PRIVACY POLICY

Last Updated: 20th November 2025

1. Introduction

This Privacy Policy (the "Policy") explains in detail how SUNDAY STORY CO LTD, registered at 71–75 Shelton Street, London, England, WC2H 9JQ ("SUNDAY STORY," "we," "us," or "our"), collects, uses, stores, discloses, and protects personal data when you access our website at sundaystory.co (the "Website") or otherwise communicate or interact with us through digital platforms, email, social media, or any services we provide (collectively, the "Services").

This Policy is intended to satisfy the transparency and disclosure obligations imposed under:

  • The General Data Protection Regulation (EU GDPR)

  • The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018

  • US state privacy laws, including but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), as well as the privacy laws of Colorado, Connecticut, Utah, and Virginia

  • The Australia Privacy Act 1988 and the Australian Privacy Principles (APPs)

By using the Services, you acknowledge that your personal data will be processed in accordance with this Policy.

2. Data Controller and Representative Information

For individuals in the UK, European Economic Area (EEA), or Switzerland, the data controller responsible for your personal data is:

SUNDAY STORY CO LTD
71–75 Shelton Street
London, England, WC2H 9JQ

For individuals in the United States, we act as a “business,” "controller," or “covered entity” (as defined under applicable laws).

You may contact us regarding any privacy matter at: hello@sundaystory.co.

3. Categories of Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data, including:

3.1 Data You Provide to Us Voluntarily

  • Identity Data: first name, last name

  • Contact Data: email address, phone number, postal address, region or country

  • Vendor or Submission Data: personal data submitted for wedding listings or editorial content

  • Payment Data: billing information, transaction details (processed by third-party payment processors; we do not store full card numbers)

  • Communications Data: emails, support requests, enquiries, and related records

  • Profile and Preference Data: marketing preferences, communication preferences

  • Survey Responses and Feedback

3.2 Data Collected Automatically

When you access the Website, we automatically collect:

  • IP address and approximate location

  • Device identifiers, operating system, browser type and version

  • Time zone and language settings

  • Usage data: pages viewed, referring URLs, interaction data

  • Cookies, pixels, and similar tracking technology

3.3 Data from Third Parties

We may receive personal data from:

  • Vendors or Couples who submit wedding information

  • Advertising partners and analytics providers

  • Social media platforms (subject to your settings)

  • Payment processors

We require third parties who submit wedding content containing third-party data to confirm they have obtained the necessary permissions.

4. Legal Bases for Processing (UK/EU/AUS)

Under the UK and EU GDPR and Australia’s APPs, we rely on the following lawful bases for processing personal data:

4.1 Performance of a Contract

We process personal data when necessary to:

  • Provide and operate the Services

  • Respond to your enquiries

  • Manage billing, subscriptions, and transactions

4.2 Legitimate Interests

We process personal data for purposes including:

  • Improving our Services and Website functionality

  • Conducting analytics and performance monitoring

  • Protecting against fraud, misuse, and security threats

  • Communicating about updates or similar services

We always perform a balancing test to ensure our interests do not override your fundamental rights.

4.3 Consent

Used for:

  • Marketing communications (where legally required)

  • Placing non-essential cookies

  • Certain international transfers

Consent may be withdrawn at any time.

4.4 Compliance with Legal Obligations

We process personal data to comply with:

  • Tax, accounting, and financial reporting laws

  • Regulatory investigations

  • Data subject rights requests

5. Purposes of Processing Personal Data

We use personal data for the following specific and detailed purposes:

  • Service delivery: providing access to the Website, managing submissions, and processing payments

  • Customer support: responding to enquiries, troubleshooting, and resolving issues

  • Content publication: publishing weddings or Vendor information (with consent where required)

  • Personalisation: tailoring content, recommendations, and advertising

  • Marketing and promotions: sending newsletters, promotions, and updates

  • Analytics: researching usage trends, improving functionality, and measuring engagement

  • Security and fraud prevention: monitoring for suspicious activity and enforcing terms

  • Compliance: fulfilling legal, regulatory, or contractual obligations

6. Cookie Policy

6.1 Overview

This Cookie Policy explains how we use cookies, pixels, tags, scripts, SDKs, and similar tracking technologies (“Cookies”) on our Website and Services. It forms part of our Privacy Policy and should be read together with it.

We use Cookies for a variety of purposes, including ensuring the Website operates securely, analysing usage, providing personalised content and advertising, and enabling certain features. Some Cookies are strictly necessary; others require your consent depending on your jurisdiction.

6.2 Definitions

  • “Cookies” means small data files placed on your device when you visit our Website.

  • “First-party Cookies” are set directly by us.

  • “Third-party Cookies” are set by other organisations, such as analytics or advertising partners.

  • “Session Cookies” are temporary and expire when you close your browser.

  • “Persistent Cookies” remain until they expire or are deleted.

 

6.3 Types of Cookies We Use

(a) Strictly Necessary Cookies

These Cookies are essential for the Website to function correctly and securely. They enable functions such as page navigation, secure login, fraud prevention, and cookie consent preferences.
Legal basis (UK/EU/AUS): Legitimate Interests; not subject to consent under ePrivacy rules.
Legal basis (US): Required for essential service provision.

(b) Functional Cookies

These Cookies allow us to remember your preferences (e.g., language, region, cookie choices) and enhance your experience.
Legal basis: Consent (UK/EU/AUS); Legitimate Interests (certain US states).

(c) Performance and Analytics Cookies

Used to gather statistical information about how visitors use the Website, such as page views, dwell time, and navigation paths. Common tools include Google Analytics and Meta analytics products.
Legal basis: Consent (UK/EU/AUS); Legitimate Interests/Notice-and-opt-out (US).

(d) Advertising and Targeting Cookies

Used to deliver personalised advertisements, measure advertising performance, limit ad frequency, build audiences, and track browsing behaviour across websites. These may be set by advertising networks such as Google Ads, Meta, Pinterest, or similar platforms.
Legal basis: Consent (UK/EU/AUS); Notice-and-right-to-opt-out (US CPRA/Colorado/Connecticut/Virginia).

 

6.4 Legal Basis for Use of Cookies

Our use of Cookies is governed by:

  • UK GDPR and the Privacy and Electronic Communications Regulations (PECR)

  • EU GDPR and the ePrivacy Directive

  • Australian Privacy Act 1988 and the Australian Privacy Principles (APPs)

  • US state privacy laws, including:

    • California Consumer Privacy Act (CCPA/CPRA)

    • Colorado Privacy Act

    • Virginia CDPA

    • Connecticut and Utah privacy laws

Where required by law (primarily UK/EU/AUS), we only place non-essential Cookies with your consent.

In the US, Advertising Cookies may qualify as “sharing” or “targeted advertising”, and you may opt out at any time.

 

6.5 Cookie Banner and Consent Mechanism

Upon your first visit to our Website, you will be presented with a Cookie Banner that:

  • Informs you of the types of Cookies we use

  • Gives you the option to Accept All, Reject Non-Essential Cookies, or Manage Preferences

  • Provides granular control over Cookie categories

  • Records and stores your choices as legally required

  • Allows you to withdraw or amend consent at any time

Your preferences may be refreshed periodically to confirm consent remains valid.

6.6 Google Consent Mode & Similar Technologies

Where applicable, we implement Google Consent Mode (v2) and similar frameworks to ensure Google’s measurement and advertising services operate in compliance with consent selections.

If you reject Advertising or Analytics Cookies, Google’s tags will adjust behaviour automatically (e.g., cookieless pings, limited functionality).

6.7 Third-Party Cookies

Third-party partners may place Cookies on our Website to provide services such as:

  • Analytics (e.g., Google Analytics, Meta Pixel)

  • Advertising and retargeting

  • Social media functionality

  • Embedded content (video players, booking forms, maps)

These third parties may use the information collected for their own purposes, including profiling and interest-based advertising, subject to their privacy policies.

6.8 Managing Cookies

You can manage Cookies in three ways:

(a) Through our Cookie Settings

You may adjust your Cookie preferences at any time via the Cookie Settings link in our Website footer.

(b) Browser Controls

You can configure your browser to:

  • Block Cookies

  • Delete Cookies

  • Notify you before Cookies are placed

Blocking certain Cookies may impact site functionality.

(c) Advertising Opt-Out Tools

You may also opt out of behavioural advertising using:

  • Network Advertising Initiative (NAI) opt-out tools

  • Digital Advertising Alliance (DAA) tools

  • Google Ads Settings

  • Meta Ads Preferences

  • Australian Digital Advertising Alliance tools

These opt-outs are device and browser specific.

6.9 Retention

Cookies are kept for the period necessary to fulfil their purpose. Expiry periods vary depending on the Cookie type and provider.

Analytics and advertising partners may store identifiers for periods ranging from a few minutes to several years, depending on configuration and legal requirements.

6.10 Changes to This Cookie Policy

We may update this Cookie Policy to reflect changes to our use of Cookies, technology, or legal obligations. Material changes will be communicated via our Website or Cookie Banner.

6.11 Contact

For any questions regarding Cookies, please email:
hello@sundaystory.co

7. Disclosure of Personal Data to Third Parties

We may share personal data with:

7.1 Service Providers (Processors)

Including:

  • Website hosting providers

  • Cloud storage providers

  • Payment processors

  • Analytics partners

  • IT and security services

  • Email and marketing platforms

These parties may only process data under our instructions.

7.2 Third Parties You Authorise

If you submit wedding content, you may authorise us to share relevant data with Vendors or others involved.

7.3 Advertising Providers

We may share limited data (such as hashed identifiers, device data, or analytics) with platforms such as Google and Meta for personalised advertising.

7.4 Business Transfers

Your data may be transferred to a successor entity in the event of merger, acquisition, or dissolution.

7.5 Legal and Regulatory Bodies

We may disclose data when necessary to:

  • Comply with legal obligations

  • Respond to court orders or government requests

  • Enforce agreements

  • Protect rights, safety, and property

We do not sell personal data for monetary value. For US purposes, certain advertising-related sharing may be considered "sharing."

8. International Transfers

We may transfer personal data to countries outside your jurisdiction. These include:

  • United States

  • United Kingdom

  • EU/EEA

  • Australia

  • Countries where our service providers are located

Where required, we use appropriate safeguards:

  • EU Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Agreement (IDTA)

  • Adequacy decisions

  • Contractual protections and risk assessments

9. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including to:

  • Provide the Services

  • Resolve disputes

  • Enforce agreements

  • Meet legal obligations

After expiration of the retention period, data is securely deleted or anonymised.

10. Security Measures

We use administrative, technical, and physical safeguards, including:

  • Encryption and pseudonymisation

  • Firewalls and intrusion detection systems

  • Secure servers and access controls

  • Employee training and confidentiality obligations

Despite safeguards, no system can be guaranteed 100% secure.

11. Children's Privacy

Our Services are intended for individuals aged 18 and older. We do not knowingly collect personal data from minors. If we learn that such data has been collected, we will delete it unless legally required to retain it.

12. Marketing Communications

You may receive marketing communications:

  • With your consent (where required), or

  • Based on our legitimate interests for existing customers

You may opt out using the "unsubscribe" link or by contacting us.

13. Your Rights Under Privacy Laws

Your rights depend on your residence.

13.1 UK & EU GDPR Rights

You have the right to:

  • Access your personal data

  • Request correction

  • Request deletion

  • Restrict processing

  • Object to processing (including marketing)

  • Data portability

  • Withdraw consent

  • Lodge a complaint with a supervisory authority

13.2 US State Rights (incl. CCPA/CPRA)

You may have the right to:

  • Know what information is collected

  • Access personal information

  • Request deletion or correction

  • Opt out of sale/share and targeted advertising

  • Limit use of sensitive data

  • Appeal denials of rights requests

  • Not be discriminated against

A "Do Not Sell or Share My Personal Information" option will be made available where required.

13.3 Australia APP Rights

You may:

  • Request access to your personal information

  • Request corrections

  • Lodge complaints with us or the OAIC

14. Exercising Your Rights

To exercise any rights, contact us at:

hello@sundaystory.co

We may request identity verification before responding.

15. Third-Party Links

The Website may contain links to third-party websites. We are not responsible for their content or privacy practices. Providing personal data to third parties is at your own risk.

16. Changes to This Privacy Policy

We may update this Policy periodically. Updated versions will be posted on this page with a revised effective date.

17. Contact Details

Email: hello@sundaystory.co
Address: 71–75 Shelton Street, London, England, WC2H 9JQ

Additional regulatory contacts:

  • UK ICO: ico.org.uk

  • OAIC (Australia): oaic.gov.au