Privacy policy
This policy explains how Darling Twigs Ltd collects, uses, stores and protects your personal information when you visit darlingtwigs.com, place an order, sign up to our emails, or otherwise interact with us. We've tried to write it in plain language. If anything is unclear, please get in touch using the contact details at the end of this document.
By using our website, you confirm that you have read and understood this policy. If you do not agree with how we handle your information, please do not use the site.
Who we are
Darling Twigs Ltd is a small British apparel brand registered in England and Wales. For the purposes of UK and EU data protection law, the data controller is:
Darling Twigs Ltd
Company number: 17208578
Registered office: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA
Email: hello@darlingtwigs.com
ICO registration number: [to be inserted once registered]
Darling Twigs Ltd is registered with the UK Information Commissioner's Office (ICO) under the Data Protection (Charges and Information) Regulations 2018.
Which laws apply
This policy is written to comply with:
• The UK GDPR — the United Kingdom General Data Protection Regulation, the UK's domestic version of the GDPR, retained and amended after Brexit.
• The Data Protection Act 2018 — which sits alongside the UK GDPR and sets out additional UK-specific rules.
• The Privacy and Electronic Communications Regulations (PECR) — which govern marketing communications, cookies and similar technologies.
• The EU GDPR — which applies where we offer goods or services to individuals located in the European Economic Area (EEA).
Where you are located outside the UK or EEA, we still apply UK GDPR standards as the baseline for protecting your information. Some additional rights may also apply to you under your local law (for example, the California Consumer Privacy Act for California residents); these are addressed in the "Your rights" section below.
Information we collect
Depending on how you interact with us, we may collect the following categories of personal information:
Information you give us directly
• Contact details: name, billing address, shipping address, email address and (optionally) telephone number.
• Order information: items purchased, order history, returns and exchanges, sizing and product preferences.
• Account information (if you create one): username, password and any preferences you save.
• Communications: any information you include when you email us, contact us through the website, leave a review, or message us on social media.
• Marketing preferences: whether you have opted in to email or other marketing.
Information collected automatically
• Device and connection data: IP address, browser type, operating system, device identifiers and approximate location derived from your IP address.
• Usage data: pages viewed, time spent on the site, items added to cart or wishlist, referral source, and similar interaction data, collected through cookies and similar technologies.
Information we do not collect
We do not store your full payment card details. When you make a purchase, your card information is collected directly by our payment processors (such as Shopify Payments or other PCI-compliant providers) and is not retained on our systems beyond the limited transaction details we need (such as the last four digits of the card and the transaction reference).
How and why we use your information
Under UK GDPR we must have a lawful basis for using your personal information. The purposes and lawful bases we rely on are set out below.
To fulfil your order and provide our services
This includes processing payments, arranging printing and delivery of items, communicating with you about your order, handling returns and exchanges, and providing customer support.
Lawful basis: performance of a contract.
To run and improve our website
This includes site administration, fraud prevention, security monitoring, fixing technical issues, and analysing how customers use the site so we can improve it.
Lawful basis: legitimate interests (running and protecting our business), and where required, your consent (for non-essential cookies).
To send you marketing communications
If you have signed up to our newsletter or otherwise opted in, we will send you occasional emails about new collections, restocks, seasonal launches and behind-the-scenes content. You can unsubscribe at any time using the link in any email, or by emailing us. We will not pass your details to other companies for their marketing.
Lawful basis: your consent. For existing customers, we may also rely on the "soft opt-in" under PECR for similar products, which you can opt out of at any time.
To comply with legal and regulatory obligations
This includes keeping records for tax and accounting purposes, responding to lawful requests from regulators or law enforcement, and meeting consumer protection requirements.
Lawful basis: legal obligation.
To protect our business and other people
This includes preventing fraud, enforcing our terms, defending legal claims, and protecting the safety and rights of our customers and ourselves.
Lawful basis: legitimate interests.
Who we share your information with
We do not sell your personal information. We share it only with trusted third parties who help us run our business, and only to the extent necessary. These fall into the following categories:
• E-commerce platform: Shopify hosts our website and processes transaction data on our behalf.
• Payment processors: to take payment securely and prevent fraud.
• Print and fulfilment partners: who print and post items to you. Because we use a print-on-demand model, items are typically printed and shipped from a facility in or near the country where you are located, which means your delivery address is shared with the relevant local fulfilment partner.
• Shipping and delivery providers: to deliver your order.
• Email marketing platforms: to send our newsletters and order-related emails (only if you have signed up).
• Analytics and advertising providers: such as Google Analytics, to understand how the site is used and (where applicable) to show relevant advertising.
• Review and customer-experience tools: to gather product reviews and improve our service.
• Professional advisors: such as accountants, insurers and legal advisors, where necessary.
• Authorities and regulators: where we are required by law to disclose information, or where it is necessary to protect our rights or the rights of others.
We may add or change service providers from time to time as our business grows. The categories above are intended to remain accurate, and we keep an internal record of the specific providers in use at any given time. If you would like to know which specific providers are processing your data, you can ask us at any time using the contact details below.
All of our service providers are required by contract to keep your information secure and to use it only for the purposes we have authorised.
International transfers of your information
Darling Twigs Ltd is based in the United Kingdom. Some of our service providers (and their own infrastructure) may be located outside the UK or EEA — for example in the United States, the European Union, or other countries where our printing, hosting or analytics partners operate.
Where personal information is transferred outside the UK, we rely on one of the following safeguards required by UK GDPR:
• Adequacy regulations: where the UK government has determined that the destination country provides an adequate level of data protection (for example, the EEA, and the US for organisations certified under the UK Extension to the EU–US Data Privacy Framework).
• The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, where we contract with providers in countries that do not have adequacy regulations.
• Other appropriate safeguards or specific exceptions permitted under Articles 46 and 49 of the UK GDPR.
If you would like more information about a specific transfer or the safeguards in place, please contact us.
How long we keep your information
We keep personal information only for as long as we need it for the purposes set out in this policy. The main retention periods we apply are:
• Order and transaction records: for at least 6 years after the end of the relevant accounting period, to comply with UK company and tax law.
• Customer accounts: for as long as your account remains active. If you do not log in or place an order for 3 years, we may close your account and delete or anonymise the associated data.
• Marketing data: until you unsubscribe or ask us to stop. After you unsubscribe, we keep a minimal record of your suppression to ensure we do not accidentally contact you again.
• Customer service correspondence: for up to 3 years after the matter is resolved.
• Website analytics: according to the retention settings of the analytics tool in use, typically up to 26 months in aggregated form.
After the relevant retention period, we will securely delete or anonymise your information.
How we protect your information
We take security seriously and rely on a combination of measures provided by Shopify and our other service providers, including encryption in transit (HTTPS), access controls, secure payment processing through PCI-compliant providers, and ongoing monitoring.
No system is completely secure, and we cannot guarantee absolute security of information transmitted over the internet. We recommend you use a strong, unique password for any account you create with us and that you avoid sending sensitive information through unsecured channels.
Cookies and similar technologies
Our website uses cookies and similar technologies to make the site work, to remember your preferences, to understand how the site is used, and (where you have agreed) to support marketing.
When you first visit the site, you will be shown a cookie banner. You can accept or reject non-essential cookies, and you can change your preferences at any time through the cookie settings on the site.
Strictly necessary cookies (such as those that keep your shopping cart working) do not require consent under PECR. All other cookies — including analytics and marketing cookies — are only set after you have given consent.
Your rights
Under UK GDPR you have a number of rights in relation to your personal information. These include:
• The right to be informed about how we use your information (this policy).
• The right of access — to receive a copy of the personal information we hold about you.
• The right to rectification — to ask us to correct information that is inaccurate or incomplete.
• The right to erasure ("the right to be forgotten") — to ask us to delete your information in certain circumstances.
• The right to restrict processing — to ask us to limit how we use your information in certain circumstances.
• The right to data portability — to receive your information in a structured, commonly used format, or to ask us to send it to another provider.
• The right to object to processing based on legitimate interests, and an absolute right to object to direct marketing.
• The right to withdraw consent at any time where we rely on consent (for example, marketing emails). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
• Rights in relation to automated decision-making and profiling — though we do not currently use these in any way that produces legal or similarly significant effects.
If you are in the EEA, you have equivalent rights under the EU GDPR. If you are in California or another jurisdiction with its own privacy laws, you may have additional or equivalent rights — please contact us if you would like to exercise them.
To exercise any of these rights, please email hello@darlingtwigs.com. We will respond within one month, although in complex cases we may extend this by up to two further months and will let you know if we need to do so. There is no charge for most requests, but we may charge a reasonable fee or refuse to act on requests that are clearly unfounded or excessive.
We may need to verify your identity before responding to your request, to make sure we don't disclose your information to someone else.
Managing marketing communications
If you no longer wish to receive marketing emails from us, you can:
• Click the "unsubscribe" link at the bottom of any marketing email we send.
• Email us at hello@darlingtwigs.com.
We will stop sending marketing communications as soon as reasonably possible. We may still need to send you non-marketing messages relating to your orders, your account, or any other contractual matters.
Children
Our website and products are not directed at children, and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with their information, please contact us and we will delete it.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices, our service providers, or the law. The date at the top of the document shows when it was last updated. For significant changes, we will draw the update to your attention — for example, by a notice on the site or by email if you are subscribed.
Complaints and contact
If you have any questions about this policy or how we handle your information, please contact us first:
Email: hello@darlingtwigs.com
Post: Darling Twigs Ltd, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
If you are based in the EEA, you may also lodge a complaint with the data protection authority in your country of residence.
Darling Twigs Ltd — registered in England and Wales, company number 17208578. Paying attention to the small things.
Last updated: 12 May 2026