Privacy Policy

Privacy Policy

Last Updated: 19 February 2026

⚖️  Compliant with: UK GDPR | EU GDPR | Data Protection Act 2018 | PECR | ICO Requirements

 

1. Introduction

TjsPets ("we," "our," "us") is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This Privacy Policy explains how we collect, use, store, share, and safeguard your personal information when you visit TjsPets.co.uk or make a purchase from our store.

2. Who We Are  Data Controller & Processor

TjsPets acts as the Data Controller for your personal data:

•       Store Name: TjsPets

•       Website: TjsPets.co.uk

•       Email: contact@TjsPets.co.uk

•       Telephone: +44 7415 742035

•       Address: 308 Stanningley Rd, Bramley, Leeds LS13 3EG, United Kingdom

 

Shopify Inc. (our e-commerce platform) acts as a Data Processor on our behalf  not as a Data Controller. Shopify processes your data only in accordance with our documented instructions and is bound by a formal Data Processing Agreement (DPA) that complies with UK GDPR and EU GDPR, including Standard Contractual Clauses (SCCs) for international data transfers.

3. What Personal Data We Collect

•       Identity Data: Full name, title.

•       Contact Data: Billing address, shipping address, email address, telephone number.

•       Transaction Data: Order details, payment confirmation (we do NOT store full card details), purchase history.

•       Technical Data: IP address (automatically anonymised in GA4  full IP addresses are not stored), browser type, device information, and browsing behaviour via cookies (subject to your consent).

•       Communication Data: Any correspondence via email or phone.

•       Marketing Data: Email address and marketing preferences, where you have explicitly opted in.

4. How We Collect Your Data

•       Direct Interactions: When you place an order, create an account, contact us, or subscribe to marketing.

•       Automated Technologies: Cookies and tracking technologies, subject to your consent (see Cookie Policy).

•       Third Parties: Payment processors and shipping carriers, to the extent necessary to fulfil your order.

5. How We Use Your Data & Legal Basis

 

Purpose of Processing	Lawful Basis
Process and deliver your order (payment, handling, shipping)	Performance of a contract
Manage our relationship (enquiries, returns, refunds)	Performance of a contract; Legal obligation
Notify you about changes to our terms or policies	Legal obligation
Improve our website and customer experience	Legitimate interests
Comply with UK/EU tax, VAT, and customs laws (retain order data 6 years)	Legal obligation
Send marketing communications (opt-in only)	Your explicit consent
Analyse website traffic via analytics tools	Your consent (PECR) or Legitimate interests
Fraud prevention and payment security	Legitimate interests; Legal obligation

 

6. Marketing Communications

We only send marketing emails if you have explicitly opted in. You may withdraw consent at any time by clicking 'Unsubscribe' in any email or by contacting contact@TjsPets.co.uk. Withdrawal will be actioned within 48 hours. Marketing data is retained until you withdraw or after two years of inactivity, whichever comes first.

7. Data Sharing & Third Parties

We never sell your personal data. We share data strictly to fulfil your order and operate our business:

•       Shipping Carriers: Royal Mail (Economy) and DPD (Standard)  receive your name, address, and contact details only.

•       Payment Processors: Stripe, PayPal, Shopify Payments PCI DSS compliant. We do not store full card details.

•       Shopify Inc. (Data Processor): Our e-commerce and hosting platform, bound by a formal DPA.

•       Analytics & Marketing Partners: Google Analytics 4, Facebook Pixel subject to your cookie consent. See Cookie Policy.

•       Legal Compliance: UK/EU regulatory authorities if required by law or court order.

All third-party providers are contractually obligated to protect your data and may only process it under our written instructions.

8. International Data Transfers

Your data is primarily stored within the UK and EEA. Where providers are located outside these regions (e.g., Shopify in Canada/USA, Google in the USA), we ensure compliance through:

•       EU Standard Contractual Clauses (SCCs) approved by the European Commission.

•       UK International Data Transfer Agreement (IDTA) approved by the UK Secretary of State.

•       Adequacy decisions by the UK or EU, where applicable.

9. Data Security

•       256-bit SSL/TLS encryption for all data transmissions.

•       PCI DSS Level 1 compliant payment processing via Shopify Payments.

•       Tokenisation of payment card details  we never store full card numbers.

•       Access controls and authentication for our internal systems.

 

⚠️  Data Breach Notification: In the event of a personal data breach likely to risk your rights and freedoms, we will notify the UK ICO within 72 hours (UK GDPR Article 33) and notify you directly without undue delay if the risk is high (UK GDPR Article 34). We will take immediate steps to contain and remediate any breach.

10. Data Retention

•       Order Data: 6 years from transaction date (required by HMRC/UK tax law).

•       Marketing Data: Until you withdraw consent or after 2 years of inactivity.

•       Account Data: Duration of account plus 2 years after closure.

•       Correspondence: 3 years unless there is an ongoing legal matter.

11. Your Legal Rights (UK GDPR & EU GDPR)

•       Right to Access (Art. 15): Request a copy of your personal data.

•       Right to Rectification (Art. 16): Request correction of inaccurate data.

•       Right to Erasure  'Right to be Forgotten' (Art. 17): Request deletion where there is no compelling reason for continued processing.

•       Right to Restrict Processing (Art. 18): Request suspension of processing in certain circumstances.

•       Right to Data Portability (Art. 20): Request your data in a machine-readable format.

•       Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.

•       Right to Withdraw Consent (Art. 7): Withdraw at any time  withdrawal does not affect lawfulness of prior processing.

•       Rights re Automated Decisions (Art. 22): Right not to be subject to solely automated decisions that significantly affect you.

 

To exercise any right: email contact@TjsPets.co.uk. We respond within 30 calendar days (extendable by 2 months for complex requests, with notice to you). No charge, unless requests are manifestly unfounded or excessive.

12. Cookies

Our website uses cookies in compliance with PECR and UK/EU GDPR. We obtain your explicit consent before placing non-essential cookies. You can manage preferences via our cookie consent banner at any time. See our Cookie Policy for full details.

13. Children's Privacy

Our website is not intended for anyone under 16. We do not knowingly collect personal data from children. If you believe your child under 16 has provided us with data, contact contact@TjsPets.co.uk immediately and we will delete it without undue delay.

14. Changes to This Policy

We may update this policy to reflect changes in our practices or legal obligations. We will notify you of material changes via website notice before they take effect. The 'Last Updated' date shows when the latest revisions were made.

15. Complaints

•       UK: Information Commissioner's Office (ICO)  ico.org.uk | 0303 123 1113

•       EU: Your local Data Protection Authority.

We encourage you to contact us first at contact@TjsPets.co.uk so we can resolve your concern promptly.

16. Contact Us

•       Email: contact@TjsPets.co.uk

•       Phone: +44 7415 742035

•       Post: 308 Stanningley Rd, Bramley, Leeds LS13 3EG, United Kingdom