Welcome to Toffeetree Books.
We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights under UK data protection law.
This policy applies to information collected through our website (toffeetreebooks.co.uk), email communications, and any related services.
1. Who we are
Toffeetree Books is an independent bookseller based in the United Kingdom.
For the purposes of data protection law, we are the data controller – responsible for how your information is collected and used.
2. The information we collect
We only collect information necessary to provide our services and process your orders safely.
We may collect:
- Contact details: name, address, email, and phone number.
- Payment details: securely processed by our payment provider (we do not store card numbers).
- Order information: products purchased, delivery address, and order history.
- Account information: if you create an account on our website.
- Communications: emails or messages you send us.
- Website usage data: such as IP address, browser type, and browsing behaviour, collected via cookies or analytics tools.
3. How we use your information
We use your personal information to:
- Process and deliver your orders.
- Communicate with you about your purchase or queries.
- Manage returns, refunds, and exchanges.
- Comply with legal obligations.
- Improve our website and customer experience.
- (If you choose) send updates, offers, or newsletters – you can unsubscribe anytime.
4. Legal basis for processing
We process your data only when we have a lawful reason, including:
- Contract: to fulfil your order or respond to your enquiries.
- Legal obligation: to meet contractual and accounting requirements.
- Consent: for marketing communications (you can withdraw consent anytime).
- Legitimate interest: to improve our website and prevent fraud.
5. Sharing your information
We only share your data with trusted third parties when necessary, such as:
- Delivery partners (e.g. Royal Mail) to send your order.
- Payment processors (e.g. Bank Transfer, PayPal) to handle payments securely.
- Website hosting and analytics providers to maintain our site.
All partners are GDPR-compliant and process your data securely on our behalf.
We never sell or rent your personal information to anyone.
6. Data security
We take your privacy seriously and use appropriate security measures to protect your personal data from loss, misuse, or unauthorised access.
All payment information is encrypted and processed securely via our payment partners.
7. Data retention
We keep your information only as long as necessary:
- Order and transaction records – up to 6 years (legal reasons)
- Marketing preferences – until you unsubscribe or request deletion
When we no longer need your data, we delete or anonymise it securely.
8. Your rights
Under UK GDPR, you have the right to:
- Access a copy of your personal data.
- Correct inaccurate or incomplete data.
- Request deletion (“right to be forgotten”).
- Restrict or object to processing.
- Withdraw consent for marketing.
- Request data portability (transfer to another provider).
To exercise any of these rights, email us at bark@toffeetreebooks.co.uk.
We’ll respond within one month as required by law.
If you’re not satisfied with our response, you have the right to contact the Information Commissioner’s Office (ICO).
9. Cookies
Our website uses cookies to:
- Improve site performance and user experience.
- Analyse how visitors use our site.
You can manage or disable cookies through your browser settings.
For full details, see our Cookie Policy (available on our website).
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law or our business.
Contact Us
If you have any questions about how we handle your data, please contact us:
bark@toffeetreebooks.co.uk
Any updates will appear on this page, and the “Last updated” date will be revised.
Last updated: November 2025.
