Home Privacy & Cookies Policy

Privacy & Cookies Policy

What we collect, what we don't, and how to change your mind.

The very short version: we use your address to post your orders, your email to confirm orders, and a small set of essential cookies to make the site work. With your consent, we also use analytics and advertising cookies to understand and improve our small shop over time. You can change your choice at any time. We don't sell or rent your data.

i. Overview

Tiny Patio LTD is fully compliant with the UK GDPR and the Data Protection Act. We act as the data controller for any personal information you provide through our store.

This policy explains what we collect, why, how long we keep it, and what rights you have. If you'd rather just talk to a human about your data, email privacy@tinypatio.com.

ii. Data we collect

When you place an order

  • Name & shipping address: to post your order
  • Email: to send order confirmation & tracking
  • Phone (optional): only if you provide it, used by the carrier on delivery day
  • Order history: what you bought and when

Your payment card details are never seen by us. They go directly to our secure payment processor (Shopify Payments or PayPal), who handle the transaction and pass us only a confirmation.

When you create an account

  • Your name, email, and (encrypted) password
  • Saved addresses, order history
  • Newsletter preference

When you browse

Strictly-necessary cookies always. Then, only if you say yes on the cookie banner, analytics and advertising cookies. These analytics cookies show us what people find useful and what isn't working, so we can improve the shop over time. The advertising ones let us understand whether our ads are reaching the right people, and may be used to show you our items on other websites. Say no and they never load. See section v.

iii. Why we use it

Use Legal basis
Posting your order, processing payment, customer support Contract (Art. 6(1)(b) UK GDPR)
Sending order confirmations and shipping updates Contract
Tiny Patio's occasional newsletter Consent (Art. 6(1)(a))
Fraud prevention & site security Legitimate interest (Art. 6(1)(f))
Tax records (HMRC requires 6 years) Legal obligation (Art. 6(1)(c))
Anonymous traffic analytics Consent
Advertising & measuring our Facebook / Instagram ads (Meta Pixel & Conversions API) Consent (Art. 6(1)(a))

iv. Who we share with

The complete list of third-party processors who see your data:

Processor What they handle Location
Shopify International Ltd Store hosting, checkout Ireland · Canada
Stripe Payments UK Ltd Card payments UK · USA
PayPal (Europe) S.à r.l. PayPal payments Luxembourg
Apple Pay / Google Pay Wallet payments USA
Royal Mail Group UK shipping UK
Task Fulfilment LTD Order packaging, printing shipping labels, and logistics delivery. UK
Omnisend Transactional & newsletter email USA
Meta Platforms Ireland Ltd Ad measurement & targeting — only with your consent (Meta Pixel & Conversions API) Ireland · USA
Google Ireland Ltd Ad measurement, conversion tracking, and marketing analytics (Google Ads) — only with your consent. Ireland · USA
Pinterest Europe Ltd Conversion tracking and tailored advertising (Pinterest Ads) — only with your consent. Ireland · USA

We do not sell, rent, or trade your personal data, ever. Where data leaves the UK/EEA (e.g. to Stripe US or Meta), the transfer is protected by the UK International Data Transfer Addendum or equivalent standard contractual clauses.

v. Cookies

A cookie is a small text file stored by your browser. We use as few as possible.

Cookie Type Purpose Expires
cart Essential Stores your basket Until you clear it
_shopify_* Essential Keeps the checkout working Session / 30 days
secure_customer_sig Essential Keeps you signed in 30 days
_y / _shopify_y Analytics Anonymous visitor counts 1 year
_fbp Marketing Meta (Facebook / Instagram) ad measurement 3 months
_fbc Marketing Remembers which ad you clicked - set only if you arrive from a Meta ad 3 months

The analytics and marketing cookies load only if you accept on the cookie banner. Decline and they are never set - nothing on the site breaks. You can change your mind at any time (see below).

vi. Cookie settings

You can change your cookie preferences through the consent banner shown on your first visit, or at any time afterwards using your browser's cookie controls. Essential cookies cannot be turned off - without them the site can't keep your basket or sign you in. Analytics and marketing cookies stay off until you opt in, and you can withdraw your consent just as easily as you gave it.

If you'd like us to delete any analytics or advertising data associated with your visit, email privacy@tinypatio.com.

vii. Retention

We keep your data only as long as needed for the purpose we collected it:

  • Order & tax records: 6 years (HMRC requirement)
  • Account data: until you close your account, then 30 days
  • Newsletter subscription: until you unsubscribe
  • Analytics: anonymous, kept by our processor for up to one year
  • Advertising data (Meta): held by Meta under their own retention policy, typically up to two years; we keep no advertising identifiers ourselves

viii. Your rights

Under the UK GDPR, you have the right to:

  • Access: ask for a copy of your data
  • Rectification: correct anything inaccurate
  • Erasure: ask us to delete your data ("right to be forgotten")
  • Restriction: limit how we use it
  • Portability: receive your data in a portable format
  • Objection: object to certain uses, e.g. legitimate interest
  • Withdraw consent: at any time, without affecting prior lawful use

To exercise any of these, email privacy@tinypatio.com. We'll respond within one month, usually much sooner.

ix. Contact & complaints

Privacy questions: privacy@tinypatio.com

You also have the right to complain to the UK Information Commissioner's Office if you're unhappy with how we've handled your data: ico.org.uk · 0303 123 1113