Privacy policy

Privacy Policy

Last updated: 21 February 2026

This Privacy Policy explains how Thicket & Thimble ("we", "us", "our") collects, uses, and protects your personal information when you visit or make a purchase from thicketandthimble.com ("the Site").

We are committed to protecting your privacy and handling your data responsibly. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Information We Collect

When you visit our website, we automatically collect:

  • Device information (browser type, IP address, time zone)
  • How you interact with the Site (pages viewed, products browsed, search terms)
  • Cookie and tracking data (see "Cookies" below)

When you place an order, we collect:

  • Your name, email address, and phone number
  • Billing and shipping address
  • Payment information (processed securely by Shopify Payments — we do not store card details)

When you contact us, we collect:

  • Your name and email address
  • Any information you include in your message

When you sign up for our newsletter, we collect:

  • Your email address

How We Use Your Information

We use your personal information to:

  • Fulfil orders — process payments, arrange shipping, send order confirmations and tracking updates
  • Communicate with you — respond to enquiries, provide customer support
  • Improve our website — analyse how the Site is used to improve your experience
  • Marketing — send newsletters and product updates (only with your consent; you can unsubscribe at any time)
  • Legal compliance — meet our legal and regulatory obligations

Legal basis for processing (UK GDPR):

Purpose Legal basis
Order fulfilment Contract performance
Customer support Legitimate interest
Website analytics Legitimate interest
Marketing emails Consent
Legal compliance Legal obligation

Who We Share Your Data With

We share your information only with trusted third parties who help us run our business:

  • Shopify — our e-commerce platform (Shopify's privacy policy)
  • Royal Mail — our shipping provider
  • Google Analytics — website analytics (anonymised data)
  • Mailchimp — email marketing (only if you've subscribed)
  • Payment processors — to securely process your payments

We do not sell your personal information to anyone.

Cookies

Our website uses cookies — small text files stored on your device — to make the Site work properly and to help us understand how it's used.

Essential cookies are necessary for the Site to function (shopping cart, checkout, login). These cannot be disabled.

Analytics cookies (such as Google Analytics) help us understand how visitors use the Site. You can opt out of these through your browser settings or via Google's opt-out tool.

Marketing cookies may be used to show you relevant advertisements on other platforms. You can manage your cookie preferences through your browser settings.

Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (subject to legal obligations)
  • Object to processing based on legitimate interest
  • Withdraw consent for marketing at any time
  • Data portability — receive your data in a portable format
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, contact us at hello@thicketandthimble.com.

Data Retention

We retain your personal information for as long as necessary to:

  • Fulfil the purposes described in this policy
  • Comply with legal obligations (e.g., tax records must be kept for 6 years)
  • Resolve disputes

Order data is retained for 6 years in line with HMRC requirements. You can request deletion of your account data at any time, though we may need to retain certain records for legal reasons.

Children's Privacy

Our website is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Note: While some of our products are designed for children, purchases are made by adults. We do not market directly to children.

International Transfers

Your data may be processed outside the UK by our service providers (such as Shopify, which is based in Canada). Where this happens, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on this page, with the date of the last update shown at the top. We will not materially reduce your rights under this policy without your consent.

Contact Us

If you have questions about this Privacy Policy or how we handle your data:

Email: hello@thicketandthimble.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):