Don’t miss our launch!

Notify me

A synergy of art & time

Privacy Policy

1. Introduction

1.1 We are committed to safeguarding the privacy of our website visitors and customers. While we are committed to maintaining the security of data and privacy as much as we can reasonably do so, and have taken appropriate technical and organisational measures to ensure a level of security appropriate to the risk (see below), please note that it is impossible to guarantee 100% security of data and privacy, so any data you provide in any way to our business is provided at your own risk.

How We Protect Your Data
We take the security of your personal data seriously and have implemented a layered “defence-in-depth” approach to protect your information from unauthorised access, alteration, or disclosure.

Technical Security Measures:

  • Data Encryption in Transit: Our website is secured with a 256-bit SSL (Secure Sockets Layer) certificate provided via BlueHost and Let’s Encrypt. This ensures that all data transmitted between your browser and our server is encrypted and protected from interception
  • Web Application Firewall (WAF): We use the All-In-One Security (AIOS) suite to maintain a robust firewall at the application level. This blocks malicious PHP requests and protects against common vulnerabilities like Cross-Site Scripting (XSS) and SQL injection.
  • Bot and Spam Protection: We employ Bad Behavior and AIOS bot-blocking technology to identify and prevent automated “bad bots” and malicious scripts from accessing our site’s resources or harvesting data.
  • Login Security: To prevent brute-force attacks, we have strict login lockout rules and hidden administrative entry points. We use enhanced “WordPress Salts” to secure passwords stored in our database.
  • All relevant passwords and confidential data are stored in a file encrypted using ES-256 (Advanced Encryption Standard with a 256-bit key) which is the industry standard for strong encryption, considered secure for sensitive data.

Payment Security (PCI Compliance):

  • We do not store or process your credit card details on our servers. All transactions are handled through the Shopify Buy Button integration.
  • Your payment data is processed on Shopify’s Level-1 PCI DSS compliant platform.
  • Shopify uses industry-leading encryption and security protocols to ensure your financial information is never visible to us.

Organisational Access Controls
Strict Access Limits: Access to the website’s administrative backend and customer data is strictly limited. Currently, the business owner is the sole individual with access to these systems.

Secure Hosting Environment: Our website is hosted on BlueHost’s shared environment, which utilizes account isolation to ensure that other users on the same server cannot access our site’s files or data.

1.2 This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.

1.4 We use cookies on our website. Please see our cookie policy for details.

1.5 In this policy, “we”, “us” and “our” refer to UnconstrainedTime. For more information about us, see Section 14.

2. Credit

2.1 This document was created using a template from Docular (https://seqlegal.com/free-legal-documents/privacy-policy).

3. The personal data that we collect

3.1 In this Section 3 we have set out the general categories of personal data that we process.

3.2 We may process data enabling us to get in touch with you (“contact data“). The contact data may include your name, email address, telephone number, postal/mailing address and/or social media account identifiers. The source of the contact data is you. Note that submitting the contact form on this website. or contacting us in any other way, constitutes agreement to our terms etc.

3.3 We may process your “account data“. The account data may include your account identifier, name, email address, business name, account creation and modification dates, website settings and marketing preferences. The primary reason we collect account data is so that you can purchase products from our website and we can get them shipped to you. The primary source of the account data is you although some elements of the account data may be generated by our website or systems it connects to (such as Shopify which we use for e-commerce).

3.4 We may process information relating to transactions, including purchases of goods and/or services, that you enter into with us and/or through our website (“transaction data“). The transaction data may include your name, your contact details, your payment card details (or other payment details, which would typically only be retained, in encrypted form, by the payment processing company(s) we use), and the transaction details which may be collected, processed and stored by the e-commerce company we use, which is: https://www.shopify.com/uk

The source of the transaction data is you.

3.5 We may process information contained in or relating to any communication that you send to us or that we send to you (“communication data“). The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. Data from contact forms may be forwarded to one or more of our personnel.

3.6 We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system, which includes Google Analytics and any other relevant systems.

3.7 We may obtain and process data pertaining to you as an affiliate and/or business partner (“affiliate data”). This may include your name, email address, telephone number, postal address, social media account identifiers, IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This data is primarily to enable us to recognize purchases by customers you have referred to us, as well as data such as statistics regarding potential customers you refer to us, and to pay commissions as appropriate. The source of data is you and your interaction with relevant areas of our website, and most of the relevant data will be initially collected, processed and stored by the affiliate platform we use to implement our affiliate program: https://uppromote.com/

We expect any affiliate or partner to agree to reciprocate this policy. For more details, see our page about our affiliate program.

3.8 Our website may also collect, use, and share data such as statistical or demographic data for any purpose relevant to our business (“aggregated data“). This data could be derived from your personal data but is not considered personal data because this data will not directly or indirectly reveal your identity as it is amalgamated with the data of other people.

3.9 Comments on our website or social media (“comment data”), which may also be used by the Akismet Anti-spam service our website uses. If you choose to leave a comment or reply to a comment on our website, that constitutes data which may include your name, email address, the contents of the comment, IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of this data is you and your use of our website or our social media channels.

3.10 Our website may also collect, use, and share data such as your name, email address, IP address, the source of that information, and any interactions you have with messages sent by relevant systems, for use in our mailing-list (“priority-list”) direct marketing system to inform you about our business and products etc. (“mailing-list data“). The source of this data is the data you enter into the web-form when you join our mailing-list (“priority list”). This data may also be collected, used and shared by the mailing-list management service we use, which is https://www.klaviyo.com/uk/

We use Klaviyo for email marketing services. Klaviyo is based in the USA. Data transfers to Klaviyo are protected by its certification under the UK Extension to the EU-U.S. This means Klaviyo has been deemed to provide an adequate level of protection for both EU and UK personal data.

4. Purposes of processing and legal bases

4.1 In this Section 4, we have set out the purposes for which we may process personal data and the legal bases of the processing.

Legal Basis. Under the UK General Data Protection Regulation (UK GDPR), the legal basis we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us.

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We need it to perform a public task.

(f) We have a legitimate interest.

4.2 Operations – We may process your personal data for the purposes of operating our website, the processing and fulfilment of orders, providing our services, supplying our goods, generating invoices, and bills and other payment-related documentation. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract (such as relating to the purchase of one of our products).

4.3 Publications – We may process account data for the purposes of publishing such data on our website, social media accounts and elsewhere through our services in accordance with your express instructions. The legal basis for this processing is consent OR our legitimate interests, namely the publication of content in the ordinary course of our operations OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract (for example a contract relating to the purchase of one of our products).

4.4 Relationships and communications – We may process contact data, account data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of relationships, and the proper administration of our website, services and business.

4.5 Direct marketing – We may process contact data, account data and/or transaction data for the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is consent OR our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website visitors and service users.

4.6 Research and analysis – We may process usage data and/or transaction data for the purposes of researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is consent OR our legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally.

4.7 Record keeping – We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.

4.8 Security – We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.

4.9 Insurance and risk management – We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

4.10 Legal claims – We may process your personal data where necessary for [the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

4.11 Legal compliance and vital interests – We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

5. Providing your personal data to others

5.1 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.

5.2 Your personal data held in our website database will be stored on the servers of our hosting services providers https://www.bluehost.com/

Our website is hosted by Bluehost (Bluehost Inc.), located in the USA. Any personal data processed through our website is transferred to the USA under Standard Contractual Clauses approved by the European Commission, as well as the UK International Data Transfer Addendum, which contractually require Bluehost to protect your data to EU and UK standards.

5.3 We may disclose relevant data to our suppliers or subcontractors including:

  • the assembly company who assembles watches for us (yet to be determined, at the time of writing). We need to inform them of data including the details of the watch you have purchased as well as your details relevant to shipping your personalized watch to you.

insofar as reasonably necessary for manufacturing, assembling, testing and shipping products you have ordered.

5.4 Financial transactions relating to our website and services may be handled by our payment services providers (including Shopify). We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at https://www.shopify.com/uk

5.5 In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

6. International transfers of your personal data

6.1 In this Section 6, we provide information about the circumstances in which your personal data may be transferred to a third country under UK and/or EU data protection law.

6.2 We may transfer your personal data between countries where we store or process the data, as relevant to the operation of our business.

6.3 The hosting facilities for our website are situated in the US (owned by https://www.bluehost.com/ ). The competent data protection authorities have made an adequacy determination with respect to the data protection laws of relevant countries. Transfers between relevant countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities. Some of the software our website uses may have been developed in other countries and may share some types of data with those countries.

Our website is hosted by Bluehost (Bluehost Inc.), located in the USA. Any personal data processed through our website is transferred to the USA under Standard Contractual Clauses approved by the European Commission, as well as the UK International Data Transfer Addendum, which contractually require Bluehost to protect your data to Eu and UK standards.

6.5 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

6.6 Encryption of data sent between us. We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you may give us. Whenever information is transferred between you and us, you can verify that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

7. Retaining and deleting personal data

7.1 This Section 7 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

7.2 We do not keep your personal data for longer than is necessary for the purposes for which it was collected. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and applicable legal requirements.

Our criteria for retention include:

  • Legal & Tax Obligations: The UK requirement to maintain “business records” (including transaction and tax data) for a minimum of 6 years from the end of the last financial year they relate to.
  • Contractual Necessity: The duration of your contract with us, including the 2-year warranty period and the 6-year limitation period for bringing legal claims under the Limitation Act 1980.
  • Customer Engagement: Whether you are an active subscriber to our updates or have an open account with us.

7.3 We will retain your personal data as follows:

(a) Transaction & Account Data: We retain records of your purchases and account details for a minimum of 6 years and a maximum of 8 years following the end of the financial year in which the transaction occurred. This ensures compliance with HMRC requirements and allows us to honour your 2-year warranty and statutory rights.

(b) Contact & Communication Data: Correspondence (emails, contact forms) is retained for a minimum of 2 years (to cover the warranty period) and a maximum of 6 years after our last contact with you, unless it relates to a specific transaction, in which case the transaction retention period applies.

(c) Marketing Data: If you have opted-in to receive our newsletter via Klaviyo, we retain your data until you unsubscribe or withdraw consent. Once you unsubscribe, we keep a minimal “suppression list” indefinitely to ensure we respect your request not to be contacted.

(d) Usage Data: Analytical data regarding your use of our website is retained for a maximum of 26 months (aligned with standard Google Analytics retention), after which it is deleted or fully anonymised so it can no longer be associated with you.

(e) Other Categories: Any other data not specified above will be retained for no longer than 6 years following the date of collection, in line with UK statutory limitation periods.

7.4 Notwithstanding the provisions above, we may retain your personal data where such retention is necessary for compliance with a legal obligation (such as a court order), to establish or defend legal claims, or to protect the vital interests of you or another person.

8. Your rights

8.1 In this Section 8, we have listed the rights that you have under data protection law.

8.2 Your principal rights under data protection law are:

  • (a) the right to access – you can ask for copies of your personal data;
  • (b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
  • (c) the right to erasure – you can ask us to erase your personal data;
  • (d) the right to restrict processing – you can ask us to restrict the processing of your personal data;
  • (e) the right to object to processing – you can object to the processing of your personal data;
  • (f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;
  • (g) the right to complain to a supervisory authority – you can complain about our processing of your personal data; and
  • (h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

Regarding GDPR: the UK GDPR grants individuals eight specific rights:

  1. Right to be informed (satisfied by the policy itself).
  2. Right of access (Subject Access Requests).
  3. Right to rectification (correcting data).
  4. Right to erasure (the “right to be forgotten”).
  5. Right to restrict processing.
  6. Right to data portability.
  7. Right to object (particularly to direct marketing).
  8. Rights related to automated decision-making and profiling.

For Subject Access Requests, we may “stop the clock” on the response time if we require further information from the requester to identify them or the data they seek.

8.3 These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://www.edpb.europa.eu/edpb_en and https://ico.org.uk/

8.4 You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.

6.5 How to complain. If you have any concerns about our use of your personal information, you can make a complaint to us, using our contact details.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK

Helpline number: 0303 123 1113

ICO website: https://ico.org.uk

13. Amendments

13.1 We may update this policy from time to time by publishing a new version on our website.

13.2 You should check this page occasionally to ensure you are happy with any changes to this policy.

13.3 We may notify you of significant changes to this policy by email.

14. Our details

14.1 This website is owned and operated by Unconstrained Ltd..

14.2 We are registered in England and Wales: Co No. 15293105, and our registered office is at 124 City Road, London, EC1V 2NX, England. (no personal callers).

14.4 You can contact us:

You can contact us:

(a) by post, to the postal address given above;

(b) using our website contact form;

(c) by email, using the email address published on our website.

(d) on our social media. The links for these are given at the bottom of each page.

15. Representatives

15.1 Our representative and data protection officer within the UK and EU with respect to our obligations under data protection law is UnconstrainedTime Ltd. and you can contact our representative using the contact form on this website.

Updated: