This sets out how we (Nothing But Tea Ltd) comply with the GDPR, PECR, and the DPA.

We have never and would never sell or share your data to third parties

Cookies

Our shop needs cookies to run. Cookies put items in the shopping cart and allow you to log in, check out and buy things. You can choose to block the cookies but our site won’t work properly if you do. If you don’t like cookies but still want to buy tea you can call us or send us orders through the post.

Data Storage

When you use our site our system logs the time, date the IP address and sometimes the operating system.

If you place an order our system will store your email, your name and your address in our database.

We only use this information in the process of fulfilling the order (contract).

We only add you to our email list if you tick the box to be added to our email or fill in the form for the newsletter. Our newsletter is managed by Mailchimp who are GDPR compliant. You can unsubscribe at time by clicking the button at the bottom of every email.

We never sell your data to third parties.

We may share your data in order to fulfill your order with one or more of the following:

Royal Mail - Most of our orders are dispatched via Royal Mail. We pass your name and address to them so they can deliver your order. They are GDPR compliant.

DHL - large and wholesale orders are dispatched by DHL. We pass your name and address to them so they can deliver your order. They are GDPR compliant.

Reviews.co.uk - They automatically collect reviews for us. We share name, email and order number in order that reviews can be verified. They are GDPR compliant.

Parcels2Go - If your order is for outside the UK we may use parcels2go to find the best way of getting it to you. We share name and address with them in order to dispatch your order.

Your Payment Details

If paying through the site you can pay through Paypal or Worldpay. The only payment based details we hold are the amounts paid and the method used. We do not have access to your card or bank details. Worldpay and Paypal are GDPR compliant.

Emails

We send out emails in the process of completing your order. One to confirm the order has been placed, and one when we dispatch it.

We do have an email newsletter which is send through Mailchimp. At the moment these go out once or twice a month. They contain discount codes, special offers details about new teas and accessories, tea industry news and tea information.

Mailchimp does track the opens, and the links clicked. We do look at the headline figure for this, but we don’t have time to look at individuals. If you haven’t opened an email in a while we will assume you no longer want to hear from us and will remove you from our list. You can remove yourself at any time using the unsubscribe button.They are GDPR compliant but are outside the EU and part of the US privacy shield.

Your Data

If you have an account in our shop, you can now access your data. If you click on the my personal data section you can download all the data you have provided to our site.

We do not collect any kind of sensitive data about you.

Data Security

We have measures in place to protect your data, from being lost, stolen or accessed without authorization. We also have procedures in place to deal with any suspected breach.

Your Right To Be Forgotten

If you email us at quinnan@nbtea.co.uk we will delete all the information we hold on you, and remove you from mailchimp.

This does not include worldpay or paypal who you will have to contact directly. We cannot delete you purchase history and must hold that for seven years for tax purposes.