Privacy policy
Last updated: 01-09-2025
1) Who we are
Toy-District (“we”, “us”, “our”) is the controller of your personal data when you shop with us, create an account, or interact with our website.
Company information
Email: vivilauge@gmail.com
Phone: +852 66439273
2) What data we collect
Identity & contact: name, email, phone, billing/shipping address.
Account data: login, hashed password, preferences, wishlists.
Order & payment data: items purchased, prices, order numbers, delivery status; we receive payment confirmations but not full card numbers (handled by payment providers).
Support & UGC: messages to customer service, product reviews.
Marketing data: your consents, subscriptions, and interaction with our emails/SMS.
Technical & usage: IP address, device/browser info, cookie IDs, pages viewed, clicks, referring pages.
We don’t intentionally collect special-category data. Please don’t include it in communications.
3) How we use your data & legal bases
Purpose Examples Legal basis
Shop & deliver process orders, payments, returns, customer service Contract (Art. 6(1)(b))
Account create/manage your account, remember preferences Contract; Legitimate interests
Service messages order confirmations, delivery updates, policy notices Contract; Legal obligation
Fraud & security verify payment, prevent abuse, maintain site security Legitimate interests; Legal obligation
Analytics & improvement site performance, troubleshooting Legitimate interests
Marketing emails/SMS/ads with offers and news Consent; Legitimate interests (soft opt-in for similar products to existing customers, with opt-out)
Legal & tax accounting, record keeping Legal obligation
You can withdraw consent at any time via links in our messages or by contacting us.
4) Cookies & similar tech (PECR)
We use cookies, pixels, and local storage to make the site work, measure performance, and personalise marketing.
Strictly necessary (site operation, checkout)
Functionality (remember choices)
Advertising (e.g., Meta/Google ads pixels)
Manage your preferences via our cookie banner or your browser settings. Blocking necessary cookies may impact functionality.
5) Payments
Payments are processed by providers such as Payments/Stripe/PayPal/Klarna (configure as applicable). These providers are independent controllers for card data and apply their own privacy notices. We receive confirmation tokens and limited payment metadata.
6) Sharing your data
We share data only with:
Service providers under contract (hosting/CDN, checkout & payments, email/SMS tools, analytics, customer support, fulfilment & couriers, fraud prevention).
Professional advisers/authorities where required by law or to protect our rights.
We do not sell personal data.
7) International transfers
When data is transferred outside the UK/EEA, we use appropriate safeguards (e.g., UK Addendum to the EU Standard Contractual Clauses). Copies of safeguards are available on request.
8) Retention
We keep data only as long as needed:
Orders & invoicing: 6 years (legal/tax)
Account: active period + up to 24 months of inactivity
Marketing: until you opt out or after 24 months of no engagement
Support tickets/reviews: 24 months after resolution
After these periods, data is securely deleted or anonymised.
9) Security
We use organisational and technical measures (TLS encryption, access controls, staff training, least-privilege access, vendor due-diligence, incident procedures). No method is 100% secure, but we work to protect your data.
10) Children
Our site is for general audiences. We don’t knowingly collect data from children under 13 without parental consent. Parents/guardians can contact us to review or delete a child’s data.
11) Your rights (UK GDPR)
You can:
Access your data
Rectify inaccuracies
Erase data (where applicable)
Restrict or object to processing
Port data you provided to us
Withdraw consent (does not affect earlier lawful processing)
To exercise rights, contact [privacy@toydistrict.co.uk]. We respond within one month (may extend for complex requests). We may ask for proof of identity.
12) Complaints
If you have concerns, please contact us first. You can also contact the Information Commissioner’s Office
