Privacy Policy
At Thorzy, we are committed to protecting your personal data and respecting your privacy. This policy explains what information we collect, how we use it, and your rights under UK and EU data protection law.
Last updated: April 2025
Contents
1. Who We Are
Thorzy (“we”, “us”, “our”) is the data controller responsible for your personal data collected through this website (thorzy.com).
Registered address:
[YOUR REGISTERED ADDRESS]
Contact email: support@thorzy.com
We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we process the personal data of individuals in the European Union, we also comply with the EU General Data Protection Regulation (EU GDPR 2016/679).
2. What Data We Collect
We collect personal data in the following ways:
Information You Provide Directly
- Full name and delivery address
- Email address and phone number
- Order details and purchase history
- Messages and enquiries sent to our support team
- Account login credentials (if you create an account)
Information Collected Automatically
- IP address and approximate location
- Browser type, device type, and operating system
- Pages visited, time spent on site, and referral source
- Cookie identifiers and analytics data (see Section 9)
Payment Information
We do not store your payment card details on our servers. All payment transactions are processed securely by our third-party payment providers (Stripe and PayPal). Please refer to their respective privacy policies for information on how they handle your financial data.
3. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Processing and fulfilling your order | Name, address, email, order details | Contract performance |
| Sending order confirmations and dispatch notifications | Email address, order details | Contract performance |
| Handling returns, refunds, and customer support | Name, email, order history | Contract performance / Legal obligation |
| Improving our website and user experience | Analytics data, cookies | Legitimate interests |
| Sending marketing emails (with your consent) | Email address, purchase history | Consent |
| Complying with legal and tax obligations | Name, address, purchase records | Legal obligation |
| Preventing fraud and ensuring site security | IP address, device data | Legitimate interests |
4. Legal Basis for Processing
Under UK GDPR and EU GDPR, we rely on the following legal bases to process your personal data:
- Contract performance: Processing necessary to fulfil your order or respond to a pre-contractual request.
- Legal obligation: Processing required to comply with UK tax, consumer, and financial regulations.
- Legitimate interests: Processing for fraud prevention, site security, and analytics, where these interests are not overridden by your rights.
- Consent: Processing for marketing communications, where you have explicitly opted in. You may withdraw consent at any time.
5. Marketing & Email Communications
If you opt in to marketing communications at checkout or via our website, we may send you emails about new products, promotions, and updates relevant to Thorzy head torches.
- We use WooCommerce‘s built-in email functionality to manage and send marketing communications.
- You can unsubscribe at any time by clicking the unsubscribe link at the bottom of any marketing email, or by contacting us at support@thorzy.com.
- Unsubscribing from marketing emails will not affect transactional emails related to your orders.
6. Third Parties & Service Providers
We share your personal data only where necessary with trusted third parties who assist us in operating our business. All third parties are required to handle your data securely and in accordance with applicable data protection law.
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, billing address, payment data |
| PayPal | Payment processing | Name, email, billing address, payment data |
| Shipping carriers | Order fulfilment and delivery | Name, delivery address, phone number |
| Google Analytics | Website analytics and performance | Anonymised usage data, IP address (anonymised) |
| WooCommerce / WordPress | E-commerce platform and order management | Name, email, order history |
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
7. International Data Transfers
As Thorzy operates from China, some of your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including China. Where such transfers occur, we ensure appropriate safeguards are in place, which may include:
- Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission
- Transfers to countries with an adequacy decision from the UK or EU
- Other legally recognised transfer mechanisms under UK GDPR and EU GDPR
For more information about how we safeguard international data transfers, please contact us at support@thorzy.com.
8. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Order and transaction records | 7 years | UK tax and accounting obligations (HMRC) |
| Customer account data | Duration of account + 2 years after last activity | Contract performance and support |
| Marketing consent records | Until consent is withdrawn | Compliance with consent obligations |
| Support and enquiry correspondence | 3 years | Legitimate interests (dispute resolution) |
| Analytics data (Google Analytics) | 26 months (Google default) | Website performance analysis |
When data is no longer required, we will delete or anonymise it securely.
9. Cookies & Tracking
Our website uses cookies to improve your browsing experience and analyse site performance. A cookie is a small text file placed on your device when you visit our site.
Types of Cookies We Use
- Essential cookies: Required for the website and shopping cart to function. These cannot be disabled.
- Analytics cookies: We use Google Analytics to understand how visitors interact with our site. This data is anonymised and aggregated. You can opt out via Google’s opt-out tool.
- Functional cookies: Used to remember your preferences, such as items in your basket.
When you first visit our website, you will be asked to consent to non-essential cookies via our cookie banner. You can update your cookie preferences at any time. For full details, please see our Cookie Policy.
10. Your Rights
Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please email support@thorzy.com. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.
11. Children’s Privacy
Our website and products are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@thorzy.com and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
Continued use of our website after changes are posted constitutes your acceptance of the updated policy.
13. Contact & Complaints
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
- 📧 Email: support@thorzy.com
- ⏱ We aim to respond within 1–2 business days, and within 30 days for formal data rights requests.
UK residents: If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- 🌐 ico.org.uk/make-a-complaint
- 📞 0303 123 1113
You may also wish to review our Returns & Refund Policy or Cookie Policy for more information about how we operate.