Privacy Policy

At Totterley, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website (totterley.com) or place an order with us.

By using our website, you agree to the collection and use of information in accordance with this policy.

Who We Are

Totterley is a UK-based online retailer selling baby and toddler products including wooden toys, play mats, and baby walkers.

Contact details:

For any questions or concerns about your personal data, please contact us using the details above.

What Information We Collect

We collect personal information that you provide directly to us, as well as some data collected automatically when you use our website.

Information you provide:

  • Name
  • Email address
  • Delivery address
  • Billing address
  • Phone number
  • Payment information (processed securely by our payment provider – we do not store card details)
  • Any communications you send us (such as emails or contact form messages)

Information collected automatically:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent on our website
  • Referring website
  • Cookies and similar technologies (see our Cookies section below)

How We Use Your Information

We use your personal information for the following purposes:

To fulfil your order

  • Processing and dispatching your purchase
  • Sending order confirmations and shipping updates
  • Handling returns and refunds

To communicate with you

  • Responding to enquiries and customer service requests
  • Sending important information about your order

To improve our services

  • Analysing website usage to improve user experience
  • Identifying and fixing technical issues

To comply with legal obligations

  • Maintaining records for tax and accounting purposes
  • Responding to lawful requests from authorities

Marketing (only with your consent)

  • Sending promotional emails about new products, offers, or updates

You can opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contract: To fulfil our contract with you when you place an order
  • Legal obligation: To comply with legal and regulatory requirements
  • Legitimate interests: To operate and improve our business, provided this doesn't override your rights
  • Consent: For marketing communications, which you can withdraw at any time

How We Share Your Information

We do not sell, rent, or trade your personal information to third parties.

We may share your data with trusted third-party service providers who help us operate our business, including:

  • Shopify: Our e-commerce platform that hosts our website and processes orders
  • Payment processors: To securely handle transactions (e.g., PayPal, Stripe, or similar)
  • Courier and delivery services: To deliver your order
  • Analytics providers: To help us understand website usage (e.g., Google Analytics)

These providers only have access to the information necessary to perform their services and are required to protect your data in accordance with applicable laws.

We may also disclose your information if required by law, legal process, or to protect our rights and safety.

Cookies

Our website uses cookies – small text files stored on your device – to improve your browsing experience.

Types of cookies we use:

  • Essential cookies: Required for the website to function properly (e.g., shopping cart, checkout)
  • Analytics cookies: Help us understand how visitors use our site so we can improve it
  • Marketing cookies: Used to deliver relevant advertisements (only with your consent)

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect website functionality.

For more information, see our Cookie Policy [link if you create a separate page].

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

  • Order information: Retained for 6 years to comply with UK tax and accounting requirements
  • Marketing preferences: Retained until you unsubscribe or request deletion
  • Website analytics data: Retained in anonymised form

Data Security

We take appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, or alteration.

Our website uses SSL (Secure Socket Layer) encryption to protect data transmitted between your browser and our servers. Payment information is processed securely by PCI-compliant payment providers – we never store your full card details.

Your Rights

Under UK data protection law, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Request transfer of your data to another service
  • Right to object: Object to processing based on legitimate interests or for marketing purposes
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@totterley.com. We will respond to your request within one month.

If you're not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any third-party websites you visit.

Children's Privacy

Our website is not intended for use by children under 16 without parental consent. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised "last updated" date.

We encourage you to review this policy periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: