The very short version: we use your address to post your orders, your email to confirm orders, and a small set of essential cookies to make the site work. With your consent, we also use analytics and advertising cookies to understand and improve our small shop over time. You can change your choice at any time. We don't sell or rent your data.
i. Overview
Tiny Patio LTD is fully compliant with the UK GDPR and the Data Protection Act. We act as the data controller for any personal information you provide through our store.
This policy explains what we collect, why, how long we keep it, and what rights you have. If you'd rather just talk to a human about your data, email privacy@tinypatio.com.
ii. Data we collect
When you place an order
- Name & shipping address: to post your order
- Email: to send order confirmation & tracking
- Phone (optional): only if you provide it, used by the carrier on delivery day
- Order history: what you bought and when
Your payment card details are never seen by us. They go directly to our secure payment processor (Shopify Payments or PayPal), who handle the transaction and pass us only a confirmation.
When you create an account
- Your name, email, and (encrypted) password
- Saved addresses, order history
- Newsletter preference
When you browse
Strictly-necessary cookies always. Then, only if you say yes on the cookie banner, analytics and advertising cookies. These analytics cookies show us what people find useful and what isn't working, so we can improve the shop over time. The advertising ones let us understand whether our ads are reaching the right people, and may be used to show you our items on other websites. Say no and they never load. See section v.
iii. Why we use it
| Use | Legal basis |
|---|---|
| Posting your order, processing payment, customer support | Contract (Art. 6(1)(b) UK GDPR) |
| Sending order confirmations and shipping updates | Contract |
| Tiny Patio's occasional newsletter | Consent (Art. 6(1)(a)) |
| Fraud prevention & site security | Legitimate interest (Art. 6(1)(f)) |
| Tax records (HMRC requires 6 years) | Legal obligation (Art. 6(1)(c)) |
| Anonymous traffic analytics | Consent |
| Advertising & measuring our Facebook / Instagram ads (Meta Pixel & Conversions API) | Consent (Art. 6(1)(a)) |
v. Cookies
A cookie is a small text file stored by your browser. We use as few as possible.
| Cookie | Type | Purpose | Expires |
|---|---|---|---|
cart |
Essential | Stores your basket | Until you clear it |
_shopify_* |
Essential | Keeps the checkout working | Session / 30 days |
secure_customer_sig |
Essential | Keeps you signed in | 30 days |
_y / _shopify_y |
Analytics | Anonymous visitor counts | 1 year |
_fbp |
Marketing | Meta (Facebook / Instagram) ad measurement | 3 months |
_fbc |
Marketing | Remembers which ad you clicked - set only if you arrive from a Meta ad | 3 months |
The analytics and marketing cookies load only if you accept on the cookie banner. Decline and they are never set - nothing on the site breaks. You can change your mind at any time (see below).
vi. Cookie settings
You can change your cookie preferences through the consent banner shown on your first visit, or at any time afterwards using your browser's cookie controls. Essential cookies cannot be turned off - without them the site can't keep your basket or sign you in. Analytics and marketing cookies stay off until you opt in, and you can withdraw your consent just as easily as you gave it.
If you'd like us to delete any analytics or advertising data associated with your visit, email privacy@tinypatio.com.
vii. Retention
We keep your data only as long as needed for the purpose we collected it:
- Order & tax records: 6 years (HMRC requirement)
- Account data: until you close your account, then 30 days
- Newsletter subscription: until you unsubscribe
- Analytics: anonymous, kept by our processor for up to one year
- Advertising data (Meta): held by Meta under their own retention policy, typically up to two years; we keep no advertising identifiers ourselves
viii. Your rights
Under the UK GDPR, you have the right to:
- Access: ask for a copy of your data
- Rectification: correct anything inaccurate
- Erasure: ask us to delete your data ("right to be forgotten")
- Restriction: limit how we use it
- Portability: receive your data in a portable format
- Objection: object to certain uses, e.g. legitimate interest
- Withdraw consent: at any time, without affecting prior lawful use
To exercise any of these, email privacy@tinypatio.com. We'll respond within one month, usually much sooner.
ix. Contact & complaints
Privacy questions: privacy@tinypatio.com
You also have the right to complain to the UK Information Commissioner's Office if you're unhappy with how we've handled your data: ico.org.uk · 0303 123 1113
