburg Collection
Last updated: 26 February 2026

1. Who We Are

This Website (“the Website”) is operated by St. Petersburg Collection (“we”, “us”, “our”).

For the purposes of UK data protection law, St. Petersburg Collection is the data controller in respect of personal data collected through this Website.

Contact email: creations@tfcentenary.com

2. Scope of This Policy

This Privacy Policy explains:

  • What personal data do we collect

  • Why do we collect it

  • Our lawful bases

  • How we store and protect it

  • Your rights under UK law

This Website is a gallery site displaying the creations of Theo Fabergé.
We do not sell products directly through this Website.

3. What Personal Data We Collect

We only collect personal data that is necessary for legitimate purposes.

A. Information You Provide Directly

If you contact us via email or contact form, we may collect:

  • Name

  • Email address

  • Any information you choose to include in your message

We do not request sensitive personal data through this Website.

B. Technical & Usage Data

When you visit the Website, we may collect:

  • IP address

  • Browser type and version

  • Device type

  • Pages visited

  • Date and time of access

  • Referring website

Some of this information may be collected via cookies (see our Cookies Policy).

C. Hosting Platform Data

This Website is hosted on Squarespace.

Squarespace processes certain technical data on our behalf to:

  • Deliver website content

  • Maintain infrastructure

  • Provide security

  • Prevent fraud and abuse

Squarespace acts as a data processor in this context.

4. How We Use Personal Data

We use personal data only for legitimate and lawful purposes:

  • To respond to enquiries

  • To operate and secure the Website

  • To maintain performance and reliability

  • To understand general website usage (where consent is given)

  • To comply with legal obligations

We do not:

  • Sell personal data

  • Use personal data for behavioural advertising

  • Engage in automated decision-making

  • Conduct profiling for marketing purposes

5. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

A. Consent (Article 6(1)(a))

Where required (e.g., non-essential cookies), we rely on your explicit consent.

You may withdraw consent at any time.

B. Legitimate Interests (Article 6(1)(f))

We process certain data where necessary for our legitimate interests, including:

  • Website security

  • Preventing fraud

  • Maintaining system integrity

  • Improving site functionality

We ensure these interests do not override your rights and freedoms.

C. Legal Obligation (Article 6(1)(c))

Where necessary, we may process data to comply with UK legal requirements.

D. Performance of a Service (Article 6(1)(b))

Where you contact us, processing your details is necessary to respond to your request.

6. Data Sharing

We share personal data only where necessary.

A. Service Providers

We may share data with trusted service providers, including:

  • Squarespace (hosting and infrastructure)

Such providers act as data processors under contractual safeguards.

B. Legal Requirements

We may disclose personal data if required by law or a regulatory authority.

We do not sell, rent, or trade personal data to third parties.

7. International Transfers

Some service providers may process data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK adequacy decisions

  • Standard contractual clauses

  • Equivalent lawful transfer mechanisms

8. Data Retention

We retain personal data only for as long as necessary.

  • Enquiry data: retained only as long as required to respond and maintain records.

  • Technical/security logs: retained in accordance with hosting and security requirements.

  • Cookie data: retained in accordance with our Cookies Policy.

We regularly review retention practices to ensure data is not held longer than necessary.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting infrastructure

  • HTTPS encryption

  • Restricted access controls

  • Platform-level security protections

While no system can be guaranteed 100% secure, we take reasonable steps to protect your data.

10. Your Rights (UK)

Under UK data protection law, you have the right to:

  • Access your personal data

  • Request correction

  • Request erasure

  • Restrict processing

  • Object to processing

  • Data portability (where applicable)

  • Withdraw consent

  • Lodge a complaint

To exercise your rights, contact: creations@tfcentenary.com

We may require proof of identity before fulfilling certain requests.

11. Children

This Website is not directed at children under 13.
We do not knowingly collect personal data from children.

If we become aware that personal data has been collected from a child without appropriate consent, we will delete it.

12. Third-Party Links

This Website may contain links to third-party websites.

We are not responsible for the privacy practices of those websites. You should review their privacy policies separately.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in law

  • Changes in regulatory guidance

  • Updates to our website or services

The “Last updated” date indicates when this policy was last revised.

14. Contact Details

Data Controller: St. Petersburg Collection
Website: Creations – Theo Fabergé Website
Email: creations@tfcentenary.com

15. Complaints

If you have concerns about how we handle personal data, please contact us first.

You also have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)


Return To Homepage
Return To Homepage