Privacy Policy

Privacy Policy

Last Updated: June 2026

At thetihut (“we”, “our”, “us”), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website (www.thetihut.com) or use our services. Please read this policy carefully to understand how we handle your data and what rights you have.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I. What Personal Information We Collect

When you use our website, we may collect the following categories of personal information:

• Information you provide voluntarily:

  • Name, email address, phone number;

  • Delivery address and billing address;

  • Payment information (processed through secure payment processors; we do not store your full card details);

  • Information you provide when contacting us via contact forms, customer service emails, or social media;

  • Login credentials (username and password) when you create an account;

  • Product reviews or feedback you leave.

• Information collected automatically:

  • IP address, browser type and version, operating system;

  • Date and time of your visit, pages viewed, time spent, and click behaviour;

  • Device information (e.g., device model, screen resolution);

  • Referral website or search engine keywords.

• Information from third parties:

  • If you pay via third-party payment methods such as PayPal or Apple Pay, we may receive certain account information (e.g., name, email) from these platforms, solely for the purpose of completing the transaction.

II. How We Use Your Personal Information

We use your personal information for the following purposes:

• Processing your orders, completing payments, arranging delivery, and providing after-sales service;

• Managing your account and order history;

• Sending order confirmations, dispatch notifications, and tracking information via email or SMS;

• Responding to your enquiries, complaints, or return/exchange requests;

• Sending marketing communications (only where you have explicitly consented; you may unsubscribe at any time);

• Analysing and improving our website performance, user experience, and product recommendations;

• Preventing fraud, ensuring transaction security, and fulfilling legal obligations.

III. Our Lawful Bases for Processing Your Personal Information

Under the UK GDPR, we process your personal information on the following lawful bases:

IV. How We Share Your Personal Information

We do not sell your personal information to third parties. However, we may share your information with the following categories of third parties where necessary:

• Logistics carriers (e.g., Royal Mail, DHL, etc.): for delivering your orders;

• Payment service providers (e.g., Stripe, PayPal, etc.): for secure payment processing;

• IT service providers (e.g., web hosting, cloud storage, email service providers): for website operations and technical support;

• Analytics tool providers (e.g., Google Analytics): for analysing website traffic and user behaviour;

• Legal and regulatory authorities: when required by law or to protect our legal rights.

All third-party service providers are bound by strict confidentiality obligations and may only process your data within the scope authorised by us.

V. International Data Transfers

As we offer worldwide delivery, your personal information may be transferred to countries or regions outside the UK (for example, when you place an order from overseas, your order information needs to be transmitted to logistics carriers in the destination country). In such cases, we ensure that appropriate safeguards (such as standard contractual clauses) are in place to guarantee that your data receives a level of protection equivalent to that in the UK.

VI. Data Storage and Retention Periods

We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, alteration, or disclosure.

Your personal information will be retained only for as long as necessary to fulfil the purposes outlined in this policy, as detailed below:

• Order data: retained for 6 years (to comply with tax and accounting legal requirements);

• Account information: retained until you actively delete your account or 2 years after account deactivation;

• Marketing preference data: retained until you withdraw your consent or unsubscribe;

• Customer service communication records: retained for 3 years;

• Website access logs and analytics data: retained for 26 months (Google Analytics default retention period).

After the retention period expires, we will securely delete or anonymise your data.

VII. Your Data Subject Rights

Under the UK GDPR, you have the following rights:

1. Right to be informed: the right to know how we collect and use your personal information.

2. Right of access: the right to request a copy of the personal information we hold about you.

3. Right to rectification: the right to request correction of inaccurate or incomplete personal information.

4. Right to erasure (“right to be forgotten”): the right to request deletion of your personal information in certain circumstances.

5. Right to restriction of processing: the right to request restriction of processing of your personal information in certain circumstances.

6. Right to data portability: the right to receive the personal information you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

7. Right to object: the right to object, on grounds relating to your particular situation, to processing based on legitimate interests.

8. Right to withdraw consent: where we process your data based on your consent, you have the right to withdraw your consent at any time.

9. Right to lodge a complaint: the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

To exercise any of the above rights, please contact us using the details below. We will respond to your request within 30 days.

VIII. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as tracking pixels, device fingerprinting) to enhance your browsing experience, analyse website traffic, and deliver personalised content.

• Strictly necessary cookies: essential for basic website functions (e.g., shopping cart, checkout) – do not require consent.

• Analytics/performance cookies: used to collect anonymous visit data to help us improve our website.

• Functional cookies: used to remember your preferences (e.g., language, region).

• Marketing/advertising cookies: used to display relevant product recommendations or advertisements to you.

When you first visit our website, we will seek your consent via a cookie banner. You may manage or withdraw your consent at any time through your browser settings or our website’s cookie preference centre.

For detailed information on cookies, please refer to our separate Cookie Policy.

IX. Children‘s Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected children’s information, we will delete it immediately.

X. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business practices. Any material changes will be posted on our website with a new “Last Updated” date. We encourage you to review this policy periodically.

XI. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or wish to make a complaint, please contact us at:

📧 Email: customer@thetihut.com

We will acknowledge receipt of your request within 24 hours (business days) and provide a formal response within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner‘s Office (ICO):
🌐 www.ico.org.uk