Effective Date: March 17, 2026 Last Updated: March 17, 2026

Who We Are Our website address is: https://bluebloodleatherworks.com. Blueblood Leatherworks (“we,” “us,” or “our”) operates this e-commerce website powered by WooCommerce on WordPress. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our site, make a purchase, leave comments, subscribe to our newsletter, or otherwise interact with us.

We are committed to protecting your privacy in accordance with the Nigeria Data Protection Act 2023 (NDPA), Nigeria Data Protection Regulation 2019, and applicable international standards such as the GDPR where relevant. This policy applies to all visitors, customers, newsletter subscribers, and registered users.

Information We Collect

1. Information You Provide Directly

• Checkout / Order information: name, billing address, shipping address, email address, phone number, credit card/payment details (processed securely by our gateway), and optional account information (username and password).
• Account registration: name, address, email, phone number (used to pre-fill checkout for future orders).
• Comments: data shown in the comments form, plus your IP address and browser user agent string (for spam detection). An anonymized string created from your email (hash) may be sent to the Gravatar service to check if you are using it. After comment approval, your Gravatar profile picture is publicly visible with your comment. (Gravatar privacy policy: https://automattic.com/privacy/)
• Media uploads: If you upload images, avoid including embedded location data (EXIF GPS). Visitors can download and extract any location data from images on the site.
• Newsletter subscription (via MailPoet): email address and optionally first name.
• Other communications: messages sent via contact forms, reviews, or support.
  
  

2. Information Collected Automatically

• Products you’ve viewed (to show recently viewed items).
• Location data, IP address, browser type, device information, referring URL, pages visited, and interaction data.
• Cookies and tracking (detailed below).
• Technical and usage data from WooCommerce, WordPress, and integrated tools.

3. Information from Third Parties We may receive data from payment processors, shipping carriers, or fraud-prevention services.

How We Use Your Information We use your data to:

• Process and fulfill orders, send order information, respond to requests/refunds/complaints.
• Set up and manage your account.
• Process payments and prevent fraud.
• Comply with legal obligations (taxes, accounting).
• Improve our store and offerings.
• Send marketing messages and newsletters only if you have explicitly subscribed (via MailPoet).
• Recognize and approve follow-up comments automatically.

Cookies and Tracking Technologies

We use cookies for functionality, security, and analytics.

WordPress / WooCommerce cookies

• If you leave a comment and opt-in, we save your name, email, and website in cookies for one year (for your convenience).
• Login page: temporary cookie to check if your browser accepts cookies (discarded when you close the browser).
• Login cookies: last two days (or two weeks if “Remember Me” is selected). Screen options cookies last one year.
• Post editing cookie: expires after 1 day (no personal data).

MailPoet cookies (used for newsletter and engagement tracking):

• mailpoet_page_view – expires in 3,650 days (tracks last page view by subscriber).
• mailpoet_revenue_tracking – expires in 14 days (tracks newsletter click-through to purchase).
• mailpoet_subscriber – expires in 3,650 days (tracks engagement for opted-in subscribers).
• popup_form_dismissed_{$formId} – expiry varies per form (prevents re-display of dismissed popups/slide-ins).

Other cookies We also use essential WooCommerce cookies to track cart contents while browsing. You can manage cookies via your browser settings or our cookie consent banner.

Embedded Content from Other Websites Articles on this site may include embedded content (videos, images, etc.). This content behaves exactly as if you visited the third-party site and may collect data, use cookies, or track your interaction (especially if you are logged into that site).

Data Security We use SSL/TLS encryption, regular updates to WordPress/WooCommerce/MailPoet, access controls, and PCI-DSS-compliant payment processing. Cache files (used for faster site performance) are temporary and never accessed by third parties except for technical support. We may use QUIC.cloud services to process and cache data temporarily (see https://quic.cloud/privacy-policy/).

How Long We Retain Your Data

• Comments and metadata: retained indefinitely (to recognize and approve follow-up comments).
• Order information (name, email, billing/shipping addresses): stored for 7 years for tax and accounting purposes.
• Newsletter subscriptions: until you unsubscribe.
• Registered user profiles: until you delete your account (you can see, edit, or delete your data at any time; admins can also view/edit).
• Technical/logs data: up to 36 months. We generally keep data only as long as needed for the purposes collected or as legally required.

Who on Our Team Has Access Administrators and Shop Managers can access:

• Order details (what was purchased, when, and shipping address).
• Customer information (name, email, billing/shipping addresses). This access is used only to fulfill orders, process refunds, and provide support.
  
  

Who We Share Your Data With

We do not sell your data. We share it only with trusted parties under data-processing agreements:

• Payment processors: Paystack (purchase total, billing information). See Paystack Privacy Policy for details.
• Newsletter service: MailPoet – your name and email are used to send emails you signed up for. We log the IP address used at signup to prevent abuse. MailPoet tracks opens and clicks to improve newsletters. No other identifiable information is tracked outside our site except the email address.
• WP Mail Logging: Emails triggered by actions (e.g., comments, orders) are stored in logs accessible to site management.
• Google for WooCommerce (if active): Personal data may be stored or shared with Google services.
• Hosting, shipping carriers, analytics tools, and caching providers (including QUIC.cloud).
• Spam detection: Visitor comments may be checked through an automated service.
• Legal requirements: If required by law or NDPC request.

Password resets: Your IP address is included in the reset email.

Your Data Protection Rights You have the right to:

• Access, correct, or request an exported file of your personal data.
• Request erasure of your data (except data we are legally required to keep).
• Object to or restrict processing.
• Withdraw consent (e.g., unsubscribe from MailPoet emails – link in every email).
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC).

To exercise these rights, contact us (details below). We respond within 30 days.

Children’s Privacy Our site is not directed at children under 18. We do not knowingly collect data from children.

International Data Transfers Data may be transferred outside Nigeria with appropriate safeguards (standard contractual clauses or adequacy decisions).

Third-Party Links We are not responsible for the privacy practices of external sites linked from our content.

Changes to This Privacy Policy We may update this policy. Material changes will be notified via email (to subscribers) or a prominent website notice.

Contact Us If you have any questions or wish to exercise your rights, please contact us:

Blueblood Leatherworks 45, Omo Adada Plaza (beside Babatunde Fashola Train station), Shiaba street, Ogba road, Lagos. Phone: +2348089906160 Email: bluebloodleatherworks@gmail.com

You may also contact the Nigeria Data Protection Commission at www.ndpc.gov.ng.

By using our website, placing an order, leaving a comment, or subscribing to our MailPoet newsletter, you acknowledge that you have read and understood this Privacy Policy.