Privacy Policy

 

Foreword

TUBBZ.com is committed to protecting your privacy. This Privacy Policy, together with our Terms and Conditions, explains what personal information we collect, how we use it, and why. TUBBZ.com complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and we will update this policy as required to reflect any changes in law or our practices.

About TUBBZ.com

TUBBZ.com is an e-commerce store specialising in the sale of TUBBZ Cosplaying Collectable Ducks.

We operate from two locations in the UK:

Distribution Warehouse
TUBBZ.com
Yellow Bulldog Ltd
Unit A, Viking Industrial Estate
Rolling Mill Road
Jarrow, Tyne and Wear
NE32 3DP

Head Office
TUBBZ.com
Attimore Barn, Ridgeway
Welwyn Garden City
Hertfordshire
AL7 2AD

The company is registered in England under company number 08509606.

General enquiries: help@tubbz.com

All data protection queries should be directed to our Data Protection Officer:
Deborah Challis
Email: deborah.challis@yellowbulldog.co.uk
Address: Head Office (above)

Who Do We Collect Information From?

We collect and process personal information from individuals who:

  • Make a purchase

  • Enter details into our checkout (even if the purchase is not completed)

  • Sign up to our newsletter

  • Create an account

  • Submit information via any of our forms

  • Leave a review about us or our products

If you consent to cookies, we also collect information about how you browse our website. Please see our Cookie Policy for more information.

Our Legal Basis for Processing

We only collect personal data where we have a lawful basis to do so and only for specific purposes.

Contract

When you make a purchase from our website, we collect and process personal information to fulfil that contract, including:

  • Processing payments

  • Delivering your order

  • Managing refunds and returns

Failure to provide required information (such as a delivery address) may prevent us from fulfilling our contractual obligations.

Consent

When you sign up to receive our newsletter or marketing communications, you provide your consent for us to contact you about products, offers, and updates that may be of interest to you.

We use a soft opt-in where permitted. You may withdraw your consent at any time by unsubscribing or contacting us.

Legitimate Interest

We may process personal data under the lawful basis of legitimate interest where it is necessary to operate and improve our business and where this does not override your rights and freedoms.

This includes contacting you about products or services you have shown an interest in, providing customer support, and improving our services.

Customer Analytics, Profiling and Persona Modelling

We may also process personal data under the lawful basis of legitimate interest to better understand how customers interact with our website, products, and marketing. This includes analysing:

  • Purchasing behaviour

  • Browsing activity

  • Engagement with communications

  • Aggregated demographic information

These activities allow us to create customer segments and personas, which help us to:

  • Improve our products and services

  • Develop more relevant marketing communications

  • Improve website performance and user experience

  • Better understand customer needs and preferences

Where possible, this processing uses pseudonymised and/or aggregated data and does not involve direct identification of individuals. We have carried out a balancing test to ensure this processing is proportionate, expected, and does not override your rights and freedoms. We regularly review these activities to ensure they remain appropriate.

Legal Obligation

If you make a data protection request or we are otherwise required to process personal data to comply with a legal obligation, we will do so in accordance with applicable law.

How Long Do We Keep Your Information?

We retain personal information only for as long as necessary for the purposes for which it was collected and to meet legal requirements.

Financial records are retained in line with HMRC requirements, currently six years plus the current financial year.

You may request deletion of your data at any time, subject to legal retention requirements. Once retention periods expire, data is securely deleted.

Sharing Your Information

We do not sell personal data.

We share personal data only where necessary to provide our services, including with:

  • Payment service providers

  • Delivery and fulfilment partners

  • Website hosting and marketing service providers

  • Law enforcement, fraud prevention, and regulatory bodies where required

Depending on your choices, we may also share data with:

  • Marketplace sellers

  • Alternative payment providers

We may also share pseudonymised and/or aggregated data with specialist analytics and insight partners who support us in understanding customer behaviour, trends, and preferences. These partners act strictly as data processors, may only process data on our instructions, and are contractually prohibited from identifying individuals or using the data for their own purposes.

All data sharing is carried out securely with appropriate safeguards in place.

Customer Analytics, Profiling and Insight

We use analytics tools and trusted third-party service providers to analyse how customers interact with our website, products, and communications.

This may include:

  • Purchase history and product preferences

  • Website browsing behaviour

  • Engagement with emails and marketing campaigns

  • Aggregated demographic information (such as country or age bands)

These insights help us tailor communications, improve our product offering, and enhance customer experience.

This processing:

  • Does not involve automated decision-making that produces legal or similarly significant effects

  • Uses pseudonymised data wherever possible

  • Does not involve the sale of personal data

You have the right to object to this processing at any time.

Protection of Your Data

Access to personal data is restricted to authorised TUBBZ.com staff only. We implement appropriate technical and organisational measures to protect personal data from loss, misuse, or unauthorised access.

International Transfers

We may transfer personal data outside the UK or EEA where necessary. Where this occurs, appropriate safeguards are in place.

Current transfers include:

  • United States (Klaviyo) – email communications and marketing

  • Canada (Shopify) – website hosting and order processing

These transfers rely on approved contractual safeguards.

Your Rights

You have the following rights under data protection law:

  • Right to rectification – correct inaccurate data

  • Right of access – request a copy of your data

  • Right to erasure – request deletion where applicable

  • Right to restrict processing

  • Right to object – including to processing based on legitimate interests such as analytics and profiling

  • Right to data portability

If you object to processing based on legitimate interests, we will stop unless we can demonstrate compelling grounds that override your rights and freedoms.

Automated Decision Making

We do not carry out automated decision-making that produces legal or similarly significant effects.

We use limited automated profiling to categorise customers (for example: Active, High Risk, or Loyal) based on purchase behaviour via our email service provider, Klaviyo. This only affects the type of communications you receive and is always subject to human review on request.

Security

TUBBZ.com is Level 1 PCI DSS compliant. While no internet transmission is 100% secure, we use appropriate security measures to protect your data once received. You are responsible for keeping any account passwords confidential.

Contact Details and Complaints

For questions or to exercise your rights, contact our Data Protection Officer:

Deborah Challis
Attimore Barn, Ridgeway
Welwyn Garden City, Hertfordshire
AL7 2AD
Email: deborah.challis@yellowbulldog.co.uk

If you are not satisfied, you may contact the UK Information Commissioner’s Office (ICO):