Here’s a comprehensive UK GDPR-compliant privacy policy for Tavi & Moor:

Privacy Policy

Last updated: 19/10/2025

1. Who We Are

Tavi & Moor is a small handmade business based in Devon, UK, specialising in 3D printed toys and gifts.

Website address: https://taviandmoor.co.uk
Business name: Tavi & Moor
Contact email: help@taviandmoor.co.uk
Business address: Devon, UK

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy explains how we collect, use, and protect your personal information in accordance with UK GDPR and the Data Protection Act 2018.

2. What Information We Collect

Information You Provide to Us

When you place an order, create an account, or contact us, we collect:

  • Name and contact details (email address, phone number, delivery address)
  • Payment information (processed securely by our payment provider – we do not store card details)
  • Order history and preferences
  • Communication history (emails, messages, enquiries)

Information We Collect Automatically

When you visit our website, we may collect:

  • Technical information including IP address, browser type, device information
  • Usage data including pages visited, time spent on site, referral source
  • Cookie data (see Cookies section below)

Comments

If you leave a comment on our blog or product reviews, we collect the data shown in the comment form, your IP address, and browser user agent string to help with spam detection.

3. How We Use Your Information

We use your personal data to:

  • Process and fulfill your orders (including delivery and customer service)
  • Communicate with you about your order, respond to enquiries, and provide customer support
  • Send marketing communications (only if you’ve opted in – you can unsubscribe at any time)
  • Improve our website and services through analytics and feedback
  • Comply with legal obligations (such as tax and accounting requirements)
  • Prevent fraud and ensure website security

Legal Basis for Processing

We process your data under the following legal bases:

  • Contract performance – to fulfill orders and provide services you’ve requested
  • Legitimate interests – to operate our business, improve our services, and prevent fraud
  • Consent – for marketing communications (you can withdraw consent at any time)
  • Legal obligation – to comply with accounting, tax, and other legal requirements

4. Cookies

What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services.

Cookies We Use

Essential Cookies (necessary for the website to function):

  • Shopping basket contents
  • Login session cookies (if you have an account)
  • Security and fraud prevention

Analytics Cookies (to understand how visitors use our site):

  • Google Analytics or similar services to track page views, traffic sources, and user behaviour
  • These cookies are anonymised and do not identify you personally

Marketing Cookies (with your consent):

  • Cookies from social media platforms if you interact with our social content
  • Advertising cookies if we run any paid campaigns

Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality, such as your ability to complete purchases.

Most browsers allow you to:

  • See what cookies are stored and delete them individually
  • Block third-party cookies
  • Block all cookies
  • Delete all cookies when you close your browser

5. Who We Share Your Data With

We only share your personal data when necessary to provide our services or comply with the law:

Service Providers

  • Payment processors (Stripe, PayPal, or similar) – to process transactions securely
  • Shipping carriers (Royal Mail, courier services) – to deliver your orders
  • Email service provider (Mailchimp, or similar) – to send newsletters (if you’ve subscribed)
  • Web hosting provider – to host our website and store data securely
  • Accounting software – for tax and bookkeeping purposes

All service providers are carefully selected and required to keep your data secure and confidential.

Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to protect our legal rights.

We will never sell or rent your personal data to third parties for marketing purposes.

6. International Data Transfers

Your data is primarily stored within the UK and EU. If we use service providers located outside the UK/EU (such as some email or cloud services), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner’s Office
  • Privacy Shield certification (where applicable)
  • Ensuring the provider is in a country with adequate data protection laws

7. How Long We Keep Your Data

We retain your personal data only as long as necessary:

  • Order information – 7 years (required by HMRC for tax and accounting purposes)
  • Marketing data – Until you unsubscribe or request deletion
  • Website accounts – Until you request deletion
  • Comments – Indefinitely (to maintain conversation context, but you can request removal)
  • Analytics data – Typically 26 months (anonymised)

After these periods, data is securely deleted or anonymised.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can ask us to correct any inaccurate or incomplete information.

Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data, unless we’re legally required to keep it (e.g., for tax records).

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a commonly used, machine-readable format to transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we process data based on consent (e.g., marketing emails), you can withdraw consent at any time.

To exercise any of these rights, please contact us at data@taviandmoor.co.uk.

We will respond within one month. These rights are subject to certain exemptions (e.g., we must retain data for legal/tax purposes).

9. Data Security

We take security seriously and implement appropriate measures to protect your data:

  • Secure socket layer (SSL) encryption for data transmission
  • Secure payment processing (we do not store card details)
  • Regular security updates to our website and systems
  • Access controls limiting who can view your data
  • Secure backups to prevent data loss

However, no internet transmission is 100% secure. We cannot guarantee absolute security but will notify you of any data breach where legally required.

10. Children’s Privacy

Our website and products are suitable for all ages, but we do not knowingly collect personal data from children under 13 without parental consent. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Third-Party Websites

Our website may contain links to third-party websites (e.g., social media, payment providers). We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing personal information.

12. Embedded Content

Our website may include embedded content from other platforms (e.g., YouTube videos, Instagram posts). These platforms may collect data about you, use cookies, and track your interaction with embedded content if you’re logged into their services.

13. Marketing Communications

If you’ve opted in to receive marketing emails, we’ll send you:

  • New product launches
  • Special offers and discount codes
  • Behind-the-scenes content from our workshop

You can unsubscribe at any time by clicking the “unsubscribe” link in any email or contacting us directly.

We will never send unsolicited marketing emails or share your email address with third parties for marketing purposes.

14. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We’ll post any changes on this page with an updated “Last updated” date.

For significant changes, we may notify you by email or via a prominent notice on our website.

15. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:

Email: hello@taviandmoor.co.uk
Website: https://taviandmoor.co.uk

16. Complaints

If you’re unhappy with how we’ve handled your personal data, you have the right to complain to the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

This privacy policy was last updated on 19/10/2025 and applies to all users of taviandmoor.co.uk.